[xmlsec] Re: verifying with key in XML

Thu, 08 May 2008 12:41:32 -0700

Nevermind, I got it working this way (note that "node" is the Signature node) 

    dsigCtx = xmlSecDSigCtxCreate(NULL);
    if (dsigCtx == NULL) {
        rb_raise(rb_eXMLError, "Failed to create Signature Context");
    }

    keyNode = xmlSecFindNode(node, xmlSecNodeKeyInfo, xmlSecDSigNs);
    dsigCtx->signKey = xmlSecKeyCreate();
if ((xmlSecKeyInfoNodeRead(keyNode, dsigCtx->signKey, &dsigCtx- >keyInfoReadCtx)) < 0) { 
        xmlSecKeyDestroy(dsigCtx->signKey);
        xmlSecDSigCtxDestroy(dsigCtx);
        rb_raise(rb_eXMLError, "Could not read KeyInfo");
    }

    if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
        xmlSecKeyDestroy(dsigCtx->signKey);
        xmlSecDSigCtxDestroy(dsigCtx);
        rb_raise(rb_eXMLError, "Failed to verify signature");
    }

It's working just fine now :-D

On May 8, 2008, at 1:57 PM, Rolando Abarca wrote:


I read the thread here:

http://www.mail-archive.com/xmlsec@aleksey.com/msg03219.html
but still can't verify my signature with the supplied KeyInfo. This is what I've been doing so far: 

   dsigCtx = xmlSecDSigCtxCreate(NULL);
   if (dsigCtx == NULL) {
       rb_raise(rb_eXMLError, "Failed to create Signature Context");
   }
if ((xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), (xmlSecPtr) xmlSecKeyDataX509Id) < 0) || (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), (xmlSecPtr) xmlSecKeyDataRsaId) < 0)){ 
       xmlSecDSigCtxDestroy(dsigCtx);
       rb_raise(rb_eXMLError, "Failed to limit key info");
   }

   if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
       xmlSecDSigCtxDestroy(dsigCtx);
       rb_raise(rb_eXMLError, "Failed to verify signature");
   }

but I still can't make it verify with the supplied key:
func = xmlSecDSigCtxProcessKeyInfoNode:file =xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func = xmlSecDSigCtxProcessSignatureNode:file = xmldsig .c:line =565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func = xmlSecDSigCtxVerify:file = xmldsig .c:line = 366 :obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
can you please tell me what do I need to do in order to verify a xml file with the RSA pub key inside the xml? like this: 

<foo>
<data>...</data>
<Signature>
...
<KeyInfo>
<KeyValue>
...
</KeyValue>
<X509Data>
...
</X509Data>
</KeyInfo>
</Signature>
</foo>
the xml was built with libxml and signed with xmlsec (using a dinamically created template). 

--
Rolando Abarca M.




_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to