[xmlsec] Signing and validating fails

Peter p.weijenburg at beslistmail.nl
Tue Mar 4 23:42:57 PST 2014


Hi, I have a piece of XML I would like to sign.

 

The commands I use are:

xmlsec1 sign --privkey-pem key.pem --output signedfile.xml test.xml

xmlsec1 --verify signedfile.xml

 

The XML template (test.xml) to be signed is:

 

<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="Signature001">

<dsig:SignedInfo>

  <dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:Canonical
izationMethod>

  <dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMetho
d>

  <dsig:Reference URI="#KeyInfo001">

   <dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>

   <dsig:DigestValue></dsig:DigestValue>

  </dsig:Reference>

  <dsig:Reference URI="#Resource1">

   <dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>

   <dsig:DigestValue></dsig:DigestValue>

  </dsig:Reference>

</dsig:SignedInfo>

<dsig:SignatureValue></dsig:SignatureValue>

<dsig:KeyInfo Id="KeyInfo001">

  <dsig:KeyValue></dsig:KeyValue>

</dsig:KeyInfo>

<dsig:Object Id="Resource1">hello world</dsig:Object>

</dsig:Signature>

 

 

The verification outputs:

func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unkn
own:error=12:invalid data:data and digest do not match

FAIL

SignedInfo References (ok/all): 0/1

Manifests References (ok/all): 0/0

Error: failed to verify file "signedfile.xml"

 

I don't understand what I'm doing wrong. It's something with the C14N I
suppose, but what to do about it? Can anyone give me a hint?

 

Thanks, Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140305/e3d0db33/attachment.html>


More information about the xmlsec mailing list