Milan, thanks for your hints. My code is ok, the signature is broken (they first sign then prettyprint :-) ) I used xmlsec command line to verify the file.
Greetings Matthias PS (realizing your mailadress :-): Is it possible to tell the setcce-tool which public key to use? > -----Original Message----- > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 17, 2005 11:07 AM > To: security-dev@xml.apache.org > Subject: RE: Verifying RSA > > Thanks for the hints. With setcce, i cannot verify against > the public key. > xmlsec works, but i cannot tell the lib which public key to use, since > i only have the exponent and modulus in base64, but xmlsec > wants pem/der-files. > Any idea how to get them from the exponent/modulus pair? > > Regards > > Matthias > > > -----Original Message----- > > From: Milan Tomic [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 17, 2005 10:48 AM > > To: security-dev@xml.apache.org > > Subject: RE: Verifying RSA > > > > > > You can try to validate signature with those toolkits: > > > > 1. Download trial: > > > > http://www.setcce.si/eng/index45c.php > > > > 2. Download XMLSec binaries: > > > > http://www.aleksey.com/xmlsec/download.html > > > > 3. Download Apache XSEC java lib. There are samples how to validate > > signed doc. > > > > Best regards, > > Milan > > > > > > > -----Original Message----- > > > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, August 17, 2005 10:36 AM > > > To: security-dev@xml.apache.org > > > Subject: RE: Verifying RSA > > > > > > > > > Milan, > > > thats a bit problematic since i have only "real" data for > > > testing, so i don't think that my customer would be amused if > > > i post the file here. Is there any program available which is > > > able to verify a dsig? I googled around and found none :-( > > > > > > Should the code work? (as far as it is possible to say > > > without debugger) > > > > > > Kind regards > > > > > > Matthias > > > > > > > -----Original Message----- > > > > From: Milan Tomic [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, August 17, 2005 9:31 AM > > > > To: security-dev@xml.apache.org > > > > Subject: RE: Verifying RSA > > > > > > > > > > > > Could you post your XML file here for analisys? > > > > > > > > Have you tried to verify signature with some other library > > > like Apache > > > > XSEC Java library? > > > > > > > > Best regards, > > > > Milan > > > > > > > > > > > > > -----Original Message----- > > > > > From: Matthias Niggemeier [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, August 17, 2005 9:19 AM > > > > > To: security-dev@xml.apache.org > > > > > Subject: Verifying RSA > > > > > > > > > > > > > > > Hi there, > > > > > I have a problem verifying a signed xml doc. My doc looks > > > like this: > > > > > > > > > > ... xml snipped ... > > > > > </Product> > > > > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > > > > <SignedInfo> > > > > > <CanonicalizationMethod > > > > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > > > > > /> <SignatureMethod > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > > > > <Reference URI=""> <Transforms> <Transform > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu > > > > > re" /> </Transforms> <DigestMethod > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > > > > <DigestValue>abcde</DigestValue> </Reference> </SignedInfo> > > > > > <SignatureValue>abcdefg</SignatureValue> > > > > > </Signature> > > > > > > > > > > When I try to verify, I get an error > > > > > > > > > > Reference URI="" failed to verify > > > > > > > > > > What is wrong? The sender of the xml doc persists that the > > > > > signature is valid. My code to verify: > > > > > > > > > > bool LoadValidateRSA(tstring sURI) > > > > > { > > > > > xercesc::DOMDocument *doc = NULL; > > > > > XSECProvider prov; > > > > > DSIGSignature* sig = NULL; > > > > > XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL; > > > > > WinCAPICryptoKeyRSA* pRSA = NULL; > > > > > WinCAPICryptoProvider WCProv; > > > > > > > > > > builder = > > > > > GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa > > > > > tionLS::MODE_SYNCHRONOUS,0); > > > > > > > builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true); > > > > > doc = builder->parseURI(X(sURI)); > > > > > > > > > > pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA(); > > > > > sig = prov.newSignatureFromDOM(doc); > > > > > char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped > > > > > char cExponent[] = "ABCD"; > > > > > > > > > > pRSA->loadPublicExponentBase64BigNums(cExponent, > > > > > (unsigned int) strlen(cExponent)); > > > > > pRSA->loadPublicModulusBase64BigNums(cModulus, > > > > > (unsigned int) strlen(cModulus)); > > > > > > > > > > sig->load(); > > > > > sig->setSigningKey(pRSA); > > > > > bVerifyOK = sig->verify(); > > > > > } > > > > > > > > > > I looked at the samples, but they didn't help me further > > > > than this :-( > > > > > > > > > > Regards > > > > > > > > > > Matthias > > > > > > > > > > > > > > >
