<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:0cm;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:36.0pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
        {mso-style-priority:34;
        mso-style-type:export-only;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:10.0pt;
        margin-left:36.0pt;
        mso-add-space:auto;
        line-height:115%;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
span.EstiloDeEmail17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.block
        {mso-style-name:block;}
span.hps
        {mso-style-name:hps;}
.MsoChpDefault
        {mso-style-type:export-only;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1386294699;
        mso-list-type:hybrid;
        mso-list-template-ids:934417926 68550673 68550681 68550683 68550671 68550681 68550683 68550671 68550681 68550683;}
@list l0:level1
        {mso-level-text:"%1\)";
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=PT-BR link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I have one doubt about verify one sign!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I need to understand the concept of how to verify a signature? What and which parts are involved! How does the validation process works.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>For sample, if I have this XML sign:<o:p></o:p></span></p><p class=MsoNormal><span class=MsoHyperlink><span lang=EN-US style='color:#990000;text-decoration:none'><!-- … --><o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>Signature</span><span lang=EN-US> </span><span lang=EN-US style='color:red'>xmlns</span><span lang=EN-US>="</span><b><span lang=EN-US style='color:red'>http://www.w3.org/2000/09/xmldsig#</span></b><span lang=EN-US>"></span></a><span lang=EN-US><br></span><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>SignedInfo</span><span lang=EN-US>></span></a><span lang=EN-US><<span style='color:#990000'>CanonicalizationMethod</span> <span style='color:#990000'>Algorithm</span>="<b><span style='color:black'>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</span></b>"/><<span style='color:#990000'>SignatureMethod</span> <span style='color:#990000'>Algorithm</span>="<b><span style='color:black'>http://www.w3.org/2000/09/xmldsig#rsa-sha1</span></b>"/></span><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>Reference</span><span lang=EN-US> </span><span lang=EN-US style='color:#990000'>URI</span><span lang=EN-US>="</span><b><span lang=EN-US style='color:black'>#4306039266561101315555099000006996000289563</span></b><span lang=EN-US>"></span></a><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>Transforms</span><span lang=EN-US>></span></a><span lang=EN-US><<span style='color:#990000'>Transform</span> <span style='color:#990000'>Algorithm</span>="<b><span style='color:black'>http://www.w3.org/2000/09/xmldsig#enveloped-signature</span></b>"/><<span style='color:#990000'>Transform</span> <span style='color:#990000'>Algorithm</span>="<b><span style='color:black'>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</span></b>"/><span class=block><span style='color:blue'></</span><span style='color:#990000'>Transforms</span><span style='color:blue'>></span></span><<span style='color:#990000'>DigestMethod</span> <span style='color:#990000'>Algorithm</span>="<b><span style='color:black'>http://www.w3.org/2000/09/xmldsig#sha1</span></b>"/><<span style='color:#990000'>DigestValue</span>>mMtctkqg9krbX4G+UAy2YSOq/IY=<span style='color:blue'></</span><span style='color:#990000'>DigestValue</span><span style='color:blue'>><span class=block></</span></span><span class=block><span style='color:#990000'>Reference</span><span style='color:blue'>></</span><span style='color:#990000'>SignedInfo</span><span style='color:blue'>></span></span><<span style='color:#990000'>SignatureValue</span>>I06m4f7PZ2fDfgg3ayq0JFyjvQftx4AmIb52R7b5ofo6vKVL35UUdjAD0TM31lmJawwep7JqYqBx7+5roBoQ3y5lX8xR8qZWNnVCGAAr6kdXJSF8NYuKM9E5lvPmJk9S+mSsowORgMboPvOuDL2WVGFEN2uU3kL/7eeE8YMDnbg=<span style='color:blue'></</span><span style='color:#990000'>SignatureValue</span><span style='color:blue'>></span></span><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>KeyInfo</span><span lang=EN-US>></span></a><a href="file:///C:\aws\xmlsec\my-s_sign.xml"><span lang=EN-US><</span><span lang=EN-US style='color:#990000'>X509Data</span><span lang=EN-US>></span></a><span lang=EN-US><<span style='color:#990000'>X509Certificate</span>>MIIFNTCCBB2gAwIBAgIQMjAwNTA5MjkxMjU5NTkwMjANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQlIxEzARBgNVBAoTCklDUC1CcmFzaWwxLDAqBgNVBAsTI1NlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFsIC0gU1JGMTUwMwYDVQQDEyxIT01BdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgZG8gU0VSUFJPIFNSRiB2MTAeFw0wNTA5MjkxODU2MTNaFw0wNjA5MjkxODU2MTNaMIHIMQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEqMCgGA1UECxMhU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwtU1JGMRUwEwYDVQQLEwxDT05UUklCVUlOVEUxFjAUBgNVBAsTDVNSRiBlLUNOUEogQTExSTBHBgNVBAMTQEFTU09DSUFDQU8gRE9TIE1PUkFET1JFUyBFIEFNSUdPUyBCIFBBUlFVRSBTIEogREU6MDAwNzIzOTYwMDAxODIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALltaH8iaZTQEnzyMWTtYAmt3ByWizHAgmimkGBzmCxL11GY4/Tj1tuAM/i8zZNAtqWIG6QHG61tE/CtiNKEwWI6D0FbSxY4mjPBmShv/eRs2v1vMa8Fmyo+19lqBtR859jR4zVo4591ij1udtgo4OXWL2EWJTBArBJEYBK6IYOhAgMBAAGjggHcMIIB2DAPBgNVHRMBAf8EBTADAQEAMCIGA1UdIwEBAAQYMBaAFMLPx9JzFJ+VPZDGpeEztGAmJ7rMMA4GA1UdDwEB/wQEAwIF4DBgBgNVHSABAQAEVjBUMFIGBmBMAQIBEDBIMEYGCCsGAQUFBwIBFjpodHRwOi8vY2NkLnNlcnByby5nb3YuYnIvc2VycHJvYWNmL2RvY3MvZHBjYWNzZXJwcm9hY2YucGRmMIHEBgNVHREBAQAEgbkwgbagPQYFYEwBAwSgNAQyMjIwNjE5NTMyMzY0NTc4NDY5MTEyMzQ2ODc4Njc4MTQ5ODUxNjI2MDU0ODk0c3NwQkGgKQYFYEwBAwKgIAQeamhkZmdlcmhmaGV0amVydGpraHJudGtqcmh5dWl1oBkGBWBMAQMDoBAEDjAwMDcyMzk2MDAwMTgyoBcGBWBMAQMHoA4EDDg3OTQ1NjU2NDg3NIEWd2lsbHJvY2hhMUBob3RtYWlsLmNvbTAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwRgYDVR0fAQEABDwwOjA4oDagNIYyaHR0cDovL2NjZGhvbS5zZXJwcm8uZ292LmJyL2xjci9ob21hY3NlcnByb3NyZi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAGuhtqYJ3/8ZtGqaEkH9RgiGwBGh06er9WhWu6SI1XCMpjPMdH+1B2VHrtVxg/L5KSRjeJGOcW5ALgbpe4at+p4iUq7eB5Et/VAGoR3RiZKQCZYLbg14itpdzAe8xDRP/LdClFISkOqaP3Gf1PHD9/FrDZ1wuu0qAAmpgrdz3aszDcHgpz9b33kNdxaqw8H+1VlZmYEKzqfKVsHeK40xORLAKeyPHrHetC0oA4kw8qiiPbotevf9lheofvy3aw2lLK0ztmMs5RPJ71qoN9GqBKmq3ziym29QKBhmEBHvLQCssoobLtZvoMtw5RAo1xJmCMzwKerOFH58sO8DhbJckbU=<span style='color:blue'></</span><span style='color:#990000'>X509Certificate</span><span style='color:blue'>><span class=block></</span></span><span class=block><span style='color:#990000'>X509Data</span><span style='color:blue'>></</span><span style='color:#990000'>KeyInfo</span><span style='color:blue'>></</span><span style='color:#990000'>Signature</span><span style='color:blue'>></span><o:p></o:p></span></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>My question: <o:p></o:p></span></p><p class=MsoListParagraphCxSpFirst style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>1)<span style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span lang=EN-US>What I need to validate, if the file(sign) is correct?<o:p></o:p></span></p><p class=MsoListParagraphCxSpLast style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>2)<span style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span lang=EN-US>What files (certificates) are involved (for verification)?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>For sample, on xmlsec1, I’d try:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>xmlsec1 --verify rsdtd.xml<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ubuntu@ip-10-248-24-210:~$ xmlsec1 --verify  rsdtd.xml<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=BR/O=ICP-Brasil/OU=Secretaria da Receita Federal-SRF/OU=CONTRIBUINTE/OU=SRF e-CNPJ A1/CN=ASSOCIACAO DOS MORADORES E AMIGOS B PARQUE S J DE:00072396000182;err=20;msg=unable to get local issuer certificate<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Error: signature failed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ERROR<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>SignedInfo References (ok/all): 1/1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Manifests References (ok/all): 0/0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Error: failed to verify file "rsdtd.xml"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thanks<o:p></o:p></span></p><p class=MsoListParagraph><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>