You can try to validate signature with those toolkits: 1. Download trial:
http://www.setcce.si/eng/index45c.php 2. Download XMLSec binaries: http://www.aleksey.com/xmlsec/download.html 3. Download Apache XSEC java lib. There are samples how to validate signed doc. Best regards, Milan > -----Original Message----- > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 17, 2005 10:36 AM > To: security-dev@xml.apache.org > Subject: RE: Verifying RSA > > > Milan, > thats a bit problematic since i have only "real" data for > testing, so i don't think that my customer would be amused if > i post the file here. Is there any program available which is > able to verify a dsig? I googled around and found none :-( > > Should the code work? (as far as it is possible to say > without debugger) > > Kind regards > > Matthias > > > -----Original Message----- > > From: Milan Tomic [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 17, 2005 9:31 AM > > To: security-dev@xml.apache.org > > Subject: RE: Verifying RSA > > > > > > Could you post your XML file here for analisys? > > > > Have you tried to verify signature with some other library > like Apache > > XSEC Java library? > > > > Best regards, > > Milan > > > > > > > -----Original Message----- > > > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, August 17, 2005 9:19 AM > > > To: security-dev@xml.apache.org > > > Subject: Verifying RSA > > > > > > > > > Hi there, > > > I have a problem verifying a signed xml doc. My doc looks > like this: > > > > > > ... xml snipped ... > > > </Product> > > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > > <SignedInfo> > > > <CanonicalizationMethod > > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > > > /> <SignatureMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > > <Reference URI=""> <Transforms> <Transform > > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu > > > re" /> </Transforms> <DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > > <DigestValue>abcde</DigestValue> </Reference> </SignedInfo> > > > <SignatureValue>abcdefg</SignatureValue> > > > </Signature> > > > > > > When I try to verify, I get an error > > > > > > Reference URI="" failed to verify > > > > > > What is wrong? The sender of the xml doc persists that the > > > signature is valid. My code to verify: > > > > > > bool LoadValidateRSA(tstring sURI) > > > { > > > xercesc::DOMDocument *doc = NULL; > > > XSECProvider prov; > > > DSIGSignature* sig = NULL; > > > XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL; > > > WinCAPICryptoKeyRSA* pRSA = NULL; > > > WinCAPICryptoProvider WCProv; > > > > > > builder = > > > GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa > > > tionLS::MODE_SYNCHRONOUS,0); > > > builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true); > > > doc = builder->parseURI(X(sURI)); > > > > > > pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA(); > > > sig = prov.newSignatureFromDOM(doc); > > > char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped > > > char cExponent[] = "ABCD"; > > > > > > pRSA->loadPublicExponentBase64BigNums(cExponent, > > > (unsigned int) strlen(cExponent)); > > > pRSA->loadPublicModulusBase64BigNums(cModulus, > > > (unsigned int) strlen(cModulus)); > > > > > > sig->load(); > > > sig->setSigningKey(pRSA); > > > bVerifyOK = sig->verify(); > > > } > > > > > > I looked at the samples, but they didn't help me further > > than this :-( > > > > > > Regards > > > > > > Matthias > > > > > >
