<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi!</tt><tt><br>
</tt><tt><br>
</tt><tt>I have a signed xml file with Xades information</tt><tt><br>
</tt><tt>I try to verify the signature with:</tt><tt><br>
</tt><tt><br>
$ xmlsec1 --verify --id-attr:Id Bordereau --id-attr:Id Signature
--id-attr:Id SignedProperties --node-id IDC1141029105800p0100
test.xml<br>
</tt><tt>func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid
data:data and digest do not match</tt><tt><br>
</tt><tt>FAIL</tt><tt><br>
</tt><tt>SignedInfo References (ok/all): 1/2</tt><tt><br>
</tt><tt><br>
</tt><tt>The first part of the signature is validate by xmlsec1</tt><tt><br>
</tt><tt>but it seems that xmlsec1 can't access to the second part
(Xades information)</tt><tt><br>
</tt><tt><br>
</tt><tt>If I use the "</tt><tt>--store-references" flags</tt>, I
can see the "PreDigest data" of the first part, but xmlsec1 never
displays the "PreDigest data" of the second part<br>
<br>
Here an extract of the file<br>
<Bordereau Id="<b>B01201462</b>"><br>
<BlocBordereau><br>
...<br>
<ds:Signature Id="IDC1141029105800p0100"><br>
<ds:SignedInfo><br>
<ds:CanonicalizationMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
<ds:SignatureMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/><br>
<ds:Reference URI="#<b>B01201462</b>"><br>
<ds:Transforms><br>
<ds:Transform
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/><br>
<ds:Transform
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
</ds:Transforms><br>
<ds:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><br>
<ds:DigestValue>m24cE8pHsEwYBbVnCcUGUT49i3g=</ds:DigestValue><br>
</ds:Reference><br>
<ds:Reference URI="#<b>IDC1141029105800p0100_SP</b>"><br>
<ds:Transforms><br>
<ds:Transform
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/><br>
<ds:Transform
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
</ds:Transforms><br>
<ds:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><br>
<ds:DigestValue>OgLDEJDln8+bp7jX1pxs5j/0poM=</ds:DigestValue><br>
</ds:Reference><br>
</ds:SignedInfo><br>
...<br>
<ds:Object Id="IDC1141029105800p0100_QI"><br>
<xad:QualifyingProperties
Target="IDC1141029105800p0100"><br>
<xad:SignedProperties Id="<b>IDC1141029105800p0100_SP</b>"><br>
<xad:SignedSignatureProperties><br>
<xad:SigningTime>2014-10-29T09:58:00.191Z</xad:SigningTime><br>
</ds:Signature><br>
</Bordereau><br>
<br>
And an extract of the output<br>
= REFERENCE VERIFICATION CONTEXT<br>
== Status: succeeded<br>
== URI: "#B01201462"<br>
[...]<br>
=== uri: <br>
=== uri xpointer expr: #B01201462<br>
=== Transform: xpointer
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
=== Transform: enveloped-signature
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
=== Transform: exc-c14n
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>
=== Transform: sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>
== Digest Method:<br>
=== Transform: sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
== PreDigest data - start buffer:<br>
<Bordereau Id="B01201462"><BlocBordereau><Exer
V="2014"></Exer>.........</Bordereau><br>
== PreDigest data - end buffer<br>
= REFERENCE VERIFICATION CONTEXT<br>
== Status: invalid<br>
== URI: "#IDC1141029105800p0100_SP"<br>
[...]<br>
=== uri: <br>
=== uri xpointer expr: #IDC1141029105800p0100_SP<br>
=== Transform: xpointer
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
=== Transform: enveloped-signature
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
=== Transform: exc-c14n
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>
=== Transform: sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>
== Digest Method:<br>
=== Transform: sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
=> No PreDigest data here !<br>
<br>
where is my mistake ?<br>
<br>
I use xmlsec 1.2.18 (openssl)<br>
(here the full xml file and xmlsec output =>
<a class="moz-txt-link-freetext" href="http://dl.free.fr/ekDbPkF63">http://dl.free.fr/ekDbPkF63</a>)<br>
<br>
Regards,<br>
<br>
</body>
</html>