[xmlsec] Trying to check sign
Renato Tegon Forti
re.tf at acm.org
Tue Jun 5 13:58:31 PDT 2012
Hi,
I have one file that I want check sig (using KEYINFO node), I know that the
signature is valid, but tool returns me:
I use DTD, see xml below, please!
----------------------------------------------------------------------------
--------------------
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:sub
j=X509_verify_cert:error=4:crypto library function
failed:subj=/C=BR/O=ICP-Brasil/OU=ID - 1083312/OU=Autenticado por Certisign
Certificadora Digital/OU=Assinatura Tipo A1/OU=(EM BRANCO)/OU=(EM
BRANCO)/CN=MEDIATECH INFORMATICA
LTDA/emailAddress=contato at tecnomidia.com.br;err=20;msg=unable to get local
issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:sub
j=unknown:error=71:certificate verification failed:err=20;msg=unable to get
local issuer certificate
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1
:subj=EVP_VerifyFinal:error=18:data do not match:signature do not match
RESULT: Signature is INVALID
---------------------------------------------------
= VERIFICATION CONTEXT
== Status: invalid
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
=== Transform: membuf-transform (href=NULL)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Private
=== key name: test-rsa
=== key usage: -1
=== rsa key: size = 1024
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#NFe35101003593968000167550030000101640000000003"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #NFe35101003593968000167550030000101640000000003
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: enveloped-signature
(href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
----------------------------------------------------------------------------
--------------------
Anyone can help-me to understand what I make wrong!
What this exactly can mean: "unable to get local issuer certificate"
This is my xml file ( the DTD is correct?):
----------------------------------------------------------------------------
--------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ATTLIST infNFe Id ID #IMPLIED>
]>
<nfeProc xmlns="http://www.portalfiscal.inf.br/nfe" versao="1.10">
<NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Id="NFe35101003593968000167550030000101640000000003"
versao="1.10"><ide><cUF>35</cUF><cNF>000000000</cNF><natOp>VENDA MERC C/
PGTO ST C/
SUBSTITUIDO</natOp><indPag>1</indPag><mod>55</mod><serie>3</serie><nNF>10164
</nNF><dEmi>2010-10-20</dEmi><dSaiEnt>2010-10-20</dSaiEnt><tpNF>1</tpNF><cMu
nFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>3</cDV><tpAmb>1</
tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>1.4.0</verProc></ide><e
mit><CNPJ>03593968000167</CNPJ><xNome>Mediatech Informatica
LTDA</xNome><xFant>Mediatech Informatica
LTDA</xFant><enderEmit><xLgr>CORREIA DE
MELO</xLgr><nro>085</nro><xBairro>BOM
RETIRO</xBairro><cMun>3550308</cMun><xMun>SAO
PAULO</xMun><UF>SP</UF><CEP>01123020</CEP><cPais>1058</cPais><xPais>BRASIL</
xPais><fone>1133521199</fone></enderEmit><IE>115633812110</IE></emit><dest><
CNPJ>11253910000100</CNPJ><xNome>AYSSO SYSTEMS LTDA
EPP</xNome><enderDest><xLgr>RUA DOZE DE
NOVEMBRO</xLgr><nro>180</nro><xCpl>APT
183</xCpl><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA</xMun
><UF>SP</UF><CEP>13465490</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone
>1936459994</fone></enderDest><IE/></dest><det
nItem="1"><prod><cProd>1160900000000001720000</cProd><cEAN/><xProd>MIDIA
DIGITAL
CD/DVD</xProd><NCM>85234011</NCM><CFOP>5405</CFOP><uCom>PC.</uCom><qCom>100.
0000</qCom><vUnCom>2.1500</vUnCom><vProd>215.00</vProd><cEANTrib/><uTrib>PC.
</uTrib><qTrib>100.0000</qTrib><vUnTrib>2.1500</vUnTrib><vFrete>20.00</vFret
e></prod><imposto><ICMS><ICMS60><orig>0</orig><CST>60</CST><vBCST>215.00</vB
CST><vICMSST>0.00</vICMSST></ICMS60></ICMS><IPI><cEnq>999</cEnq><IPINT><CST>
53</CST></IPINT></IPI><PIS><PISAliq><CST>01</CST><vBC>215.00</vBC><pPIS>0.65
</pPIS><vPIS>1.40</vPIS></PISAliq></PIS><COFINS><COFINSAliq><CST>01</CST><vB
C>215.00</vBC><pCOFINS>3.00</pCOFINS><vCOFINS>6.45</vCOFINS></COFINSAliq></C
OFINS></imposto></det><total><ICMSTot><vBC>20.00</vBC><vICMS>0.00</vICMS><vB
CST>0.00</vBCST><vST>0.00</vST><vProd>215.00</vProd><vFrete>20.00</vFrete><v
Seg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>1.40
</vPIS><vCOFINS>6.45</vCOFINS><vOutro>0.00</vOutro><vNF>235.00</vNF></ICMSTo
t></total><transp><modFrete>0</modFrete><transporta><CNPJ>07281886000138</CN
PJ><xNome>Correio - Sedex</xNome><IE>ISENTO</IE><xEnder>Rua Correia de Melo,
111</xEnder><xMun>Sao
Paulo</xMun><UF>SP</UF></transporta><vol><qVol>1</qVol><esp>CX.</esp><pesoL>
1.000</pesoL><pesoB>1.000</pesoB></vol></transp><cobr><fat><nFat>10164</nFat
><vOrig>235.00</vOrig><vLiq>235.00</vLiq></fat><dup><nDup>001</nDup><dVenc>2
010-10-20</dVenc><vDup>235.00</vDup></dup></cobr><infAdic><infCpl>Pedidos:
48033</infCpl></infAdic></infNFe><Signature
xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMeth
od
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMetho
d Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
URI="#NFe35101003593968000167550030000101640000000003"><Transforms><Transfor
m
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transfor
m
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><D
igestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vj4p6FtqkZe
n6fsHlcyag8R2hF0=</DigestValue></Reference></SignedInfo><SignatureValue>Jymb
ikn/5F8aUYQA6CaZmLYY9plO4KNfyu/M4TZP5l+3fy/pjwpkIsaeV1LXXyo7nWLdpvruhCXy
ID2ptAjzIWOJ/vp1YW94e0Yy7yfBijQNkew+FI1G7GKKt7T/UUIPRrXqWwo7EA8ZpCYSoWktWqHZ
iU7j7iJone1nLdNJNjY=</SignatureValue><KeyInfo><X509Data><X509Certificate>MII
GuzCCBaOgAwIBAgIQCbCeZ64fHJPeNqAkc06I8TANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQG
EwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEtMCsGA1UECxMkQ2VydGlzaWduIENlcnRpZmljYWRv
cmEgRGlnaXRhbCBTLkEuMSEwHwYDVQQDExhBQyBDZXJ0aXNpZ24gTXVsdGlwbGEgRzMwHhcNMTAw
NzI5MDAwMDAwWhcNMTEwNzI4MjM1OTU5WjCCAQsxCzAJBgNVBAYTAkJSMRMwEQYDVQQKFApJQ1At
QnJhc2lsMRUwEwYDVQQLFAxJRCAtIDEwODMzMTIxODA2BgNVBAsUL0F1dGVudGljYWRvIHBvciBD
ZXJ0aXNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFsMRswGQYDVQQLFBJBc3NpbmF0dXJhIFRpcG8g
QTExFDASBgNVBAsUCyhFTSBCUkFOQ08pMRQwEgYDVQQLFAsoRU0gQlJBTkNPKTEjMCEGA1UEAxMa
TUVESUFURUNIIElORk9STUFUSUNBIExUREExKDAmBgkqhkiG9w0BCQEWGWNvbnRhdG9AdGVjbm9t
aWRpYS5jb20uYnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8txkPNL6gjEjSW4TumyO0w
zBGmxNtCqU9DFNWQD1TWIbXaYduxoxnYEwNXrehla2YDslXUiM45SWvlmjlWoVV9T7F07aOGGysP
aNLJW/y3CMq7Qrvsh+h30INqV8WWYXKHlmfLz4eNf8Di4xQvgm+7yxvkGHXXjxkWn6utBWtJAgMB
AAGjggMyMIIDLjCBrQYDVR0RBIGlMIGioDgGBWBMAQMEoC8ELTE5MDExOTY3MTEyMDk3Mzg4MDUw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+gGQYFYEwB
AwOgEAQOMDM1OTM5NjgwMDAxNjegFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgRljb250YXRvQHRl
Y25vbWlkaWEuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUhLBCMzSjQiWlKJc+g+t38OhP
wlQwDgYDVR0PAQH/BAQDAgXgMFUGA1UdIAROMEwwSgYGYEwBAgELMEAwPgYIKwYBBQUHAgEWMmh0
dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vZHBjMIIBJQYDVR0f
BIIBHDCCARgwXKBaoFiGVmh0dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3Np
dG9yaW8vbGNyL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBXhlVodHRw
Oi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDQ2VydGlzaWdu
TXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBXhlVodHRwOi8vcmVwb3NpdG9yaW8uaWNwYnJh
c2lsLmdvdi5ici9sY3IvQ2VydGlzaWduL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRlc3RDUkwu
Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCBoAYIKwYBBQUHAQEEgZMwgZAwKAYI
KwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmNlcnRpc2lnbi5jb20uYnIwZAYIKwYBBQUHMAKGWGh0dHA6
Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vY2VydGlmaWNhZG9zL0FD
X0NlcnRpc2lnbl9NdWx0aXBsYV9HMy5wN2MwDQYJKoZIhvcNAQEFBQADggEBAGI9MCc6WVmz919C
QLDB8E0R8HxfGyiz2uB14lPBDsueTJmJmlykQdnboMiyMGTocprEGsQxeI7a57BEUDVc0fSzNCCb
SOnQOp9Uswri8pTw8fQG9OAkh1LCC9haTsNNMKbTHCciO7MUh34XkHuj4A0NIWG1aCynwstRFWb8
97OZJJCc0IRvDs7yDJhgOwPmv3trFmwlfMU7n20pXtM9hKiI8o6h/0GwR6SyA1Yj4fZXfXxVENH4
EjhIHR8Yrmre2JE2I+hFjyQaNPnAEztQEa0Cae2l3O0Q0tkM1x8EkiKFrnDggpc7gSwtLCwrkQBu
jhie131VyDTuXLx9k082PLs=</X509Certificate></X509Data></KeyInfo></Signature><
/NFe>
<protNFe
versao="1.10"><infProt><tpAmb>1</tpAmb><verAplic>SP_NFE_PL_005e</verAplic><c
hNFe>35101003593968000167550030000101640000000003</chNFe><dhRecbto>2010-10-2
0T17:48:15</dhRecbto><nProt>135100546996360</nProt><digVal>vj4p6FtqkZen6fsHl
cyag8R2hF0=</digVal><cStat>100</cStat><xMotivo>Autorizado o uso da
NF-e</xMotivo></infProt></protNFe>
</nfeProc>
----------------------------------------------------------------------------
--------------------
Thanks a lot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120605/c40910cc/attachment-0001.html>
More information about the xmlsec
mailing list