[xmlsec] [Q.] verification fail (can not find )

Tue, 07 Jan 2003 01:12:40 -0800 

Hi, aleksey ~   :)

At first, really thank you for your good ``xmlsec'' library!!!

I have one curious question.. ^^
Would you explain the reason of the following result?

By use of xml.apache.org XML library,
my partner (in my XML team) has created XML-signed message
which uses <RetrievalMethod> to get the public key to verify.

I've got that message and tried to verify it,
but the result of operation is "fail".

What's my or my partner's mistake?
How can I solve this problem?
Thank you for your reading!  ^^



The following is XML-signed message (to be verified):

$ cat xkmsReqMsg.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE Register [
        <!ATTLIST Prototype Id ID #IMPLIED>
        <!ATTLIST ds:KeyInfo Id ID #IMPLIED>
        <!ATTLIST ds:KeyValue Id ID #IMPLIED>
]>
<Register xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><Prototype 
Id="KeyBinding1" xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><Status 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>Valid</Status>
<KeyID 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>[EMAIL PROTECTED]</KeyID>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="KI1" 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>
<ds:KeyName>[EMAIL PROTECTED]</ds:KeyName>
<ds:KeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:RSAKeyValue xmlns="http://www.xkms.org/schema/xkms-2001-01-20"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Modulus xmlns="http://www.xkms.org/schema/xkms-2001-01-20"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
xLRFBvbOEdEUPIa4OsC7Pw1FV3Hnsv+Mz+Hzw5KkT3is1FD6TrU9J2CRxVir/EskuShBS4936Jyw
m+DKpk8J4Q==
</ds:Modulus>
<ds:Exponent xmlns="http://www.xkms.org/schema/xkms-2001-01-20"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<PassPhrase 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>VBHCCZruvcOokyYZBbjJxsHNgzA=</PassPhrase>
</Prototype>
<AuthInfo xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><AuthUserInfo 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><ProofOfPossession 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><Signature 
xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#";>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue 
xmlns="http://www.w3.org/2000/09/xmldsig#";>XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#";>
c7KmgG6ZKZG9Coj6WR6edo0o4SxduHaF/T9ltXl6HORPM+H4aPJZcp7md1Xu7pWGF7uoOPkoMeyP
hVAMfEqJMA==
</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue"; URI="#KI1" 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</KeyInfo>
</Signature>
</ProofOfPossession>
<KeyBindingAuth xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><Signature 
xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="#KeyBinding1" xmlns="http://www.w3.org/2000/09/xmldsig#";>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; 
xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue 
xmlns="http://www.w3.org/2000/09/xmldsig#";>XY5C9AwMDY9qw7f/hBx3A3e4tWA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue 
xmlns="http://www.w3.org/2000/09/xmldsig#";>zXUvrfTAz9jlrHSN7kkj6nm0BNw=</SignatureValue>
</Signature>
</KeyBindingAuth>
</AuthUserInfo>
</AuthInfo><Respond xmlns="http://www.xkms.org/schema/xkms-2001-01-20";><string 
xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>KeyName</string>
<string xmlns="http://www.xkms.org/schema/xkms-2001-01-20";>X509Data</string>
</Respond>
</Register>




The following is result:

$ xmlsec verify xkmsReqMsg.xml
xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found :   
xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found :   
xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : 
xmlSecSignedInfoRead - -1 
xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : 
xmlSecSignatureRead - -1 
Error: operation failed
ERROR





--
To be a rock, and not to roll. 

-x-x-[?]EGB:STONEROSES@MATRIX[!]-x-x- 
| blusjune@EGBSD | ^_^ | stoneroses | 
$ NAME=\
$ "Blusjune Jung <[EMAIL PROTECTED]>"
$ PGPKEYID="0xF1F2FD37" 
-x-x-x Eternal Golden Blusjune x-x-x-
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to