[xmlsec] RetrievalMethod with local URI?

Aleksey Sanin aleksey at aleksey.com
Wed Jul 17 10:06:28 PDT 2002 

Ops, sorry I am wrong. The correct pointer is

    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <KeyValue>
             <DSAKeyValue 
Id="foo">                                                              
                ...
              </DSAKeyValue>
        </KeyValue>
    </KeyInfo>

And there is a bug in xmlsec :( Thanks for finding it!

Aleksey


Aleksey Sanin wrote:

> Thanks, the file made it clear: you have a mistake in your file.
> The reference URI in RetrievalMethod should point to the
> KeyValue, not the KeyInfo. It is not clear rom the spec but take
> a look at the XML DSig archive:
>     
> http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/0068.html
>
> The correct file in your case should look like this one:
>
>     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>         <KeyValue Id="foo">
>              
> <DSAKeyValue>                                                               
>
>                 ...
>               </DSAKeyValue>
>         </KeyValue>
>     </KeyInfo>
>
>
> Aleksey
>
> John Belmonte wrote:
>
>> Aleksey Sanin wrote:
>>
>>> How do you verify signature? Do you use xmlsec application or your 
>>> code?
>>
>>
>> Sorry about that, I'm using the xmlsec application.  That's what I 
>> meant by "xmlsec tool".
>>
>> I'll attach the actual xml.  To verify, I run:
>>
>>     xmlsec verify <file>
>>
>>
>> -John
>>
>>
>>------------------------------------------------------------------------
>>
>><?xml version="1.0" encoding="UTF-8"?>
>><Envelope xmlns="urn:envelope">
>>  <Data>
>>    Hello, World!
>>  </Data>
>>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>    <SignedInfo>
>>      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>>      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
>>      <Reference URI="">
>>        <Transforms>
>>          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>        </Transforms>
>>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>        <DigestValue>VweSIbNEl2P2r6lm+OL7hVJTwt8=</DigestValue>
>>      </Reference>
>>    </SignedInfo>
>>    <SignatureValue>HfKV8YVy6s+YIEejVAXMW1wUlq8KXQH+XNMQmwDOkdzMMnIvgTOtUw==</SignatureValue>
>>    <KeyInfo>
>>      <RetrievalMethod URI="#foo"/>
>>    </KeyInfo>
>>  </Signature>
>>  <KeyInfo Id="foo" xmlns="http://www.w3.org/2000/09/xmldsig#">
>>    <KeyValue>
>>      <DSAKeyValue>
>>        <P>
>>        iqx200qTk5ojXcvGRmTXtwLmBwDrmWoBfl0L1VzxQm0BDjmnVgoCIiyeeYQH7YDB
>>        iuP7f2AcJrocqaBa4pi+hG1pu/WfAyc2sc9dPavAqDo99ywL58dhE3blIL/bXhy7
>>        MH4NzXY7196xTCuZyMBnZQ3qxUReghREd22m2YmFe60=
>>        </P>
>>        <Q>
>>        nAIxeeJw9cjPjjD5NPT4X4I1eqU=
>>        </Q>
>>        <G>
>>        Wai06HIyzWrDJzaMtPeYbi3DXlIf0N9eBgEcDDvK77ikG8+9A9iw6ymStZJdummy
>>        MpBEKh7rSQ9GfaGvrBUyUlS34qaH7dvMfTHPWV9y1xaSysjuUT7U0dOxeBQw4uDF
>>        sQXwcJS+UT/twnWlYBf1L5OdNy4mq0wib6pfevWsLEo=
>>        </G>
>>        <Y>
>>        Oux1jjrB5ZYxIk1HHCBw5razG03KNhsHPDSU7ibHjWz+PonMTH6Tbcs32mCMaaOG
>>        k1YKuPpTwemHhr0JbR2DbyLJzCBdLUe9Czr2UF70euSr+SHPvSluqMByRmS3mNKL
>>        tUaYERHYl8dqzOEHTfD1D0QY2aCzAXrpYt56UEwMCoM=
>>        </Y>
>>      </DSAKeyValue>
>>    </KeyValue>
>>  </KeyInfo>
>></Envelope>
>>  
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20020717/9afc2528/attachment.htm

More information about the xmlsec mailing list