[xmlsec] Key Manager with multiple key

chia pern hui iceasky at gmail.com
Mon Mar 10 07:24:35 PST 2008 

Hi,

I am using libxmlsec1 1.2.9-5 and libssl0.9.7.
I am using the simple key manager as provided by xmlsec.

May I ask whether the default manager class supports loading of multiple keys?
I failed to verify a signed document after loading a list of keys (mix
of correct and false PU keys).
Meanwhile, if I load only the correct key, signature verifies correctly.

Any help will be much appreciated. Thanks!

Br, Pern Hui


Program adopted from the example
=====================

    	key = xmlSecCryptoAppKeyLoad(keyfile, xmlSecKeyDataFormatPem,
NULL, NULL, NULL);
    	if(xmlSecKeySetName(key, BAD_CAST keyfile) < 0) {
            fprintf(stderr,"Error: failed to set key name for key from
\"%s\"\n", keyfile);
    	    xmlSecKeyDestroy(key);
    	    return(-1);
    	}
    	    	
    	if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
        	fprintf(stderr,"Error: failed to add key from \"%s\" to keys
manager\n", keyfile);
    	    xmlSecKeyDestroy(key);
    	    return(-1);
    	}


Signature verification fails when i load 2 keys into the manager
=====================================

__loaded key "public/pchia at test.com.pubkey.pem"
__loaded key "public/alice at test.com.pubkey.pem"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/emailAddress=alice at test.com;err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
do not match:signature do not match


Verification succeeds if i load only alice's key into the manager
====================================

__loaded key "public/alice at test.com.pubkey.pem"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/emailAddress=alice at test.com;err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
__signature OK

More information about the xmlsec mailing list