[xmlsec] support for <Reference URI="#prop ">

Aleksey Sanin aleksey at aleksey.com
Thu Feb 18 07:34:06 PST 2010


The reference uris are supported by xmlsec from the very
beginning and the fact that the first step of verification
(digests check) succeeded shows that that part worked fine.

Try to run xmlsec command line tool with --store-signatures
and --store-references flags. This will print exact details
of what was signed and verified.

Aleksey

On 2/18/2010 5:57 AM, Gaurav Gangwar wrote:
> Hi Aleksey,
>
> I am verifying the signature file with following format from W3C spec
> <?xml version="1.0" encoding="UTF-8"?>
>
> <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”
> Id="DistributorASignature" >
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> <Reference URI="config.xml">
> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>...</DigestValue>
> </Reference>
> <Reference URI="index.html">
> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>.... </DigestValue>
> </Reference>
> <Reference URI="#prop ">
> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>.... </DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>... </SignatureValue>
> <KeyInfo><X509Data>
> <X509Certificate>MI...</X509Certificate>
> <X509Certificate>MI...</X509Certificate>
> </X509Data></KeyInfo>
> <Object Id="prop">
> <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
> <SignatureProperty Id="profile" Target="#DistributorASignature">
> <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile" />
> </SignatureProperty>
> <SignatureProperty Id="role" Target="#DistributorASignature">
> <dsp:Role
> URI="http://www.w3.org/ns/widgets-digsig#role-distributor" />
> </SignatureProperty>
> <SignatureProperty Id="identifier" Target="#DistributorASignature">
> <dsp:Identifier>J............</dsp:Identifier> </SignatureProperty>
> </SignatureProperties>
> </Object>
> </Signature>
>
> I am getting the signature verification failure
> Error is :
> func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha256:subj=EVP_VerifyFinal:error=18:data
> do not match:signature do not match
>
> I am concluding that the problem is because of #prop is due to the fact
> that i am not getting any error with other signature files which don,t
> have  #prop.
>
> So my question is does xmlsec supports <Reference URI="#prop "> ? If yes
> then to which version i have to update?
> If not please point me to where i have to make changes to support this.
>
>
> Thanks and Regards
> Gaurav
>
>
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list