<div dir="ltr">Hello,<br>Now I understand what you meant.<br>But unfortunately, I can not get the Pre-digest value from signer, because I got the message from the service which is developed by other project and not well supported.<br>
But I run (I was wrong in the former mail, uri should be used for namespace):<br>xmlsec1 --verify --trusted-pem 1f0e8352.0 --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion --store-references assertion11.xml<br>
<br>I got the message, and I can not see anything wrong from the message (PreDigest data) in verification side. Can you see anything wrong?<br><br>Thanks a lot <br>Weizhong Qiang<br><br>*********************<br><br>xmlsec1 --verify --trusted-pem 1f0e8352.0 --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion --store-references assertion11.xml <br>
func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match<br>FAIL<br>SignedInfo References (ok/all): 0/1<br>Manifests References (ok/all): 0/0<br>= VERIFICATION CONTEXT<br>
== Status: invalid<br>== flags: 0x00000006<br>== flags2: 0x00000000<br>== Key Info Read Ctx:<br>= KEY INFO READ CONTEXT<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled key data: all<br>== RetrievalMethod level (cur/max): 0/1<br>
== TRANSFORMS CTX (status=0)<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: NULL<br>=== uri xpointer expr: NULL<br>== EncryptedKey level (cur/max): 0/1<br>=== KeyReq:<br>==== keyId: NULL<br>
==== keyType: 0x00000000<br>==== keyUsage: 0xffffffff<br>==== keyBitsSize: 0<br>=== list size: 0<br>== Key Info Write Ctx:<br>= KEY INFO WRITE CONTEXT<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled key data: all<br>
== RetrievalMethod level (cur/max): 0/1<br>== TRANSFORMS CTX (status=0)<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: NULL<br>=== uri xpointer expr: NULL<br>== EncryptedKey level (cur/max): 0/1<br>
=== KeyReq:<br>==== keyId: NULL<br>==== keyType: 0x00000001<br>==== keyUsage: 0xffffffff<br>==== keyBitsSize: 0<br>=== list size: 0<br>== Signature Transform Ctx:<br>== TRANSFORMS CTX (status=0)<br>== flags: 0x00000000<br>
== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: NULL<br>=== uri xpointer expr: NULL<br>=== Transform: exc-c14n (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: rsa-sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>== Signature Method:<br>=== Transform: rsa-sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
== SignedInfo References List:<br>=== list size: 1<br>= REFERENCE VERIFICATION CONTEXT<br>== Status: invalid<br>== URI: "#_80310c3e-3ee4-425f-aee0-226729374b95"<br>== Reference Transform Ctx:<br>== TRANSFORMS CTX (status=2)<br>
== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: <br>=== uri xpointer expr: #_80310c3e-3ee4-425f-aee0-226729374b95<br>=== Transform: xpointer (href=<a href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
=== Transform: enveloped-signature (href=<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>=== Transform: exc-c14n (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>=== Transform: sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>=== Transform: membuf-transform (href=NULL)<br>== Digest Method:<br>
=== Transform: sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>== PreDigest data - start buffer:<br><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_80310c3e-3ee4-425f-aee0-226729374b95" IssueInstant="2008-10-09T22:58:25.448Z" Version="2.0"><saml:Issuer>CN=Weizhong Qiang,OU=<a href="http://fys.uio.no">fys.uio.no</a>,O=NorduGrid,O=Grid</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=test,O=UiO,ST=Oslo,C=NO</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"><ds:X509Data><ds:X509Certificate>MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQQFADA3MQswCQYDVQQGEwJOTzENMAsGA1UECBME<br>
T3NsbzEMMAoGA1UEChMDVWlPMQswCQYDVQQDEwJDQTAeFw0wNzExMDYxNTE4NDlaFw0wODExMDUx<br>NTE4NDlaMDkxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQwwCgYDVQQKEwNVaU8xDTALBgNV<br>BAMTBHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUZpDYNYNuoqohEkP4w/MnGAiXV<br>
sZUSPuFChL2HT2sE7VQ2/RsFKRyAFXNaBIPcpoJF2uTv6Llc0G9F5v4G5ZyZiiexgl3HtnmiMcgW<br>ie/d5XfYf0o+2xhofdsgxb5d2DRFyUVxkKnBRYSSebR9wsdlwtlduSDxsN22CFITqL3FAgMBAAGj<br>gbwwgbkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm<br>
aWNhdGUwHQYDVR0OBBYEFGtX2cUVfSVs1xLKLwwscpNon2duMF8GA1UdIwRYMFaAFLg5jUhGbh+u<br>jBIx6kabFY+E5JrWoTukOTA3MQswCQYDVQQGEwJOTzENMAsGA1UECBMET3NsbzEMMAoGA1UEChMD<br>VWlPMQswCQYDVQQDEwJDQYIBADANBgkqhkiG9w0BAQQFAAOBgQAIrqV+I9YbXvpsRvwJLOFIVIuX<br>
Cy8l5RjfSrd4UG3oX3c0nmr5oe93XomAJ525ULOGSh5w8kmfGA96yUi2LRmdM9ZQyyVWLDagU0dt<br>mdcJm2CedeRxI+ShtIE3PRc/OTEjz/dvY6gD/jiHDUr/IcooHMSApIuDZXWvSNWSql0Swg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2008-10-09T22:58:25.448Z" NotOnOrAfter="2008-10-10T09:58:25.448Z"></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="Degree" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="xs:string">PhD</saml:AttributeValue></saml:Attribute><saml:Attribute Name="<a href="http://voms.forge.cnaf.infn.it/group">http://voms.forge.cnaf.infn.it/group</a>" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="xs:string">/knowarc</saml:AttributeValue><saml:AttributeValue xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="xs:string">/knowarc/UiO</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion><br>
== PreDigest data - end buffer<br>== Manifest References List:<br>=== list size: 0<br>Error: failed to verify file "assertion11.xml"<br><br></div>