Thanks, Aleksey.<div><br><div>Really, I had RSA key in signature file.</div><div><br></div><div>I made some investigation, I may be wrong, but I don't understand the security guarantee of xml signature.</div><div>I'll try to explain my view on it, please indicate where I'm wrong.</div>
<div><br></div><div>As I've understood during signature verification xmlsec might choose key for verification from KeyValue field or from certificate in X509Data field. There isn't any check that public key from KeyValue is the same as public key from certificate.</div>
<div>Key selection algorithm is the next: </div><div>- Xmlsec is trying to build certificate chain from certificate in the file up to a trusted cert.</div><div> - if it successed, key from certificate is used</div><div> - if it failed, xmlsec is looking for the KeyValue field.</div>
<div> - if KeyValue field is found, xmlsec uses it for verification.</div><div> - if KeyValue isn't found xmlsec reports an error.</div><div> </div><div>So, lets assume that I'm a bad guy and I want to substitute a signed xml file.</div>
<div>All I have to do is just sign a file only with KeyValue field and without any X509Data field.</div><div>Thus, user of signed document can't be sure that this document was sent by expected sender.</div><div><br></div>
<div>I think that there is some misunderstanding in application of xml signature or I've just missed something.</div><div>Maybe it's possible to force xmlsec perform verification using key only from X509 field? Or maybe I just may ask xmlsec to ignore key from KeyValue field?</div>
<div><br></div><div>Thanks.</div><div><br></div><div><div class="gmail_quote">2012/8/15 Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
That shouldn't be the case. The only possibility is that there<br>
is a key in the signature file (not in certificate).<br>
<br>
Run xmlsec with debug output to find out where it finds key<br>
<br>
Aleksey<br>
<div class="im"><br>
On 8/15/12 1:21 AM, Roman Khlystik wrote:<br>
> Thanks for your answer, Aleksey.<br>
><br>
> I think I've understood behaviour of xmlsec in this situation.<br>
> And according to this logic I assume (and actually I checked it) that<br>
> when there isn't any<br>
> valid certificate chain result code of signature verification is still<br>
> succeeded. Why?<br>
><br>
> Here is example using command-line tool.<br>
> ca.crt isn't related to the certificate<br>
> in license-signed-ca1-server1.xml. So, there isn't any valid certificate<br>
> chain. Why verification status is OK?<br>
><br>
> #xmlsec1 --verify --trusted-pem cas/ca2/ca/certs/ca.crt<br>
> license-signed-ca1-server1.xml<br>
><br>
><br>
><br>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto<br>
> library function failed:subj=/C=UA/ST=Kyiv<br>
> region/L=Kyiv/O=test/OU=Ukraine<br>
> Department/CN=server1/emailAddress=<a href="mailto:support@test.com">support@test.com</a><br>
</div>> <mailto:<a href="mailto:support@test.com">support@test.com</a>>;err=20;msg=unable to get local issuer<br>
<div class="im">> certificate<br>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate<br>
> verification failed:err=20;msg=unable to get local issuer certificate<br>
> OK<br>
> SignedInfo References (ok/all): 1/1<br>
> Manifests References (ok/all): 0/0<br>
><br>
><br>
><br>
> So, I have another question: Is it possibe to detect with xmlsec that<br>
> there is no one valid certificate chain up to the one of the trusted<br>
> certificates? I want to reject signed xml file if there isn't any valid<br>
> vertificate chain.<br>
><br>
> Thanks.<br>
><br>
</div>> 2012/8/14 Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>><br>
<div><div class="h5">><br>
> Roman,<br>
><br>
> During the verification, xmlsec tries to verify the signature using<br>
> all possible certificate chains. It is enough to have one of them<br>
> succeed. The errors you see are from ones that failed. Safe to ignore<br>
> as long, just check the result code.<br>
><br>
> Aleksey<br>
><br>
> On 8/14/12 8:38 AM, Roman Khlystik wrote:<br>
> > Hi Aleksey!<br>
> ><br>
> > I'm trying to develop simple license system using xmlsec library.<br>
> > My idea was to build simple private PKI with one CA key pair and<br>
> > separate key-pair for each customer.<br>
> > Then I planned to sign xml license file with client certificate<br>
> for each<br>
> > client.<br>
> ><br>
> > I decided to embbed CA certificate in our app and verify certificate<br>
> > chain from xml file up to CA certificate.<br>
> > But I have a problem with xmlsec library. I can't find how to verify<br>
> > full certificate chain with it.<br>
> > I used example from here<br>
> > <a href="http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7" target="_blank">http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html·</a><br>
> <<a href="http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7" target="_blank">http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7</a>><br>
> > <<a href="http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7" target="_blank">http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7</a>><br>
> > and I have a problem when certificate chain is invalid.<br>
> > I got error to console:<br>
> ><br>
> ><br>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto<br>
> > library function failed:subj=/C=UA/ST=Kyiv<br>
> > region/L=Kyiv/O=test/OU=test/CN=server1/emailAddress=s<br>
> ><br>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate<br>
> > verification failed:err=20;msg=unable to get local issuer certificate<br>
> > OK<br>
> > SignedInfo References (ok/all): 1/1·<br>
> > Manifests References (ok/all): 0/0·<br>
> ><br>
> > but verification result dsigCtx->status has<br>
> xmlSecDSigStatusSucceeded value.<br>
> ><br>
> > Can you tell me how can I verify that certificate chain is invalid<br>
> with<br>
> > xmlsec api?<br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > xmlsec mailing list<br>
</div></div>> > <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>><br>
> > <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
> ><br>
><br>
><br>
</blockquote></div><br></div></div>