Hi Aleksey, Thanks for your help, I modify xml.txt for the right signature algorithm. Now, the following signing works.
xmlsec sign --privkey:signed ./signing.key xml.txt >xml.signed I wonder if it is possible to use the certificate to verify the signed document. So far, I can use the folllowing format to verify the signed document. xmlsec verify --print-signature .cert xml.signed If I use the format: xmlsec verify --pubkey:signed ./signing.cert xml.signed or xmlsec verify --print-signature --pubkey:signed ./signing.cert xml.signed It will complain about the wrong format. Thanks, Wayne --- Aleksey Sanin <[EMAIL PROTECTED]> wrote: > Forgot to say that algorithm and all other signature parameters used by > xmlsec > utility are in the templates file. Please read XML Digital Signature > spec for details. > > Aleksey > > Aleksey Sanin wrote: > > > I am not sure I clear understand what does the "generation algorithm > > RSA-SHA1" mean > > but assuming that server.key has a private RSA key then you should > > check that xml.txt > > template uses RSA-SHA1 signature algorithm. This is the only reasons I > > can think of for > > the error you have. > > > > BTW, I think it'll be very helpful if you send related files next time :) > > > > Aleksey > > > > > > > > Wayne Cheng wrote: > > > >> Thank you so much for your quick response. > >> > >> The server.key generation algorithm we used is RSA-sha1. I am not > >> sure where to > >> find/change > >> algorithm used for signature for xmlsec utility. > >> > >> I tried the new format and it still not working. Also, I am not sure > >> if rename > >> for server is required or not. > >> > >> bash-2.05$ xmlsec sign --privkey:server ./server.key xml.txt > >> xmlSecKeysMngrGetKey (keys.c:451): error 17: key not found : > >> xmlSecSignedInfoRead (xmldsig.c:1385): error 17: key not found : > >> xmlSecSignatureRead (xmldsig.c:1124): error 2: xmlsec operation failed : > >> xmlSecS > >> ignedInfoRead - -1 > >> xmlSecDSigGenerate (xmldsig.c:792): error 2: xmlsec operation failed : > >> xmlSecSig > >> natureRead - -1 > >> Error: xmlSecDSigGenerate() failed > >> Error: operation failed > >> bash-2.05$ > >> > >> Thanks, > >> > >> Wayne > >> > >> > > > > > > _______________________________________________ > > xmlsec mailing list > > [EMAIL PROTECTED] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] > http://www.aleksey.com/mailman/listinfo/xmlsec __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
