Milan, thats a bit problematic since i have only "real" data for testing, so i don't think that my customer would be amused if i post the file here. Is there any program available which is able to verify a dsig? I googled around and found none :-(
Should the code work? (as far as it is possible to say without debugger) Kind regards Matthias > -----Original Message----- > From: Milan Tomic [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 17, 2005 9:31 AM > To: security-dev@xml.apache.org > Subject: RE: Verifying RSA > > > Could you post your XML file here for analisys? > > Have you tried to verify signature with some other library like Apache > XSEC Java library? > > Best regards, > Milan > > > > -----Original Message----- > > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 17, 2005 9:19 AM > > To: security-dev@xml.apache.org > > Subject: Verifying RSA > > > > > > Hi there, > > I have a problem verifying a signed xml doc. My doc looks like this: > > > > ... xml snipped ... > > </Product> > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <SignedInfo> > > <CanonicalizationMethod > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > > /> <SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > <Reference URI=""> <Transforms> <Transform > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu > > re" /> </Transforms> <DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <DigestValue>abcde</DigestValue> </Reference> </SignedInfo> > > <SignatureValue>abcdefg</SignatureValue> > > </Signature> > > > > When I try to verify, I get an error > > > > Reference URI="" failed to verify > > > > What is wrong? The sender of the xml doc persists that the > > signature is valid. My code to verify: > > > > bool LoadValidateRSA(tstring sURI) > > { > > xercesc::DOMDocument *doc = NULL; > > XSECProvider prov; > > DSIGSignature* sig = NULL; > > XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL; > > WinCAPICryptoKeyRSA* pRSA = NULL; > > WinCAPICryptoProvider WCProv; > > > > builder = > > GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa > > tionLS::MODE_SYNCHRONOUS,0); > > builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true); > > doc = builder->parseURI(X(sURI)); > > > > pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA(); > > sig = prov.newSignatureFromDOM(doc); > > char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped > > char cExponent[] = "ABCD"; > > > > pRSA->loadPublicExponentBase64BigNums(cExponent, > > (unsigned int) strlen(cExponent)); > > pRSA->loadPublicModulusBase64BigNums(cModulus, > > (unsigned int) strlen(cModulus)); > > > > sig->load(); > > sig->setSigningKey(pRSA); > > bVerifyOK = sig->verify(); > > } > > > > I looked at the samples, but they didn't help me further > than this :-( > > > > Regards > > > > Matthias > > >
