[xmlsec] xmlsec sing with gost
Nikolay Shaplov
dhyan at nataraj.su
Fri Mar 21 12:10:56 PDT 2014
On Friday 21 March 2014 20:22:06 Nikolay Shaplov wrote:
> On Friday 21 March 2014 08:27:24 you wrote:
> > The template (tests/aleksey-xmldsig-01/x509data-test.tmpl) uses RSA
> > signatures. You need to modify it to use GOST instead.
>
> Oh! You are right! I've missed it. Thank you!
>
> Just for history, correct gost 2001 signing example is following:
>
>
> /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key tests/aleksey-
> xmldsig-01/enveloped-gost.tmpl
Eh... sorry, but now I have problems with verifying of
what I've signed:
$ /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key tests/aleksey-xmldsig-01/enveloped-gost.tmpl >my/enveloped-gost.xml
$ /usr/local/bin/xmlsec1 --verify --trusted-pem my/gost2001.pem my/enveloped-gost.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "my/enveloped-gost.xml"
If I check gost example from test, check goes well. May be I did something
wrong with key creation or something?
More information about the xmlsec
mailing list