[xmlsec] Signing Second time with DSA key

Timothy Legge timlegge at gmail.com
Tue Dec 8 17:38:01 PST 2020 

Hi

I have https://pastebin.com/v0PJwQri that I signed as follows:

xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID
"Assertion" t/unsigned/xml-sig-unsigned-dsa-multiple-1.xml >
t/unsigned/xml-sig-unsigned-dsa-multiple-2.xml

which resulted in

https://pastebin.com/8qhDhjU9  (t/unsigned/xml-sig-unsigned-dsa-multiple-2.xml)

I added the second signature section to make
t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml

https://pastebin.com/rmfuUtvB

The goal is to sign the saml:Response with ID="identifier_1" (which
has the first signature embedded in the saml:Assertion with
ID="identifier_2)

I have tried multiple options:

Most of which result in: the following that seems to be looking at
identifier_2 for some reason (it was already signed above)

xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID "Response"
t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml

xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID
samlp:Response --node-xpath "/samlp:Response[@ID='identifier_1']"
t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml


func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function failed:expr=xpointer(id('identifier_2')); xml error:
0: NULL
func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1408:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessReferences:file=xmldsig.c:line=752:obj=Reference:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=517:obj=unknown:subj=xmlSecDSigCtxProcessReferences:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=291:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec
library function failed:
Error: signature failed
Error: failed to sign file "t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml"

I am sure it is something obvious.  Any ideas?

Tim

More information about the xmlsec mailing list