Specifics of the problem as you requested ... - running patched xmlsec 1.2.10 on Windows (see re-post from me above) - using command line utility with options as follows:
xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped-Entrust.xml tmpl/tmpl-EPM-sign-enveloped-Entrust.xml xmlsec verify --crypto mscrypto inout/edsigned-enveloped-Entrust.xml - the Entrust key-pair and certificate are loaded into the Microsoft Crypto Store and XMLSec is retrieving them based on the template - the resultant signature (also attached) verifies sucessfully even though the certificate expired on August 31, 2007 I have not attempted to re-create this outside of --mscrypto yet Any ideas ? Ed -----Original Message----- From: Ed Shallow [mailto:[EMAIL PROTECTED] Sent: Saturday, September 01, 2007 9:58 AM To: '[email protected]' Subject: Valid To has passed Ho Aleksey, I just noticed that I am still able to sign --mscrypto with an expired certificate. Additionally it verifies successfully as well. Is this normal? In the template can I force creation of the ValidFrom and ValidTo nodes? Thanks, Ed
<?xml version="1.0" encoding="UTF-8"?> <!-- Signature created by EPMSigner V1.12 - Sign Template - enveloped-simple - Ed Shallow June 27, 2003 --> <Document> <Data> <SubData1> <SubSubData1 MimeType="text/plain">This is the data to be signed.</SubSubData1> <SubSubData2 MimeType="text/plain">This is the data to be signed.</SubSubData2> <SubSubData3 MimeType="text/plain">This is the data to be signed.</SubSubData3> </SubData1> <SubData2>This is the data to be signed.</SubData2> <SubData3>This is the data to be signed.</SubData3> </Data> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI=""> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue></dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue> </dsig:SignatureValue> <dsig:KeyInfo> <dsig:KeyName>Shallow, Ed</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate></dsig:X509Certificate> <dsig:X509SubjectName></dsig:X509SubjectName> <dsig:X509IssuerSerial></dsig:X509IssuerSerial> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> </Document>
<?xml version="1.0" encoding="UTF-8"?> <!-- Signature created by EPMSigner V1.12 - Sign Template - enveloped-simple - Ed Shallow June 27, 2003 --> <Document> <Data> <SubData1> <SubSubData1 MimeType="text/plain">This is the data to be signed.</SubSubData1> <SubSubData2 MimeType="text/plain">This is the data to be signed.</SubSubData2> <SubSubData3 MimeType="text/plain">This is the data to be signed.</SubSubData3> </SubData1> <SubData2>This is the data to be signed.</SubData2> <SubData3>This is the data to be signed.</SubData3> </Data> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI=""> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>r7EhnxYz0j4pYDmYS3TvPqXex/U=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>ZhSUgqM6cQjPbd+EoccpE7GSIL6vCjGXzev+4bg9S359YrBIItMO2/RgzNPkn66D CV3vAjm0hHIynna0dDyEOUqA3ksAN1KYODzhh+CtTfdb6erHpG84faQY3AzkGrxU M+3/CarW5tKd025/OKoVW1TY/klM+lCXNrc4SlwI48M=</dsig:SignatureValue> <dsig:KeyInfo> <dsig:KeyName>Shallow, Ed</dsig:KeyName> <dsig:X509Data> <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#";>MIIDBDCCAm2gAwIBAgIEReI9QzANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJD QTELMAkGA1UEChMCR0MxFDASBgNVBAsTC1BXR1NDLVRQU0dDMRAwDgYDVQQLEwcx Q0EtQUMxMB4XDTA3MDMwOTE1MDkzMFoXDTA3MDgzMTA0MDAwMFowRjELMAkGA1UE BhMCQ0ExCzAJBgNVBAoTAkdDMRQwEgYDVQQLEwtQV0dTQy1UUFNHQzEUMBIGA1UE AxMLU2hhbGxvdywgRWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALENf7Cm nbv75/e/M+OM0LegZpLG5U1iDJ5qnLQyem3yYFkExW7i8MSg0V0i0YiDfzSNbvMx d4wUfOkTLOHRBJyz+KLR1LGMW8dnBYbv1h5hyEyg8NC7Wibl6Oa08toYTfvaudaR 7AxqoOKSdVgtqx6A4NuM+Xj1ONC8KLNJnY8lAgMBAAGjggEBMIH+MAsGA1UdDwQE AwIFIDAhBgNVHREEGjAYgRZlZC5zaGFsbG93QHB3Z3NjLmdjLmNhMGYGA1UdHwRf MF0wW6BZoFekVTBTMQswCQYDVQQGEwJDQTELMAkGA1UEChMCR0MxFDASBgNVBAsT C1BXR1NDLVRQU0dDMRAwDgYDVQQLEwcxQ0EtQUMxMQ8wDQYDVQQDEwZDUkw0Njkw HwYDVR0jBBgwFoAU8vbS1yLEVgR5bpDH/nW9bn904QwwHQYDVR0OBBYEFMpgutWF p3AZOVthD36dAF4bz/nXMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjYu MAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAdaT52r1qSpT1xaq4wcBPhkaYsvi8RFRM sle2VIQZvtMsMitEz3Xa6u0ecrJj0xEb7gQ+5u3hibPBMrMrIy6l2diBJF1+QaHi JlWDFqcLkXqQrMWjsuT26v1NdrEDHWHvN9qnGO5q7791rrTn1SzY6/USoA44S3Gm a7eCGEViu/k=</X509Certificate> <X509SubjectName xmlns="http://www.w3.org/2000/09/xmldsig#";>CN="Shallow, Ed", OU=PWGSC-TPSGC, O=GC, C=CA</X509SubjectName> <X509IssuerSerial xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509IssuerName>OU=1CA-AC1, OU=PWGSC-TPSGC, O=GC, C=CA</X509IssuerName> <X509SerialNumber>1172454723</X509SerialNumber> </X509IssuerSerial> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> </Document>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
