[xmlsec] Duplicated X509Certificate

Marcos Bontempo marcosbontempo at hotmail.com
Mon Jan 4 04:39:29 PST 2016


Thanks for the answer. The file ia.p12 had 2 certs. I corrected it and now I have only one X509Certificate tag.

> Subject: Re: [xmlsec] Duplicated X509Certificate
> To: marcosbontempo at hotmail.com; xmlsec at aleksey.com
> From: aleksey at aleksey.com
> Date: Sun, 3 Jan 2016 14:38:51 -0800
> 
> Check the content of ia.p12  -- it might have multiple certs inside it
> 
> Aleksey
> 
> On 1/3/16 1:38 PM, Marcos Bontempo wrote:
> > Thanks for the answer. I removed the --trusted-pem option, but the
> > signed file stills with two x509Certifcate tags.
> > 
> >> Subject: Re: [xmlsec] Duplicated X509Certificate
> >> To: marcosbontempo at hotmail.com; xmlsec at aleksey.com
> >> From: aleksey at aleksey.com
> >> Date: Sun, 3 Jan 2016 13:19:42 -0800
> >>
> >> Remove --trusted-pem ca.crt, you don't need it for signing
> >>
> >> Aleksey
> >>
> >> On 1/3/16 1:15 PM, Marcos Bontempo wrote:
> >> > Hello,
> >> >
> >> > I'm signing a XML file with this command:
> >> >
> >> > xmlsec1 --sign --output signed.xml --pkcs12 ia.p12 --pwd password
> >> > --trusted-pem ca.crt to-sign.xml
> >> >
> >> > And here is my signature info:
> >> >
> >> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> >> > <SignedInfo>
> >> > <Canonical tizationMethod
> >> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >> > <SignatureMethod
> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> >> > <Reference URI="">
> >> > <Transforms>
> >> > <Transform
> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> >> > <Transform
> >> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >> > </Transforms>
> >> > <DigestMethod
> >> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >> > <DigestValue></DigestValue>
> >> > </Reference>
> >> > </SignedInfo>
> >> > <SignatureValue></SignatureValue>
> >> > <KeyInfo>
> >> > <X509Data></X509Data>
> >> > </KeyInfo>
> >> > </Signature>
> >> >
> >> > It's working but I get two X509Certificate tags:
> >> >
> >> > <X509Data>
> >> >
> > <X509Certificate>MIIEBzCCAu+gAwIBAgIJANN+QDNqjUZHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
> >> > VQQGEwJCUjEVMBMGA1UECAwMTWluYXMgR2VyYWlzMR4wHAYDVQQHDBVTYW50YSBS
> >> > aXRhIGRvIFNhcHVjYWkxGjAYBgNVBAoMEXd3dy5uaXRlcmUuY29tLmJyMQ8wDQYD
> >> > VQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0
> >> > ZXJlMB4XDTE2MDEwMzE5MzgwNloXDTE2MTIyNDE5MzgwNlowgZkxCzAJBgNVBAYT
> >> > AkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEg
> >> > ZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsM
> >> > Bk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUw
> >> > ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamYGpTT06/+UTNX4KqRw3
> >> > 2rhi2vzfCXadBu4sfPKX/UrkX8zzm/MLKblJdI0x7S2Cwe+uI/mj863Xwvu3A13B
> >> > MpuUmZ8JAxeSyB9N64I1Dq2eT2M0zNoNWC9siiVZsscaNOrZMb2aReyb3P/i5JQc
> >> > U0K/326dtVDA2rK2Loh5bXrMz2MDk0IXOaMprTDllOPtVma8uIutfJkmjt/6eE3P
> >> > Da/J4oRjB20HYyDdI78XbXFBH8YxTpg8xTpRyLuT6/hlBi00gSLU62t7vpgo9o02
> >> > bz2jrw8njP8prZjJ1oP+42YdHa4RQ+ecCjUYzQxhkODOBo7H2Ls8MTWNwOfab/UT
> >> > AgMBAAGjUDBOMB0GA1UdDgQWBBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAfBgNVHSME
> >> > GDAWgBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
> >> > DQEBCwUAA4IBAQAfAPQmG2ger41eMlM39mz0x6gSPITOYsi19WoSaXhT/3tLIS2l
> >> > Zo8GrYg8ENi7w20dJ0LkCRcDqPpNdM8rMpkoL8dsFGmx+33E7Wl9YrtHNK59BwyU
> >> > TpQJtPOe1mJGtauY4k4BhFUVK9TU6zXlaLzXzPOYEKeOkCR26NsV/o3qcu8vPs5/
> >> > Ghu3/I1TTyUAeAArMjg24gmoJogUo9bD188AI1fIegRRC549KIOjTIouJyrvTyvb
> >> > /oj6Ur8n4yBxW6sVTkFF5XFSGuC9iqZ4ZLb3vXXK0zQR9LsKx5GOxolQ8uT+QYqV
> >> > Xh7GnsnabeU2n47L93uW2VMpjDEp75JuAC1/</X509Certificate>
> >> >
> >> >
> > <X509Certificate>MIIDpDCCAowCAQEwDQYJKoZIhvcNAQELBQAwgZkxCzAJBgNVBAYTAkJSMRUwEwYD
> >> > VQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNh
> >> > aTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEP
> >> > MA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwHhcNMTYwMTAz
> >> > MTkzODM5WhcNMTYxMjI0MTkzODM5WjCBlTELMAkGA1UEBhMCQlIxFTATBgNVBAgM
> >> > DE1pbmFzIEdlcmFpczEeMBwGA1UEBwwVU2FudGEgUml0YSBkbyBTYXB1Y2FpMRYw
> >> > FAYDVQQKDA1uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMM
> >> > Bm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMIIBIjANBgkqhkiG9w0BAQEF
> >> > AAOCAQ8AMIIBCgKCAQEAw4AysesK3+UfLc9fRrGzxmZ/eGwgKS+DygkV+LNRl2eK
> >> > ZkvLi7rM/5jl2cCVS5gBHGoH2FX/Lv7BkcQMD/AHnk2bYA33S6cnrU5U3cYrAUTe
> >> > Vb0nf8joivlK1dCFBoLX/L1xByMyW3/ZGXOK7W2qBQyS50uk0PKDruU5pu2Uaf0v
> >> > 9EmKru3ReAIakj4HmTYlSl6ZdF2NZvReEvEx8VrAyoiyXApa6uXsaRkL+nYNqWhO
> >> > RNEhqMgSAK+vW4ywSNC3saW/Gwep9LXMpN1klRseJSkcCe0JsUspai9/OsVESPQx
> >> > CdH/o0xmoeysUtVNF3ujX8jD1HaOmsJLSrMnX6EA/wIDAQABMA0GCSqGSIb3DQEB
> >> > CwUAA4IBAQBG6PyNlC/YmEnfzmjXOKRubUIqaCkf4PO2YS23p+6kVUmKB0w+AbO/
> >> > mK3m6Aq/BABqcfDwtFY1kCOl1tcRtF3HD5Kwpoq8xveIwnRHyOeBjeSKgPVnRQmI
> >> > sXWjQ48jl8lFbs+LbEAumIGI4eIfIb0wzhyKRZSFjXjZijDi9LktzuHjNftHxGti
> >> > THc4dzXpSHKgBFWr6OjQvbCMa+jRIraSWk4fknGF9mCxez7BGAZnQmhfJAnMSYLw
> >> > KIRWd7JsYMjzt9x/hcQjcRsdyrRXUX29kfuL7ic2CyoitVTjzJSldajf/quxiymx
> >> > QDSNSCy+B65llKZnoNx5gpeV0Q/ZFzqe</X509Certificate>
> >> > </X509Data>
> >> >
> >> > Does anybody know why it's happening? I'm expecting only one
> >> > X509Certificate tag.
> >> >
> >> > Any tip will be very helpful,
> >> > Thanks.
> >> >
> >> >
> >> > _______________________________________________
> >> > xmlsec mailing list
> >> > xmlsec at aleksey.com
> >> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >> >
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20160104/25ae6371/attachment.html>


More information about the xmlsec mailing list