[xmlsec] Re: verifying with key in XML

Rolando Abarca funkaster at gmail.com
Thu May 8 12:12:04 PDT 2008 

Nevermind, I got it working this way (note that "node" is the  
Signature node)

     dsigCtx = xmlSecDSigCtxCreate(NULL);
     if (dsigCtx == NULL) {
         rb_raise(rb_eXMLError, "Failed to create Signature Context");
     }

     keyNode = xmlSecFindNode(node, xmlSecNodeKeyInfo, xmlSecDSigNs);
     dsigCtx->signKey = xmlSecKeyCreate();
     if ((xmlSecKeyInfoNodeRead(keyNode, dsigCtx->signKey, &dsigCtx- 
 >keyInfoReadCtx)) < 0) {
         xmlSecKeyDestroy(dsigCtx->signKey);
         xmlSecDSigCtxDestroy(dsigCtx);
         rb_raise(rb_eXMLError, "Could not read KeyInfo");
     }

     if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
         xmlSecKeyDestroy(dsigCtx->signKey);
         xmlSecDSigCtxDestroy(dsigCtx);
         rb_raise(rb_eXMLError, "Failed to verify signature");
     }

It's working just fine now :-D

On May 8, 2008, at 1:57 PM, Rolando Abarca wrote:

> I read the thread here:
>
> http://www.mail-archive.com/xmlsec@aleksey.com/msg03219.html
>
> but still can't verify my signature with the supplied KeyInfo. This  
> is what I've been doing so far:
>
>    dsigCtx = xmlSecDSigCtxCreate(NULL);
>    if (dsigCtx == NULL) {
>        rb_raise(rb_eXMLError, "Failed to create Signature Context");
>    }
>
>    if ((xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),  
> (xmlSecPtr) xmlSecKeyDataX509Id) < 0) ||
>        (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),  
> (xmlSecPtr) xmlSecKeyDataRsaId) < 0)){
>        xmlSecDSigCtxDestroy(dsigCtx);
>        rb_raise(rb_eXMLError, "Failed to limit key info");
>    }
>
>    if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>        xmlSecDSigCtxDestroy(dsigCtx);
>        rb_raise(rb_eXMLError, "Failed to verify signature");
>    }
>
> but I still can't make it verify with the supplied key:
>
> func 
> = 
> xmlSecDSigCtxProcessKeyInfoNode:file 
> =xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not  
> found:
> func 
> = 
> xmlSecDSigCtxProcessSignatureNode:file 
> = 
> xmldsig 
> .c:line 
> =565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec  
> library function failed:
> func 
> = 
> xmlSecDSigCtxVerify:file 
> = 
> xmldsig 
> .c:line 
> = 
> 366 
> :obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec  
> library function failed:
>
> can you please tell me what do I need to do in order to verify a xml  
> file with the RSA pub key inside the xml? like this:
>
> <foo>
> <data>...</data>
> <Signature>
> ...
> <KeyInfo>
> <KeyValue>
> ...
> </KeyValue>
> <X509Data>
> ...
> </X509Data>
> </KeyInfo>
> </Signature>
> </foo>
>
> the xml was built with libxml and signed with xmlsec (using a  
> dinamically created template).

-- 
Rolando Abarca M.

More information about the xmlsec mailing list