[xmlsec] verifying with key in XML
Aleksey Sanin
aleksey at aleksey.com
Thu May 8 12:41:33 PDT 2008
The simplest way is to use "KeyName" to specify the key.
Aleksey
Rolando Abarca wrote:
> I read the thread here:
>
> http://www.mail-archive.com/xmlsec@aleksey.com/msg03219.html
>
> but still can't verify my signature with the supplied KeyInfo. This is
> what I've been doing so far:
>
> dsigCtx = xmlSecDSigCtxCreate(NULL);
> if (dsigCtx == NULL) {
> rb_raise(rb_eXMLError, "Failed to create Signature Context");
> }
>
> if ((xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
> (xmlSecPtr) xmlSecKeyDataX509Id) < 0) ||
> (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
> (xmlSecPtr) xmlSecKeyDataRsaId) < 0)){
> xmlSecDSigCtxDestroy(dsigCtx);
> rb_raise(rb_eXMLError, "Failed to limit key info");
> }
>
> if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
> xmlSecDSigCtxDestroy(dsigCtx);
> rb_raise(rb_eXMLError, "Failed to verify signature");
> }
>
> but I still can't make it verify with the supplied key:
>
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
>
> can you please tell me what do I need to do in order to verify a xml
> file with the RSA pub key inside the xml? like this:
>
> <foo>
> <data>...</data>
> <Signature>
> ...
> <KeyInfo>
> <KeyValue>
> ...
> </KeyValue>
> <X509Data>
> ...
> </X509Data>
> </KeyInfo>
> </Signature>
> </foo>
>
> the xml was built with libxml and signed with xmlsec (using a
> dinamically created template).
>
> regards,
More information about the xmlsec
mailing list