[xmlsec] Verify Sign Issue

Mon Nov 24 10:23:17 PST 2014

Are you sure that the cacert.pem contains the certificate for nfcek.pem
key? It looks like you are signing with one key and verifying with another.

Aleksey

On 11/24/14 10:15 AM, Renato Fermi wrote:
> I've added 2 files (inuput) 0AU00209.xml and output.xml.
> 
> 
> 
> 
> 2014-11-24 16:05 GMT-02:00 Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>>:
> 
>     How does the input.xml looks like?
> 
>     Aleksey
> 
>     On 11/24/14 9:58 AM, Renato Fermi wrote:
>     > Hello Aleksey,
>     >
>     > I'm having troubles after sucessfully signing a XML, when
>     verifying it.
>     >
>     > What I've done:
>     >  - Signed XML with my cert key and cacert :
>     >  $ xmlsec1 --sign --id-attr:Id infNFe --privkey-pem
>     nfcek.pem,cacert.pem
>     > --output signed.xml input.xml
>     >  - Verified the signature:
>     > xmlsec1 --verify --id-attr:Id infNFe --privkey-pem
>     nfcek.pem,cacert.pem
>     > signed.xml
>     >
>     > And received the return:
>     >
>     func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=493:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
>     > do not match:signature do not match
>     > FAIL
>     > SignedInfo References (ok/all): 1/1
>     > Manifests References (ok/all): 0/0
>     > Error: failed to verify file "signed.xml"
>     >
>     > Am I doing anything wrong?
>     >
>     > Thanks in advance.
>     >
>     > Renato Fermi
>     >
>     >
>     > _______________________________________________
>     > xmlsec mailing list
>     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     >
> 
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 