[xmlsec] Question about signature RSA-SHA1

Neko akitsukineko at gmail.com
Mon Jun 11 22:37:07 PDT 2012


Dear Aleksey

I computed the signature value with OpenSSL, while the result doesn't match
with xmlsec
I checked the message actually signed when xmlsec perform signature with
--store-signatures, it's no problem.

What I did with OpenSSL
RSA_sign(NID_sha1, digest of signinfo node, length of the digest, signature
value buff, length of signature, rsa key);
(and it can be verified with RSA_verify() too)

And I tried to trace the source code of xmlsec, I didn't find any
RSA_sign() used, but I found a lot of RSA_public_encrypt() instead.
I'm wondering if there's something I missed?

Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120612/14e381fd/attachment.html>


More information about the xmlsec mailing list