[xmlsec] Fail to verify symmetric sign

Aleksey Sanin aleksey at aleksey.com
Mon Mar 22 08:47:52 PDT 2010 

I suggest to take a look at a good book on cryptography
(e.g. Schneier's "Applied Cryptography"):

https://www.aleksey.com/xmlsec/related.html

Aleksey

On 3/22/2010 7:09 AM, igor wrote:
>
> Aleksey,
>
> By your answer, seem obvious solve the problem. I'm feeling helpless and I
> ask your help in identifying this problem.
>
> The error that appears is: failed to load des key from binary file
> "aeskey.bin"
>
> But the key is not des, it is aes.
>
> Thank you in advance!
>
> BR,
> Igor
>
> On Thu, 18 Mar 2010 19:44:58 -0700, Aleksey Sanin<aleksey at aleksey.com>
> wrote:
>> Please read the error carefully.
>>
>> Aleksey
>>
>> On 3/18/2010 6:15 PM, igor at das.ufsc.br wrote:
>>> Hello guys,
>>>
>>> I'm using xmlsec1 for encryption and signing, but I'm having trouble
>>> verifying the signature. I am signing only the Header of the SOAP
>> message
>>> using HMAC with the same AES key to encrypt the message.
>>>
>>> Using the console, I can verify the signature with the following
>> command:
>>> xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data
>>>
>>> My function in C that would verify the signature shows the following
>> error:
>>>
>>>
>>
> func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature
>>> is not implemented:
>>>
>>
> func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId
>>> != xmlSecKeyDataIdUnknown:error=100:assertion:
>>> Error: failed to load des key from binary file "aeskey.bin"
>>>
>>
> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize
>>>> 0:error=100:assertion:
>>>
>>
> func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
>>> library function failed:dataSize=0
>>> Error: encryption failed
>>>
>>>
>>> I am using a function of the examples with a slight modification:
>>>
>>> int
>>> verify_file(const char* xml_file, const char* key_file) {
>>>       xmlDocPtr doc = NULL;
>>>       xmlNodePtr node = NULL;
>>>       xmlSecDSigCtxPtr dsigCtx = NULL;
>>>       int res = -1;
>>>
>>>       assert(xml_file);
>>>       assert(key_file);
>>>
>>>       /* load file */
>>>       doc = xmlParseFile(xml_file);
>>>       if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>>> 	fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
>>> 	goto done;
>>>       }
>>>
>>>       /* find start node */
>>>       node = xmlSecFindNode(xmlDocGetRootElement(doc),
>> xmlSecNodeSignature,
>>> xmlSecDSigNs);
>>>       if(node == NULL) {
>>> 	fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
>>> 	goto done;
>>>       }
>>>
>>>       /* create signature context, we don't need keys manager in this
>>> example */
>>>       dsigCtx = xmlSecDSigCtxCreate(NULL);
>>>       if(dsigCtx == NULL) {
>>>           fprintf(stderr,"Error: failed to create signature context\n");
>>> 	goto done;
>>>       }
>>>
>>>       /* load AES key, assuming that there is not password */
>>>       dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId,
>>> key_file);
>>>       if(dsigCtx->signKey == NULL) {
>>>           fprintf(stderr,"Error: failed to load des key from binary file
>>> \"%s\"\n", key_file);
>>> 	goto done;
>>>       }
>>>
>>>       /* set key name to the file name, this is just an example! */
>>>       if(xmlSecKeySetName(dsigCtx->signKey, key_file)<   0) {
>>>       	fprintf(stderr,"Error: failed to set key name for key from
>> \"%s\"\n",
>>> key_file);
>>> 	goto done;
>>>       }
>>>
>>>       /* Verify signature */
>>>       if(xmlSecDSigCtxVerify(dsigCtx, node)<   0) {
>>>           fprintf(stderr,"Error: signature verify\n");
>>> 	goto done;
>>>       }
>>>
>>>       /* print verification result to stdout */
>>>       if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>>> 	fprintf(stdout, "Signature is OK\n");
>>>       } else {
>>> 	fprintf(stdout, "Signature is INVALID\n");
>>>       }
>>>
>>>       /* success */
>>>       res = 0;
>>>
>>> done:
>>>       /* cleanup */
>>>       if(dsigCtx != NULL) {
>>> 	xmlSecDSigCtxDestroy(dsigCtx);
>>>       }
>>>
>>>       if(doc != NULL) {
>>> 	xmlFreeDoc(doc);
>>>       }
>>>       return(res);
>>> }
>>>
>>> Any help?
>>>
>>> BR,
>>> Igor
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list