[xmlsec] Verifying detached signatures with exclusive c14n
Nimish Telang
nimish at telang.net
Thu Aug 8 09:17:58 PDT 2019
Hi,
Consider the following XML doc: https://gist.github.com/nimish/b00fb8a75a8b4c424553783c7adb7656
I’m trying to verify the wsu:Timestamp element using the sibling detached signature.
xmlsec1 --verify --id-attr:ID "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd:Timestamp" --print-debug --store-references ./timestamp-wrapped.xml
will fail signature verification. Output: https://gist.github.com/nimish/868029115e41fee5fe56b0b5b40872f4
I don’t see a “=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)” under the “REFERENCE VERIFICATION CONTEXT” as I’d expect, which is likely what’s causing the verification to fail. The only defined c14n algo is xml-exc-c14n.
The python package signxml, which was used to generate this signature, can verify this just fine. I am not sure if this is signxml behaving badly, or xmlsec1.
Any idea what I’m doing wrong?
Nimish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190808/c4584aa0/attachment.html>
More information about the xmlsec
mailing list