requires the public
certificate to validate against.
Tim
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Sat, Jul 2, 2022 at 8:23 PM Yoann Gini wrote:
>
> Hello,
>
> I'm currently evaluating available library to handle SAML signature (IDP
> side, having to sign, others will
I think I figured it out. The encryption does not appear to be using
the additional authentication data that GCM provides.
Tim
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Wed, Mar 30, 2022 at 8:32 AM Timothy Legge wrote:
>
> Hi
>
> I have confirmed that all my values ar
.
CIPHERTEXT . TAG there appears to be nowhere to pass the
authentication data. Am I missing something?
Tim
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Tue, Mar 29, 2022 at 10:27 PM Timothy Legge wrote:
>
> Hi
>
> I little more information
> https://github.com/lsh
Hi
I little more information
https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L166
definitely unencrypted the data
If I addprintf("%s\n", outBuf); before the return at the end of
the function it prints the unencrypted XML
Tim
Tim
oftware is
> using these days.
>
> Aleksey
>
> On 3/29/22 8:10 PM, Aleksey Sanin wrote:
> > I would check what kind of padding is used by the encryption software.
> > That's one of the most common reasons for EVP_CipherFinal failure like
> > that.
> >
&g
p.xml"
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Tue, Mar 29, 2022 at 6:57 PM Aleksey Sanin wrote:
>
> Yes, basically you need to tell XML parser about ID attributes.
> As I said, section 3.2 in FAQ:
>
> https://www.aleksey.com/xmlsec/faq.html
>
> Aleksey
>
&
Hi
I am missing the reference I think. Is it related to the --id-attr?
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Tue, Mar 29, 2022 at 6:36 PM Aleksey Sanin wrote:
>
> FAQ section 3.2 if I recall (or somewhere close by).
>
> Aleksey
>
> On 3/29/22 5:34 PM, T
=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
library function failed:
Error: failed to decrypt file
Error: failed to decrypt file "test.xml"
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Tue, Mar 29, 2022 at 1:25 PM Timothy Legge wrote:
>
> perfect. I do get errors but m
/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80
>
> so adding printfs in these functions would help.
>
> Do you get any errors?
>
> Aleksey
>
> On 3/29/22 11:51 AM, Timothy Legge wrote:
> > Hi
> >
> > I am working on adding support for aes*-gcm to perl's XML::En
a while since I wrote much
C but I have no issues. Finding the correct spot though...
Tim
Timothy Legge
timle...@gmail.com
timle...@cpan.org
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
Thanks, now I am trying to figure out GCM support...
Timothy Legge
timle...@gmail.com
timle...@cpan.org
On Mon, Mar 28, 2022 at 9:44 AM Aleksey Sanin wrote:
>
> Glad you figured it out!
>
> Best,
>
> Aleksey
>
> On 3/26/22 4:26 PM, Timothy Legge wrote:
> > Hi
>
Legge
timle...@gmail.com
timle...@cpan.org
On Sat, Mar 26, 2022 at 11:49 AM Timothy Legge wrote:
>
> Hi Aleksey
>
> I just wrote a perl module to encrypt and decrypt XML. As part of the
> test scripts I am using xmlsec to encrypt XML to verify that the
> XML::Enc module ca
/xmlenc#Element as the EncryptedData Type I
treat it as if it was Content if it is not valide XML. In this case
it is simply the credit card number.
I will take a look at the examples in case I am doing something
incorrect in my xmlsec commands.
Tim
Timothy Legge
timle...@gmail.com
timle
a-1_5"/>
http://www.w3.org/2000/09/xmldsig#;>
==
Timothy Legge
timle...@gmail.com
timle...@cpan.org
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
On Fri, Mar 5, 2021 at 12:26 PM Aleksey Sanin wrote:
>
> In general, I wouldn't recommend KeyValue for anything but examples
> for a number of security concerns.
>
> You should consider using KeyName or X509Data instead.
Thanks. That should be easy enough. As I mentioned in another email
I
Hi
> On Thu, Mar 04, 2021 at 11:40:51PM -0400, Timothy Legge
> wrote:
> >
> >
>
> Is there any reason why you specify KeyValue directly? If you wrap your
> key into an x509 cert and use , that should work, see e.g.
> tests
Hi
I have been working on adding ECDSA signature support to perl XML::Sig
and I have been able to able to get the following XML::Sig signed XML
to verify with:
xmlsec1 --verify --pubkey-pem t/ecdsa.public.pem --id-attr:ID "foo" ec.xml
Can xmlsec1 verify an ecdsa signed file without specifying
gt;
> On 1/4/21 9:07 AM, Timothy Legge wrote:
> > Hi
> >
> > This is somewhat off topic as it is related to my maintenance of the
> > Perl XML::Sig module.
> >
> > DSA signatures are a base64 encoded concatenation of the r and s octet
> > streams.
Hi
This is somewhat off topic as it is related to my maintenance of the
Perl XML::Sig module.
DSA signatures are a base64 encoded concatenation of the r and s octet
streams. I can sign and verify DSA signatures with XML::Sig or xmlsec
but occasionally the DSA signature validation fails (for
age: Ping Identity]
> <https://www.pingidentity.com/>
> Andy King
> Technical Product Manager
>
>
> On Wed, Dec 9, 2020 at 11:24 AM Timothy Legge wrote:
>
>> ... I should have noticed that I am dealing with Perl's XML::libXML
>> where I can register the names
uri
>
> Aleksey
>
> On 12/8/20 5:38 PM, Timothy Legge wrote:
> > Hi
> >
> > I have https://pastebin.com/v0PJwQri that I signed as follows:
> >
> > xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID
> > "Assertion" t/unsigned/xml-sig-unsigne
Hi
I have https://pastebin.com/v0PJwQri that I signed as follows:
xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID
"Assertion" t/unsigned/xml-sig-unsigned-dsa-multiple-1.xml >
t/unsigned/xml-sig-unsigned-dsa-multiple-2.xml
which resulted in
https://pastebin.com/8qhDhjU9
Nevermind, I think I have it
On Tue, Dec 8, 2020 at 11:33 AM Timothy Legge wrote:
>
> Hi
>
> I tried again and the signing with a DSA key does not seem to put the
> DSAKeyValue in the signed XML. The digest and signature is added
> though.
Hi
I tried again and the signing with a DSA key does not seem to put the
DSAKeyValue in the signed XML. The digest and signature is added
though. Any ideas?
Tim
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
Got it, thanks!
On Mon, Dec 7, 2020 at 2:09 PM Aleksey Sanin wrote:
>
> "--id-attr" just defines an ID attribute (like DTD or schema).
>
> Aleksey
>
> On 12/7/20 10:02 AM, Timothy Legge wrote:
> > Hi
> >
> > Some background. I have been
, --node-xpath,
> or --node-name params:
>
> https://www.aleksey.com/xmlsec/xmlsec-man.html
>
> Aleksey
>
> On 12/7/20 9:27 AM, Timothy Legge wrote:
> > Ah, it will not sign both nodes with an ID?
> >
> > On Mon, Dec 7, 2020 at 1:26 PM Aleksey Sanin wrote:
> >>
Ah, it will not sign both nodes with an ID?
On Mon, Dec 7, 2020 at 1:26 PM Aleksey Sanin wrote:
>
> I see two signatures in the document. By default xmlsec1 tool will sign
> the first signature it finds.
>
> Best,
>
> Aleksey
>
> On 12/5/20 7:22 PM, Timothy Legge
Hi
I am attempting to sign https://pastebin.com/36Nvqdpp with a dsa key:
xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID "Response"
--id-attr:ID "Assertion" t/xml-sig-unsigned-dsa-multiple.xml
It does not show any error messages however it does not sign the
output. Any ideas what I
elf if something goes wrong.
>
> Aleksey
>
> On 11/30/20 8:46 AM, Timothy Legge wrote:
> > Hi Aleksey
> >
> > That does make sense to me. I don't have full information about the
> > original XML file so I can't say if it was a problem with what was
> > provid
;
> Best,
>
> Aleksey
>
> On 11/25/20 7:31 PM, Timothy Legge wrote:
> > Hi
> >
> > I recently had a file that had three signatures but one of the
> > References in the file did not point to anything in the XML file.
> >
> > https://pastebin
Hi
I recently had a file that had three signatures but one of the
References in the file did not point to anything in the XML file.
https://pastebin.com/raw/8TWV0AZW
What does one do with that? In my case I used the reference to look
for a matching node with the ID set to the value of the
31 matches
Mail list logo