[xmlsec] Signing with user cert p12
http://www.pas-world.com
dev001 at pas-world.com
Wed Nov 14 09:29:27 PST 2007
Hello I am trying to sign and verifiy xml document. I use someting like
this in xml base:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
Id="signature">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<KeyInfo>
<X509Data>
</X509Data>
</KeyInfo>
<Object Id="object">some text</Object>
</Signature>
I have CA cert in bundle of openssl.
After this I try to sign with certificate of CA user p12 with sh
executable like this:
> PASS="pass"
> XML="ft.xml"
> OUT="signed-$XML"
> echo "Signing $XML on $OUT"
> xmlsec1 --sign --pkcs12 /home/LocalCA/coipa-fnmt.p12 --pwd $PASS --output $OUT $XML
> echo Verifying
> xmlsec1 verify $OUT
But the result is FAIL:
> Signing ft.xml on signed-ft.xml
> Verifying
> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
> FAIL
> SignedInfo References (ok/all): 0/1
> Manifests References (ok/all): 0/0
> Error: failed to verify file "signed-factura.xml"
Where is the fail?
Thanks in advance.
--
Publicidad http://www.pas-world.com
More information about the xmlsec
mailing list