Hi Scott Do you by any chance now how to use these tools? I just can't get anything to work.
My doing so far: 1. Creating an rsa key pair with openssl: openssl genrsa -out key.pem 2088 openssl rsa -in key.pem -pubout > key.pub 2. Add modulus and exponent: openssl rsa -modulus -pubin <key.pub openssl rsa -pubin -inform PEM -text -noout <key.pub 3. Signig my example: Templatesign -r key.pem pass123 test.lic > signed.lic 4. Check for changes: Digest and SignedValue differ! Exponent and modulus not - as expected 5. Check signature: checksig signed.lic || echo $? Signature failed verification Validation of <SignedInfo> failed [1]+ Exit 1 checksig signed.lic 1 So everything seems to work fine but I still can't verify the signature. If you have some working example lying around I would appreciate if you could send it to me. I Know the <Signature> structure has to be there already when signing and I get some errors about it if I leave it out, but I am actually not sure about it anyway. Sometimes I got this message: Message: DSIGSignature::verify() - no verification key loaded and cannot determine from KeyInfoResolver This is, when I don't add (or remove) the KeyInfo Tag. Freundliche Grüsse / Best Regards / Meilleures salutations Adrian Stern ______________ Adrian Stern Software Developer -----Original Message----- From: Cantor, Scott [mailto:[email protected]] Sent: 28 May 2013 16:21 To: [email protected] Subject: Re: headers to include for example code On 5/28/13 10:13 AM, "Adrian Stern" <[email protected]> wrote: >I've got the example to work. The ssl cert one that is. >Now I have to rewrite it so it's using the whole RSA stuff. This isn't an SSL-related project, so I don't know what that means. >So this project is not currently under development? Would it be wise to >move to another? It's maintained, and will be until such time as I have the opportunity to replace it or rewrite it for Shibboleth, at which time the only supported feaures will be the features needed for SAML signatures and encryption. I add new features and algorithms occasionally, on the basis of what my project needs. I have absolutely no investment in the code beyond my own project, but will fix bugs if they're reported. I don't know if that means it's under development or not. There are no other C++ XML signature and encryption libraries. There's one in C. As far as I know, there is nothing else of any significance out there unless you're Windows only. -- Scott Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet. This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
