[xmlsec] A signed xml msg can't be verified
Aleksey Sanin
aleksey@aleksey.com
Sat, 04 Jan 2003 00:39:33 -0800
Hi, Derek!
First of all, it's probably a wrong way to create the signature in the
way you did
(do sign document and next modify content). Depending on what are you
signing
you may easily invalidate you signature.
Regarding the error you have, I can only guess since you do not provide
the document
(see http://www.aleksey.com/xmlsec/bugs.html for a list of required
information
when you report bug/request help). I might be wrong but it seems that
you have a problem with ID attribute (see section 3.2 from FAQ).
Aleksey
Derek Lei Liu wrote:
>Hi,
>
>I construct the signed xml with xmlsec and then
>attached a manually created x509 section. Although I
>can use xmlsec tool to verify the signed message
>itself (without x509 section). The whole message can't
>be verified due to following error:
>
>I am still at beginner level on xml signature stuff,
>so could some expert point out to me what could went
>wrong?
>
>thanks
>
>Derek
>
>====================================================
>
># /usr/local/bin/xmlsec-11 verify --trusted CA.cert
>./pares.txt
>xmlSecTransformStateParseUri (transforms.c:1181):
>error 4: xml operation failed :
>xmlXPtrEval(PARes1041661547-977789)
>xmlSecTransformStateCreate (transforms.c:881): error
>2: xmlsec operation failed :
>xmlSecTransformStateParseUri(#PARes1041661547-977789)
>xmlSecReferenceRead (xmldsig.c:1602): error 2: xmlsec
>operation failed : xmlSecTransformStateCreate
>xmlSecSignedInfoRead (xmldsig.c:1476): error 2: xmlsec
>operation failed : xmlSecReferenceRead - -1
>xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec
>operation failed : xmlSecSignedInfoRead - -1
>xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec
>operation failed : xmlSecSignatureRead - -1
>ERROR
>Error: operation failed
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>_______________________________________________
>xmlsec mailing list
>xmlsec@aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>