[xmlsec] Duplicated X509Certificate

Marcos Bontempo marcosbontempo at hotmail.com
Sun Jan 3 13:38:08 PST 2016 

Thanks for the answer. I removed the --trusted-pem option, but the signed file stills with two x509Certifcate tags.

> Subject: Re: [xmlsec] Duplicated X509Certificate
> To: marcosbontempo at hotmail.com; xmlsec at aleksey.com
> From: aleksey at aleksey.com
> Date: Sun, 3 Jan 2016 13:19:42 -0800
> 
> Remove --trusted-pem ca.crt, you don't need it for signing
> 
> Aleksey
> 
> On 1/3/16 1:15 PM, Marcos Bontempo wrote:
> > Hello,
> > 
> > I'm signing a XML file with this command:
> > 
> > xmlsec1 --sign --output signed.xml --pkcs12 ia.p12 --pwd password
> > --trusted-pem ca.crt to-sign.xml
> > 
> > And here is my signature info:
> > 
> >    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> >       <SignedInfo>
> >          <Canonical tizationMethod
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >          <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> >          <Reference URI="">
> >             <Transforms>
> >                <Transform
> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> >                <Transform
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >             </Transforms>
> >             <DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >             <DigestValue></DigestValue>
> >          </Reference>
> >       </SignedInfo>
> >       <SignatureValue></SignatureValue>
> >       <KeyInfo>
> >          <X509Data></X509Data>
> >       </KeyInfo>
> >    </Signature>
> > 
> > It's working but I get two X509Certificate tags:
> > 
> >          <X509Data>
> > <X509Certificate>MIIEBzCCAu+gAwIBAgIJANN+QDNqjUZHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
> > VQQGEwJCUjEVMBMGA1UECAwMTWluYXMgR2VyYWlzMR4wHAYDVQQHDBVTYW50YSBS
> > aXRhIGRvIFNhcHVjYWkxGjAYBgNVBAoMEXd3dy5uaXRlcmUuY29tLmJyMQ8wDQYD
> > VQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0
> > ZXJlMB4XDTE2MDEwMzE5MzgwNloXDTE2MTIyNDE5MzgwNlowgZkxCzAJBgNVBAYT
> > AkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEg
> > ZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsM
> > Bk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUw
> > ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamYGpTT06/+UTNX4KqRw3
> > 2rhi2vzfCXadBu4sfPKX/UrkX8zzm/MLKblJdI0x7S2Cwe+uI/mj863Xwvu3A13B
> > MpuUmZ8JAxeSyB9N64I1Dq2eT2M0zNoNWC9siiVZsscaNOrZMb2aReyb3P/i5JQc
> > U0K/326dtVDA2rK2Loh5bXrMz2MDk0IXOaMprTDllOPtVma8uIutfJkmjt/6eE3P
> > Da/J4oRjB20HYyDdI78XbXFBH8YxTpg8xTpRyLuT6/hlBi00gSLU62t7vpgo9o02
> > bz2jrw8njP8prZjJ1oP+42YdHa4RQ+ecCjUYzQxhkODOBo7H2Ls8MTWNwOfab/UT
> > AgMBAAGjUDBOMB0GA1UdDgQWBBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAfBgNVHSME
> > GDAWgBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
> > DQEBCwUAA4IBAQAfAPQmG2ger41eMlM39mz0x6gSPITOYsi19WoSaXhT/3tLIS2l
> > Zo8GrYg8ENi7w20dJ0LkCRcDqPpNdM8rMpkoL8dsFGmx+33E7Wl9YrtHNK59BwyU
> > TpQJtPOe1mJGtauY4k4BhFUVK9TU6zXlaLzXzPOYEKeOkCR26NsV/o3qcu8vPs5/
> > Ghu3/I1TTyUAeAArMjg24gmoJogUo9bD188AI1fIegRRC549KIOjTIouJyrvTyvb
> > /oj6Ur8n4yBxW6sVTkFF5XFSGuC9iqZ4ZLb3vXXK0zQR9LsKx5GOxolQ8uT+QYqV
> > Xh7GnsnabeU2n47L93uW2VMpjDEp75JuAC1/</X509Certificate>
> > 
> > <X509Certificate>MIIDpDCCAowCAQEwDQYJKoZIhvcNAQELBQAwgZkxCzAJBgNVBAYTAkJSMRUwEwYD
> > VQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNh
> > aTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEP
> > MA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwHhcNMTYwMTAz
> > MTkzODM5WhcNMTYxMjI0MTkzODM5WjCBlTELMAkGA1UEBhMCQlIxFTATBgNVBAgM
> > DE1pbmFzIEdlcmFpczEeMBwGA1UEBwwVU2FudGEgUml0YSBkbyBTYXB1Y2FpMRYw
> > FAYDVQQKDA1uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMM
> > Bm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMIIBIjANBgkqhkiG9w0BAQEF
> > AAOCAQ8AMIIBCgKCAQEAw4AysesK3+UfLc9fRrGzxmZ/eGwgKS+DygkV+LNRl2eK
> > ZkvLi7rM/5jl2cCVS5gBHGoH2FX/Lv7BkcQMD/AHnk2bYA33S6cnrU5U3cYrAUTe
> > Vb0nf8joivlK1dCFBoLX/L1xByMyW3/ZGXOK7W2qBQyS50uk0PKDruU5pu2Uaf0v
> > 9EmKru3ReAIakj4HmTYlSl6ZdF2NZvReEvEx8VrAyoiyXApa6uXsaRkL+nYNqWhO
> > RNEhqMgSAK+vW4ywSNC3saW/Gwep9LXMpN1klRseJSkcCe0JsUspai9/OsVESPQx
> > CdH/o0xmoeysUtVNF3ujX8jD1HaOmsJLSrMnX6EA/wIDAQABMA0GCSqGSIb3DQEB
> > CwUAA4IBAQBG6PyNlC/YmEnfzmjXOKRubUIqaCkf4PO2YS23p+6kVUmKB0w+AbO/
> > mK3m6Aq/BABqcfDwtFY1kCOl1tcRtF3HD5Kwpoq8xveIwnRHyOeBjeSKgPVnRQmI
> > sXWjQ48jl8lFbs+LbEAumIGI4eIfIb0wzhyKRZSFjXjZijDi9LktzuHjNftHxGti
> > THc4dzXpSHKgBFWr6OjQvbCMa+jRIraSWk4fknGF9mCxez7BGAZnQmhfJAnMSYLw
> > KIRWd7JsYMjzt9x/hcQjcRsdyrRXUX29kfuL7ic2CyoitVTjzJSldajf/quxiymx
> > QDSNSCy+B65llKZnoNx5gpeV0Q/ZFzqe</X509Certificate>
> > </X509Data>
> > 
> > Does anybody know why it's happening? I'm expecting only one
> > X509Certificate tag.
> > 
> > Any tip will be very helpful,
> > Thanks.
> > 
> > 
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> > 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20160103/bd8d5073/attachment-0001.html>

More information about the xmlsec mailing list