Re: Microsoft Office12 Postmark will not verify

Woh. You're right, I missed it! 1.3.0 gave the results I mentioned: Try to verify file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec_j/xml-security-1_3_0/src_samples/../../../xmlsec/2007-02-21/Word-plugin-signature.xml Could find a X509Data element in the KeyInfo Feb 28, 2007 10:17:19 AM org.apache

Re: Microsoft Office12 Postmark will not verify

EGG ON MY FACE! I feel like such a tool. Attached is the XML doc that verifies correctly. You guys had everything working as of 1.4.0 and I don't know how to update JARs. For shame on me. I'll still open a bug to have more information come back froma failed verify than true/false. XML signatu

Re: Microsoft Office12 Postmark will not verify

Jean-Luc Cooke wrote: Woh. You're right, I missed it! 1.3.0 gave the results I mentioned: Try to verify file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec_j/xml-security-1_3_0/src_samples/../../../xmlsec/2007-02-21/Word-plugin-signature.xml Could find a X509Data element in the KeyInfo Feb 28, 200

RE: Microsoft Office12 Postmark will not verify

> I'll still open a bug to have more information come back froma failed > verify than true/false. XML signatures are way too complex to only have > pass/fail. It's actually true both ways...you need more information even if it passes or you have no way to know what's been signed. I do not have a

DO NOT REPLY [Bug 41731] New: - More decription on signature verification

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: Microsoft Office12 Postmark will not verify

Scott Cantor wrote: I'll still open a bug to have more information come back froma failed verify than true/false. XML signatures are way too complex to only have pass/fail. It's actually true both ways...you need more information even if it passes or you have no way to know what's been signed.

Re: Microsoft Office12 Postmark will not verify

Any fail of a reference or the Signedinfo is a failure. In the real world it will means that somebody has tampered the signature to fix a tampered referenced. Or somebody has just tampered the referenced and has been lazy to update the signature. But in the developing world use to means wrong tran

RE: Microsoft Office12 Postmark will not verify

> > It's actually true both ways...you need more information even if it passes > > or you have no way to know what's been signed. I do not have a rational > > proposal to offer for that, however. > > > > You can also do this with JSR 105 - you can optionally specify whether > you want to be able t

Re: Microsoft Office12 Postmark will not verify

Scott Cantor wrote: It's actually true both ways...you need more information even if it passes or you have no way to know what's been signed. I do not have a rational proposal to offer for that, however. You can also do this with JSR 105 - you can optionally specify whether you want to be abl

RE: Microsoft Office12 Postmark will not verify

> >> You can also do this with JSR 105 - you can optionally specify whether > >> you want to be able to get the referenced data before it is transformed > >> and digested. I believe there is also a way to do that in the Apache > >> XMLSec APIs (don't have time to check right now). > > > > It has to

Re: Microsoft Office12 Postmark will not verify

Scott Cantor wrote: You can also do this with JSR 105 - you can optionally specify whether you want to be able to get the referenced data before it is transformed and digested. I believe there is also a way to do that in the Apache XMLSec APIs (don't have time to check right now). It has to be *