Hi Aleksey,<br><br>This URl is again based on the new widget spec 1.1,<br>when i try to verify using this method i get error as:<br><br> xmlsec1 --verify --trusted-pem Root.pem signature.xml <br>error : Unknown IO error<br>
func=xmlSecTransformNodeRead:file=transforms.c:line=1511:obj=unknown:subj=xmlSecTransformIdListFindByHref:error=1:xmlsec library function failed:href=<a href="http://www.w3.org/2000/09/xmldsig#sha256">http://www.w3.org/2000/09/xmldsig#sha256</a><br>
func=xmlSecTransformCtxNodeRead:file=transforms.c:line=666:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec library function failed:name=DigestMethod<br>func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1505:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec library function failed:node=DigestMethod<br>
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=817:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference<br>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=560:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: <br>
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: <br>Error: signature failed <br>ERROR<br>SignedInfo References (ok/all): 0/1<br>Manifests References (ok/all): 0/0<br>
Error: failed to verify file &quot;signature.xml&quot;<br><br>Regards,<br>Ashish<br><br><div class="gmail_quote">On Tue, Jun 2, 2009 at 9:43 PM, Aleksey Sanin <span dir="ltr">&lt;<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">xmlsec support SHA256, your URL is incorrect:<br>
<br>
<a href="http://www.aleksey.com/pipermail/xmlsec/2005/007037.html" target="_blank">http://www.aleksey.com/pipermail/xmlsec/2005/007037.html</a><br>
<br>
Aleksey<br>
<br>
Ashish Agrawal wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
ok , thanks for pointing.<br>
<br>
also i need to provide support for the digest method as : <a href="http://www.w3.org/200009/xmldsig#sha256" target="_blank">http://www.w3.org/200009/xmldsig#sha256</a> &lt;<a href="http://www.w3.org/2000/09/xmldsig#sha256" target="_blank">http://www.w3.org/2000/09/xmldsig#sha256</a>&gt;<div class="im">
<br>
<br>
for supporting this do i need to modify xmlsec ?<br>
<br>
Regards,<br>
Ashish<br>
<br></div><div class="im">
On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin &lt;<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt; wrote:<br>

<br>
    Look at LibXML2 library, file c14n.c<br>
<br>
    Aleksey<br>
<br>
    Ashish Agrawal wrote:<br>
<br>
        Hi Aleksey,<br>
<br>
        I would like to work on providing the latest canonical support,<br>
        can u give me some pointers on the areas in the code where i<br>
        need to foucs for the changes.<br>
<br>
        Regards,<br>
        Ashish<br>
<br>
        On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin<br>
        &lt;<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br></div><div><div></div><div class="h5">

        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;&gt; wrote:<br>
<br>
           Sure, I see your point. Well, I haven&#39;t seen a lot of interest<br>
           in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.<br>
           If you need C14N 1.1, then I am sure that Daniel will be happy<br>
           to apply your patches to the main tree.<br>
<br>
           Aleksey<br>
<br>
<br>
           Ashish Agrawal wrote:<br>
<br>
               Hi Aleksey,<br>
<br>
               Thanks for prompt reply.<br>
<br>
               The basis of my argument is the newer Widgets DSig specifies<br>
               certain fixed values for Canonicalizationmethod &amp; Digest<br>
        Method.<br>
<br>
               Eg:<br>
               &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;<br>
               &lt;Signature xmlns=&quot;<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>&quot;&gt;<br>
                   &lt;SignedInfo&gt;<br>
                       &lt;CanonicalizationMethod<br>
                                  Algorithm=&quot;<a href="http://www.w3.org/2006/12/xml-c14n11" target="_blank">http://www.w3.org/2006/12/xml-c14n11</a>&quot;/&gt;<br>
                       &lt;SignatureMethod<br>
                                        Algorithm=&quot;<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>&quot; /&gt;<br>
                       &lt;Reference URI=&quot;config.xml&quot;&gt;<br>
                           &lt;DigestMethod<br>
               Algorithm=&quot;<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank">http://www.w3.org/2001/04/xmlenc#sha256</a>&quot;/&gt;<br>
                           &lt;DigestValue&gt;j6...8nk=&lt;/DigestValue&gt;<br>
                     &lt;/Reference&gt;<br>
                      &lt;Reference URI=&quot;index.html&quot;&gt;<br>
                           &lt;DigestMethod<br>
               Algorithm=&quot;<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank">http://www.w3.org/2001/04/xmlenc#sha256</a>&quot;/&gt;<br>
                           &lt;DigestValue&gt;lm...34=&lt;/DigestValue&gt;<br>
                    &lt;/Reference&gt;<br>
                     &lt;Reference URI=&quot;icon.png&quot;&gt;<br>
                           &lt;DigestMethod<br>
               Algorithm=&quot;<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank">http://www.w3.org/2001/04/xmlenc#sha256</a>&quot;/&gt;<br>
                           &lt;DigestValue&gt;pq...56=&lt;/DigestValue&gt;<br>
                     &lt;/Reference&gt;<br>
                  &lt;/SignedInfo&gt;<br>
                  &lt;SignatureValue&gt;MC0E~LE=&lt;/SignatureValue&gt;<br>
                 &lt;KeyInfo&gt;<br>
                    &lt;X509Data&gt;<br>
                         &lt;X509Certificate&gt;MI...lVN&lt;/X509Certificate&gt;<br>
                     &lt;/X509Data&gt;<br>
                  &lt;/KeyInfo&gt;<br>
               &lt;/Signature&gt;<br>
<br>
<br>
               So when i create a signature file with the abov mentioned<br>
               canonicalizaiton and Digest method, xmlsec fails.<br>
               Pls clarify.<br>
<br>
               Regards,<br>
               Ashish<br>
<br>
               On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin<br>
               &lt;<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;<br></div></div><div><div></div>
<div class="h5">
               &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;&gt;&gt; wrote:<br>
<br>
                  xmlsec implements XML DSig and the Widgets DSig is just<br>
                  a profile of XML DSig. Thus, I don&#39;t see why you claim<br>
                  that xmlsec doesn&#39;t support it.<br>
<br>
                  Aleksey<br>
<br>
                  Ashish Agrawal wrote:<br>
<br>
                      Hi Aleksey,<br>
<br>
                      I need to support<br>
                             *<a href="http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*" target="_blank">http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*</a><br>
                      and seems that current version of xmlsec doesn&#39;t<br>
        support<br>
               it, Is<br>
                      there any plan for it.<br>
<br>
                      Regards,<br>
                      Ashish<br>
<br>
                      On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin<br>
                      &lt;<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;<br>
               &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;&gt;<br>
                      &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt; &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;<br>
               &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> &lt;mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>&gt;&gt;&gt;&gt;&gt; wrote:<br>
<br>
                         <a href="https://www.aleksey.com/xmlsec/xmldsig.html" target="_blank">https://www.aleksey.com/xmlsec/xmldsig.html</a><br>
<br>
                         Aleksey<br>
<br>
                         Ashish Agrawal wrote:<br>
<br>
                             Hi Aleksey,<br>
<br>
                             i want to know which standards of<br>
        DigestMethod and<br>
                             Canonicalization Method is supported by xmlsec<br>
               currently.<br>
<br>
                             I ve a requirement where i ve the Digest<br>
        method as:<br>
                             <a href="http://www.w3.org/2000/09/xmldsig#sha256" target="_blank">http://www.w3.org/2000/09/xmldsig#sha256</a> and<br>
               Canonicalization<br>
                             methord as :<br>
        <a href="http://www.w3.org/2006/12/xml-c14n11" target="_blank">http://www.w3.org/2006/12/xml-c14n11</a>.<br>
                             Will this be supported ?<br>
<br>
                             ~Ashish<br>
<br>
<br>
                                                ------------------------------------------------------------------------<br>
<br>
                             _______________________________________________<br>
                             xmlsec mailing list<br>
                             <a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt; &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;<br>
               &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;&gt;<br>
                      &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt; &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;<br>
               &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;&gt;&gt;<br>
<br>
<br>
                             <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
<br>
<br>
                                   ------------------------------------------------------------------------<br>
<br>
                      _______________________________________________<br>
                      xmlsec mailing list<br>
                      <a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;<br>
               &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;<br>
        &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> &lt;mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>&gt;&gt;&gt;<br>
                      <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
<br>
<br>
<br>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
</div></div></blockquote>
</blockquote></div><br>