[xmlsec] [Q.] verification fail (can not find <KeyInfo>)

EGB:STONEROSES at MATRIX (Blusjune Jung / Daum.net) blusjune at daum.net
Tue Jan 7 01:00:47 PST 2003


Hi, aleksey ~   :)

At first, really thank you for your good ``xmlsec'' library!!!

I have one curious question.. ^^
Would you explain the reason of the following result?

By use of xml.apache.org XML library,
my partner (in my XML team) has created XML-signed message
which uses <RetrievalMethod> to get the public key to verify.

I've got that message and tried to verify it,
but the result of operation is "fail".

What's my or my partner's mistake?
How can I solve this problem?
Thank you for your reading!  ^^



The following is XML-signed message (to be verified):

$ cat xkmsReqMsg.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE Register [
	<!ATTLIST Prototype Id ID #IMPLIED>
	<!ATTLIST ds:KeyInfo Id ID #IMPLIED>
	<!ATTLIST ds:KeyValue Id ID #IMPLIED>
]>
<Register xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Prototype Id="KeyBinding1" xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Status xmlns="http://www.xkms.org/schema/xkms-2001-01-20">Valid</Status>
<KeyID xmlns="http://www.xkms.org/schema/xkms-2001-01-20">freeman at iasecurity.com</KeyID>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="KI1" xmlns="http://www.xkms.org/schema/xkms-2001-01-20">
<ds:KeyName>freeman at iasecurity.com</ds:KeyName>
<ds:KeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RSAKeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Modulus xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
xLRFBvbOEdEUPIa4OsC7Pw1FV3Hnsv+Mz+Hzw5KkT3is1FD6TrU9J2CRxVir/EskuShBS4936Jyw
m+DKpk8J4Q==
</ds:Modulus>
<ds:Exponent xmlns="http://www.xkms.org/schema/xkms-2001-01-20" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<PassPhrase xmlns="http://www.xkms.org/schema/xkms-2001-01-20">VBHCCZruvcOokyYZBbjJxsHNgzA=</PassPhrase>
</Prototype>
<AuthInfo xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><AuthUserInfo xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><ProofOfPossession xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
c7KmgG6ZKZG9Coj6WR6edo0o4SxduHaF/T9ltXl6HORPM+H4aPJZcp7md1Xu7pWGF7uoOPkoMeyP
hVAMfEqJMA==
</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" URI="#KI1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</KeyInfo>
</Signature>
</ProofOfPossession>
<KeyBindingAuth xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">zXUvrfTAz9jlrHSN7kkj6nm0BNw=</SignatureValue>
</Signature>
</KeyBindingAuth>
</AuthUserInfo>
</AuthInfo><Respond xmlns="http://www.xkms.org/schema/xkms-2001-01-20"><string xmlns="http://www.xkms.org/schema/xkms-2001-01-20">KeyName</string>
<string xmlns="http://www.xkms.org/schema/xkms-2001-01-20">X509Data</string>
</Respond>
</Register>




The following is result:

$ xmlsec verify xkmsReqMsg.xml
xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found :   
xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found :   
xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : xmlSecSignedInfoRead - -1 
xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : xmlSecSignatureRead - -1 
Error: operation failed
ERROR





--
To be a rock, and not to roll. 

-x-x-[?]EGB:STONEROSES at MATRIX[!]-x-x- 
| blusjune at EGBSD | ^_^ | stoneroses | 
$ NAME=\
$ "Blusjune Jung <blusjune at daum.net>"
$ PGPKEYID="0xF1F2FD37" 
-x-x-x Eternal Golden Blusjune x-x-x-



More information about the xmlsec mailing list