Re: [xmlsec] KeyValue by MsCrypto
So, I believe that openssl can not verify it because the KeyValue is empty... Thus, the question is: why mscrypto does not want to write public key info into the document?. Do you have any errors on the output? Can you try to use the following template (just key value node w/o any content), please? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] KeyValue by MsCrypto
> > > But still I can't sign ;o( > You need to define ID attribute if you want to use "#xyz" notation. Search xmlsec FAQ for detailed description. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Trouble by verification
Well, in this particular case, the key will not have certificate. You signature has a valid RSA public key that xmlsec uses for validation. And this key has not certificate attached to it! I guess, you want xmlsec not to use the key from the RSAKeyValue and instead lookup the key in the KeyManager (and find the key with certificate). Probably, the simples way to achieve this would be to disable (or to be precsise, not enable) the RSAKeyValue as the key data source. In the xmlsec command line tool, check the option "--enabled-key-data" or the enabledKeyData memeber of the xmlSecKeyInfoCtx structure (search xmlsec command line tool source file for an example!). Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] KeyValue by MsCrypto
I replace the URI how you told me.
But still I can't sign ;o(
D:\XMLSec\libxmlsec-1.2.8.win32\bin>xmlsec --sign --crypto openssl --output d:\x
mlsigner\out\crypto.xml d:\xmlsigner\in\new.xml
func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xmlXPt
rEval:error=5:libxml2 library function failed:expr=xpointer(id('eb:Invoice'))
func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:subj=xm
lSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:subj=
xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2371:obj=xpoint
er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1207:obj=unknown
:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xp
ointer
func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1267:obj=unknown:su
bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1568:obj=unkno
wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=unkno
wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed
:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=unknow
n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed
:
func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi
gCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature failed
Error: failed to sign file "d:\xmlsigner\in\new.xml"
-Original Message-
From: Alexandre Kalendarev [mailto:[EMAIL PROTECTED]
Sent: Freitag, 25. August 2006 12:07
To: Jürgen Heiss
Subject: Re: [xmlsec] KeyValue by MsCrypto
Hi JЭrgen,
I think, that the element have error reference URI.
You must have the URI="#eb:Invoice".
Alexandre
-Original Message-
From: JЭrgen Heiss <[EMAIL PROTECTED]>
To:
Date: Fri, 25 Aug 2006 11:28:46 +0200
Subject: [xmlsec] KeyValue by MsCrypto
> I sign my File by using an template.
> I till now works fine with mscrypto. But when I try to verify the files with
> openSSL.
> I got an Error. After debugging I found out that the problems are some
> missing tags.
>
>
>
>
>
>
>
>
> With this tags the verification in openssl work too.
>
> But still I have the problem that I don't know how to fill this tags!
>
> When I try to sign this with the command line tool (openssl) I got an error.
>
>
> D:\XMLSec\libxmlsec-1.2.8.win32\bin>xmlsec --sign --crypto openssl
> --output d:\x mlsigner\out\ssl.xml d:\xmlsigner\in\new.xml
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:sub
> j=xmlSecKe ysMngrFindKey:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:
> subj=unknown:error=45:key is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:
> obj=unknow n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj
> =xmlSecDSi gCtxSigantureProcessNode:error=1:xmlsec library function
> failed:
> Error: signature failed
> Error: failed to sign file "d:\xmlsigner\in\new.xml"
>
> When I sign with mscrypto it works but the tag(KeyValue) are empty.
>
>
>
>
> xmlns:eb="http://www.ebinterface.at/schema/2p0/";
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://www.ebinterface.at/schema/2p0/
> http://www.ebinterface.at/schema/2p0/Invoice.xsd"; eb:Cancellation="false"
> eb:GeneratingSystem="MESONIC WINLine 8.4 (Build 1112)">
> http://www.w3.org/2000/09/xmldsig#";>
>
>Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
>
>Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>
>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
>
>
>
>
> SomeBody
>
>
>
>
>
[xmlsec] KeyValue by MsCrypto
I sign my File by using an template. I till now works fine with mscrypto. But when I try to verify the files with openSSL. I got an Error. After debugging I found out that the problems are some missing tags. With this tags the verification in openssl work too. But still I have the problem that I don't know how to fill this tags! When I try to sign this with the command line tool (openssl) I got an error. D:\XMLSec\libxmlsec-1.2.8.win32\bin>xmlsec --sign --crypto openssl --output d:\x mlsigner\out\ssl.xml d:\xmlsigner\in\new.xml func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKe ysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown: subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi gCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "d:\xmlsigner\in\new.xml" When I sign with mscrypto it works but the tag(KeyValue) are empty. http://www.ebinterface.at/schema/2p0/"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd"; eb:Cancellation="false" eb:GeneratingSystem="MESONIC WINLine 8.4 (Build 1112)"> http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> http://www.w3.org/2000/09/xmldsig#sha1"/> SomeBody .. Thanks for any help. ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Trouble by verification
Is there a way to get the certificate using the commandline tool? -Original Message- From: Jürgen Heiss Sent: Freitag, 25. August 2006 08:48 To: 'Aleksey Sanin' Cc: xmlsec@aleksey.com Subject: RE: [xmlsec] Trouble by verification Hi Aleksey, Well with the commandline tool it works fine ;o) But can you tell me please how I can get the x509 Cert now? Before I use xmlSecKeyDataPtr tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos); PCCERT_CONTEXT x509 = xmlSecMSCryptoKeyDataX509GetCert(tmp,pos); But how I can use this if key->dataList == NULL? Is there an other way the get the x509 cert? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. August 2006 17:20 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification For simplest case, yes. But you might want to take a look at the help http://www.aleksey.com/xmlsec/xmlsec-man.html Aleksey Jürgen Heiss wrote: > How is the command for the command line tool? > > Xmlsec --verify filename > > > -Original Message- > From: Aleksey Sanin [mailto:[EMAIL PROTECTED] > Sent: Donnerstag, 24. August 2006 17:17 > To: Jürgen Heiss > Cc: xmlsec@aleksey.com > Subject: Re: [xmlsec] Trouble by verification > > > Note that at this point > > hindsight.signKey->dataList == NULL ! > > Well, it might be OK because your key has a name and a value only. There is > nothing to put in the dataList. > > Please, try to verify your signature with xmlsec command line tool! > > Aleksey > > > > > ___ > xmlsec mailing list > xmlsec@aleksey.com > http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
