[xmlsec] Error: failed to find default node with name='Signature'

Sébastien Brossard sbrossard at turbosa.fr
Thu Sep 20 09:32:40 PDT 2007


hi Markus

sorry to bother you again, I ve got one last question

I can see in the xmldsig norm that the signature of a file is applied only
to the content of the <signedinfo> tag
So, given the <authsignature> tag is not included in the signed part of the
file, logically I could change the <authsignature> tag in <signature>
without corrupting my signed file could nt I??

I tested that on my signed xml file, and the verify test failed.
But since I m doing a kind of reverse ingeneering, I m not sure weither this
failed verification is due to the tad change I did, or either is due to the
key I used...

thanks again!

Seb

> -----Message d'origine-----
> De : Markus Lindner [mailto:m at lhaza.com]
> Envoyé : mercredi 19 septembre 2007 18:34
> À : Sébastien Brossard
> Cc : m at lhaza.com; xmlsec at aleksey.com
> Objet : RE: [xmlsec] Error: failed to find default node with
> name='Signature'
>
>
> hello sebastian,
>
> I got the same problem some years ago, they have to change to Signature,
> otherwise it is no XML-Dsig anymore! (my problem was that the node was
> defined <ds:Signature> which did not work). I think they want their XML to
> use an industry-standard, don't they?
> Otherwise you have to change xmlsec (or any other library which could be
> used, in java, in .net) to include AuthSignature, which is silly.
>
> greetings
>
>
> On Wed, September 19, 2007 6:14 pm, Sébastien Brossard wrote:
> > Thanks Markus for your swift answer.
> >
> >
> > The problem is I can't change this dam' "AuthSignature"...
> > the XML file I have to verify comes from a german software with
> who my own
> >  soft have to exchange data... so I can't change the schema element!
> >
> > aïe aïe... am I really stucked as I feared??
> >
> >
> >> -----Message d'origine-----
> >> De : Markus Lindner [mailto:m at lhaza.com]
> >> Envoyé : mercredi 19 septembre 2007 17:48
> >> À : Sébastien Brossard
> >> Cc : xmlsec at aleksey.com
> >> Objet : Re: [xmlsec] Error: failed to find default node with
> >> name='Signature'
> >>
> >>
> >> hello,
> >>
> >> change the schema-element from AuthSignature to Signature. I think it
> >> the only way to go. see also http://www.w3.org/2000/09/xmldsig on
> >> XML-Dsig.
> >>
> >>
> >> greetings
> >>
> >> On Wed, September 19, 2007 4:52 pm, Sébastien Brossard wrote:
> >>
> >>> Hi!
> >>>
> >>>
> >>>
> >>> I ve got a problem trying to verify the following XML file, using the
> >>>  command line xmlsec "xmlsec verify --ignore-manifests
> >> --keys-file cle.xml
> >>
> >>> c:\temp\in.tmp" :
> >>>
> >>>
> >>>
> >>> <?xml version="1.0" encoding="UTF-8"?>
> >>> <ebicsNoPubKeyDigestsRequest Revision="1" Version="H001"
> >>> xsi:schemaLocation="http://www.ebics.org/H001
> >>> http://www.ebics.org/H001/ebics_keymgmt_request.xsd"
> >>> xmlns="http://www.ebics.org/H001"
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >>> <header authenticate="true">
> >>> <static>
> >>> <HostID>EBICSFR</HostID>
> >>> <Nonce>81EED1B73EB2018A2BF5534E70FB3E03</Nonce>
> >>> <Timestamp>2007-09-04T13:27:24.078Z</Timestamp>
> >>> <PartnerID>SEB</PartnerID>
> >>> <UserID>USERID</UserID>
> >>> <OrderDetails>
> >>> <OrderType>HPB</OrderType>
> >>> <OrderAttribute>DZHNN</OrderAttribute>
> >>> </OrderDetails>
> >>> <SecurityMedium>0400</SecurityMedium>
> >>> </static>
> >>> <mutable/>
> >>> </header>
> >>> <AuthSignature>
> >>> <ds:SignedInfo>
> >>> <ds:CanonicalizationMethod
> >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> >>> <ds:SignatureMethod
> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >>> <ds:Reference URI="#xpointer(//*[@authenticate='true'])">
> >>> <ds:Transforms>
> >>> <ds:Transform
> >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> >>> </ds:Transforms>
> >>> <ds:DigestMethod
> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >>> <ds:DigestValue>C5MeIHgIP6zcYdaIUZoccO0/Kog=</ds:DigestValue>
> >>> </ds:Reference>
> >>> </ds:SignedInfo>
> >>>
> >>>
> >> <ds:SignatureValue>Hl1OgqOASmyiL/QYNE65UOky5Grx3ywDBafoWCg5PKNDpED8E0Pr
> >> Ecf
> >>
> >>> KA
> >>>
> >>>
> >> f32Yk2ZlLAkKaoS9IaQYT7CgGKWzQMh1jzcUmguTKuw0+o8LAo6oX7J8KUNsea1tKS4dDwL
> >> 9+e
> >>
> >>> oO v9HptHdsJZVMTwnlfg3tzcz2sCDZy039+aBpX4=</ds:SignatureValue>
> >>> </AuthSignature>
> >>> <body/>
> >>> </ebicsNoPubKeyDigestsRequest>
> >>>
> >>>
> >>>
> >>>
> >>> The error is : "Error: failed to find default node with
> >>>
> >> name="Signature""
> >>> Have you got any idea about how to change the default node name from
> >>> "Signature" to "AuthSignature"?
> >>> This XML file I have to check is sent to me by a third-part
> >>>
> >> software, so I
> >>> can't do anything about it, the "AuthSignature" thing is mandatory...
> >>>
> >>>
> >>> It seems like I m in a dead end, but maybe there's a solution right
> >>> in front of me that I could nt see?? I wish!
> >>>
> >>> Anyway, thanks in advance for your help.
> >>>
> >>>
> >>>
> >>> Best regards,
> >>>
> >>>
> >>>
> >>> Sébastien
> >>> _______________________________________________
> >>> xmlsec mailing list xmlsec at aleksey.com
> >>> http://www.aleksey.com/mailman/listinfo/xmlsec
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
>
>
>




More information about the xmlsec mailing list