Where did you get the base64 encoded public key from? If it's not in
the correct format, it won't get loaded properly by the library.
One possible thing to try would be to embed it into the appropriate
KeyInfo structure within the XML and then just use the checksig tool to
see how it verifies. IF that works, then it's an issue with your code
below (which actually looks OK on a quick skim). If not, then it might
be the key format.
Cheers,
Berin
Matthias Niggemeier wrote:
Thanks for the hints. With setcce, i cannot verify against the public key.
xmlsec works, but i cannot tell the lib which public key to use, since
i only have the exponent and modulus in base64, but xmlsec wants pem/der-files.
Any idea how to get them from the exponent/modulus pair?
Regards
Matthias
-----Original Message-----
From: Milan Tomic [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 10:48 AM
To: security-dev@xml.apache.org
Subject: RE: Verifying RSA
You can try to validate signature with those toolkits:
1. Download trial:
http://www.setcce.si/eng/index45c.php
2. Download XMLSec binaries:
http://www.aleksey.com/xmlsec/download.html
3. Download Apache XSEC java lib. There are samples how to validate
signed doc.
Best regards,
Milan
-----Original Message-----
From: Matthias Niggemeier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 10:36 AM
To: security-dev@xml.apache.org
Subject: RE: Verifying RSA
Milan,
thats a bit problematic since i have only "real" data for
testing, so i don't think that my customer would be amused if
i post the file here. Is there any program available which is
able to verify a dsig? I googled around and found none :-(
Should the code work? (as far as it is possible to say
without debugger)
Kind regards
Matthias
-----Original Message-----
From: Milan Tomic [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 9:31 AM
To: security-dev@xml.apache.org
Subject: RE: Verifying RSA
Could you post your XML file here for analisys?
Have you tried to verify signature with some other library
like Apache
XSEC Java library?
Best regards,
Milan
-----Original Message-----
From: Matthias Niggemeier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 9:19 AM
To: security-dev@xml.apache.org
Subject: Verifying RSA
Hi there,
I have a problem verifying a signed xml doc. My doc looks
like this:
... xml snipped ...
</Product>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
/> <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<Reference URI=""> <Transforms> <Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu
re" /> </Transforms> <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue>abcde</DigestValue> </Reference> </SignedInfo>
<SignatureValue>abcdefg</SignatureValue>
</Signature>
When I try to verify, I get an error
Reference URI="" failed to verify
What is wrong? The sender of the xml doc persists that the
signature is valid. My code to verify:
bool LoadValidateRSA(tstring sURI)
{
xercesc::DOMDocument *doc = NULL;
XSECProvider prov;
DSIGSignature* sig = NULL;
XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL;
WinCAPICryptoKeyRSA* pRSA = NULL;
WinCAPICryptoProvider WCProv;
builder =
GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa
tionLS::MODE_SYNCHRONOUS,0);
builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true);
doc = builder->parseURI(X(sURI));
pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA();
sig = prov.newSignatureFromDOM(doc);
char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped
char cExponent[] = "ABCD";
pRSA->loadPublicExponentBase64BigNums(cExponent,
(unsigned int) strlen(cExponent));
pRSA->loadPublicModulusBase64BigNums(cModulus,
(unsigned int) strlen(cModulus));
sig->load();
sig->setSigningKey(pRSA);
bVerifyOK = sig->verify();
}
I looked at the samples, but they didn't help me further
than this :-(
Regards
Matthias
