[xmlsec] [Q.] verification fail (can not find <KeyInfo>)
EGB:STONEROSES@MATRIX (Blusjune Jung / Daum.net)
EGB:STONEROSES@MATRIX (Blusjune Jung / Daum.net)" <blusjune@daum.net
Tue, 07 Jan 2003 18:00:47 +0900
Hi, aleksey ~ :)
At first, really thank you for your good ``xmlsec'' library!!!
I have one curious question.. ^^
Would you explain the reason of the following result?
By use of xml.apache.org XML library,
my partner (in my XML team) has created XML-signed message
which uses <RetrievalMethod> to get the public key to verify.
I've got that message and tried to verify it,
but the result of operation is "fail".
What's my or my partner's mistake?
How can I solve this problem?
Thank you for your reading! ^^
The following is XML-signed message (to be verified):
$ cat xkmsReqMsg.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE Register [
<!ATTLIST Prototype Id ID #IMPLIED>
<!ATTLIST ds:KeyInfo Id ID #IMPLIED>
<!ATTLIST ds:KeyValue Id ID #IMPLIED>
]>
<Register xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Prototype Id="KeyBinding1" xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Status xmlns="http://www.xkms.org/schema/xkms-2001-01-20">Valid</Status>
<KeyID xmlns="http://www.xkms.org/schema/xkms-2001-01-20">freeman@iasecurity.com</KeyID>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="KI1" xmlns="http://www.xkms.org/schema/xkms-2001-01-20">
<ds:KeyName>freeman@iasecurity.com</ds:KeyName>
<ds:KeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RSAKeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Modulus xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
xLRFBvbOEdEUPIa4OsC7Pw1FV3Hnsv+Mz+Hzw5KkT3is1FD6TrU9J2CRxVir/EskuShBS4936Jyw
m+DKpk8J4Q==
</ds:Modulus>
<ds:Exponent xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<PassPhrase xmlns="http://www.xkms.org/schema/xkms-2001-01-20">VBHCCZruvcOokyYZBbjJxsHNgzA=</PassPhrase>
</Prototype>
<AuthInfo xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><AuthUserInfo xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><ProofOfPossession xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
c7KmgG6ZKZG9Coj6WR6edo0o4SxduHaF/T9ltXl6HORPM+H4aPJZcp7md1Xu7pWGF7uoOPkoMeyP
hVAMfEqJMA==
</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" URI="#KI1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</KeyInfo>
</Signature>
</ProofOfPossession>
<KeyBindingAuth xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">zXUvrfTAz9jlrHSN7kkj6nm0BNw=</SignatureValue>
</Signature>
</KeyBindingAuth>
</AuthUserInfo>
</AuthInfo><Respond xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><string xmlns="http://www.xkms.org/schema/xkms-2001-01-20">KeyName</string>
<string xmlns="http://www.xkms.org/schema/xkms-2001-01-20">X509Data</string>
</Respond>
</Register>
The following is result:
$ xmlsec verify xkmsReqMsg.xml
xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found :
xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found :
xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : xmlSecSignedInfoRead - -1
xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : xmlSecSignatureRead - -1
Error: operation failed
ERROR
--
To be a rock, and not to roll.
-x-x-[?]EGB:STONEROSES@MATRIX[!]-x-x-
| blusjune@EGBSD | ^_^ | stoneroses |
$ NAME=\
$ "Blusjune Jung <blusjune@daum.net>"
$ PGPKEYID="0xF1F2FD37"
-x-x-x Eternal Golden Blusjune x-x-x-