[xmlsec] Fail to verify symmetric sign
igor at das.ufsc.br
igor at das.ufsc.br
Tue Mar 23 06:27:52 PDT 2010
Aleksey,
Does not make sense. Why it works on script console and not on c function?
Why do you indicated a book? I think I have a specific problem and not a
conceptual problem.
Thank you!
BR.
> I suggest to take a look at a good book on cryptography
> (e.g. Schneier's "Applied Cryptography"):
>
> https://www.aleksey.com/xmlsec/related.html
>
> Aleksey
>
> On 3/22/2010 7:09 AM, igor wrote:
>>
>> Aleksey,
>>
>> By your answer, seem obvious solve the problem. I'm feeling helpless and
>> I
>> ask your help in identifying this problem.
>>
>> The error that appears is: failed to load des key from binary file
>> "aeskey.bin"
>>
>> But the key is not des, it is aes.
>>
>> Thank you in advance!
>>
>> BR,
>> Igor
>>
>> On Thu, 18 Mar 2010 19:44:58 -0700, Aleksey Sanin<aleksey at aleksey.com>
>> wrote:
>>> Please read the error carefully.
>>>
>>> Aleksey
>>>
>>> On 3/18/2010 6:15 PM, igor at das.ufsc.br wrote:
>>>> Hello guys,
>>>>
>>>> I'm using xmlsec1 for encryption and signing, but I'm having trouble
>>>> verifying the signature. I am signing only the Header of the SOAP
>>> message
>>>> using HMAC with the same AES key to encrypt the message.
>>>>
>>>> Using the console, I can verify the signature with the following
>>> command:
>>>> xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data
>>>>
>>>> My function in C that would verify the signature shows the following
>>> error:
>>>>
>>>>
>>>
>> func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature
>>>> is not implemented:
>>>>
>>>
>> func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId
>>>> != xmlSecKeyDataIdUnknown:error=100:assertion:
>>>> Error: failed to load des key from binary file "aeskey.bin"
>>>>
>>>
>> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize
>>>>> 0:error=100:assertion:
>>>>
>>>
>> func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
>>>> library function failed:dataSize=0
>>>> Error: encryption failed
>>>>
>>>>
>>>> I am using a function of the examples with a slight modification:
>>>>
>>>> int
>>>> verify_file(const char* xml_file, const char* key_file) {
>>>> xmlDocPtr doc = NULL;
>>>> xmlNodePtr node = NULL;
>>>> xmlSecDSigCtxPtr dsigCtx = NULL;
>>>> int res = -1;
>>>>
>>>> assert(xml_file);
>>>> assert(key_file);
>>>>
>>>> /* load file */
>>>> doc = xmlParseFile(xml_file);
>>>> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>>>> fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
>>>> goto done;
>>>> }
>>>>
>>>> /* find start node */
>>>> node = xmlSecFindNode(xmlDocGetRootElement(doc),
>>> xmlSecNodeSignature,
>>>> xmlSecDSigNs);
>>>> if(node == NULL) {
>>>> fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
>>>> goto done;
>>>> }
>>>>
>>>> /* create signature context, we don't need keys manager in this
>>>> example */
>>>> dsigCtx = xmlSecDSigCtxCreate(NULL);
>>>> if(dsigCtx == NULL) {
>>>> fprintf(stderr,"Error: failed to create signature
>>>> context\n");
>>>> goto done;
>>>> }
>>>>
>>>> /* load AES key, assuming that there is not password */
>>>> dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId,
>>>> key_file);
>>>> if(dsigCtx->signKey == NULL) {
>>>> fprintf(stderr,"Error: failed to load des key from binary
>>>> file
>>>> \"%s\"\n", key_file);
>>>> goto done;
>>>> }
>>>>
>>>> /* set key name to the file name, this is just an example! */
>>>> if(xmlSecKeySetName(dsigCtx->signKey, key_file)< 0) {
>>>> fprintf(stderr,"Error: failed to set key name for key from
>>> \"%s\"\n",
>>>> key_file);
>>>> goto done;
>>>> }
>>>>
>>>> /* Verify signature */
>>>> if(xmlSecDSigCtxVerify(dsigCtx, node)< 0) {
>>>> fprintf(stderr,"Error: signature verify\n");
>>>> goto done;
>>>> }
>>>>
>>>> /* print verification result to stdout */
>>>> if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>>>> fprintf(stdout, "Signature is OK\n");
>>>> } else {
>>>> fprintf(stdout, "Signature is INVALID\n");
>>>> }
>>>>
>>>> /* success */
>>>> res = 0;
>>>>
>>>> done:
>>>> /* cleanup */
>>>> if(dsigCtx != NULL) {
>>>> xmlSecDSigCtxDestroy(dsigCtx);
>>>> }
>>>>
>>>> if(doc != NULL) {
>>>> xmlFreeDoc(doc);
>>>> }
>>>> return(res);
>>>> }
>>>>
>>>> Any help?
>>>>
>>>> BR,
>>>> Igor
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>
More information about the xmlsec
mailing list