Thanks Aleksey! I agree that manually attach the x509 section is a bad idea and it is very likely the root cause of my problem. So I need to change that. The code we are using was derived from one of your example (the 2nd one I believe). However, that sample doesn't have x509 related functions. I just browsed the xmlsec API reference and found some x509 related functions. However, since I am pretty new to xml signature stuff, I don't know how to use them. Do you happen to have some sample code for signing xml message and attach with x509 certificates? Or any pointers might be helpful?
thanks Derek --- Aleksey Sanin <[EMAIL PROTECTED]> wrote: > Hi, Derek! > > First of all, it's probably a wrong way to create > the signature in the > way you did > (do sign document and next modify content). > Depending on what are you > signing > you may easily invalidate you signature. > Regarding the error you have, I can only guess since > you do not provide > the document > (see http://www.aleksey.com/xmlsec/bugs.html for a > list of required > information > when you report bug/request help). I might be wrong > but it seems that > you have a problem with ID attribute (see section > 3.2 from FAQ). > > > Aleksey > > Derek Lei Liu wrote: > > >Hi, > > > >I construct the signed xml with xmlsec and then > >attached a manually created x509 section. Although > I > >can use xmlsec tool to verify the signed message > >itself (without x509 section). The whole message > can't > >be verified due to following error: > > > >I am still at beginner level on xml signature > stuff, > >so could some expert point out to me what could > went > >wrong? > > > >thanks > > > >Derek > > > >==================================================== > > > > ># /usr/local/bin/xmlsec-11 verify --trusted CA.cert > >./pares.txt > >xmlSecTransformStateParseUri (transforms.c:1181): > >error 4: xml operation failed : > >xmlXPtrEval(PARes1041661547-977789) > >xmlSecTransformStateCreate (transforms.c:881): > error > >2: xmlsec operation failed : > >xmlSecTransformStateParseUri(#PARes1041661547-977789) > >xmlSecReferenceRead (xmldsig.c:1602): error 2: > xmlsec > >operation failed : xmlSecTransformStateCreate > >xmlSecSignedInfoRead (xmldsig.c:1476): error 2: > xmlsec > >operation failed : xmlSecReferenceRead - -1 > >xmlSecSignatureRead (xmldsig.c:1175): error 2: > xmlsec > >operation failed : xmlSecSignedInfoRead - -1 > >xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec > >operation failed : xmlSecSignatureRead - -1 > >ERROR > >Error: operation failed > > > > > >__________________________________________________ > >Do you Yahoo!? > >Yahoo! Mail Plus - Powerful. Affordable. Sign up > now. > >http://mailplus.yahoo.com > >_______________________________________________ > >xmlsec mailing list > >[EMAIL PROTECTED] > >http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
