[xmlsec] Signing and validating fails
Peter
p.weijenburg at beslistmail.nl
Tue Mar 4 23:42:57 PST 2014
Hi, I have a piece of XML I would like to sign.
The commands I use are:
xmlsec1 sign --privkey-pem key.pem --output signedfile.xml test.xml
xmlsec1 --verify signedfile.xml
The XML template (test.xml) to be signed is:
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="Signature001">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:Canonical
izationMethod>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMetho
d>
<dsig:Reference URI="#KeyInfo001">
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#Resource1">
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue></dsig:SignatureValue>
<dsig:KeyInfo Id="KeyInfo001">
<dsig:KeyValue></dsig:KeyValue>
</dsig:KeyInfo>
<dsig:Object Id="Resource1">hello world</dsig:Object>
</dsig:Signature>
The verification outputs:
func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unkn
own:error=12:invalid data:data and digest do not match
FAIL
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "signedfile.xml"
I don't understand what I'm doing wrong. It's something with the C14N I
suppose, but what to do about it? Can anyone give me a hint?
Thanks, Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140305/e3d0db33/attachment.html>
More information about the xmlsec
mailing list