Re: [xmlsec] Key Manager with multiple key

Mon, 10 Mar 2008 09:57:58 -0700 

If there is only one key in the KM and it matches the key type
required by the signature then it is used automatically.

If there are multiple keys in the KM then you need to use
key name, or any other way of selecting the key from the KM.

Aleksey

chia pern hui wrote:

Hi,

I am using libxmlsec1 1.2.9-5 and libssl0.9.7.
I am using the simple key manager as provided by xmlsec.

May I ask whether the default manager class supports loading of multiple keys?
I failed to verify a signed document after loading a list of keys (mix
of correct and false PU keys).
Meanwhile, if I load only the correct key, signature verifies correctly.

Any help will be much appreciated. Thanks!

Br, Pern Hui


Program adopted from the example
=====================

        key = xmlSecCryptoAppKeyLoad(keyfile, xmlSecKeyDataFormatPem,
NULL, NULL, NULL);
        if(xmlSecKeySetName(key, BAD_CAST keyfile) < 0) {
            fprintf(stderr,"Error: failed to set key name for key from
\"%s\"\n", keyfile);
            xmlSecKeyDestroy(key);
            return(-1);
        }
                
        if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
                fprintf(stderr,"Error: failed to add key from \"%s\" to keys
manager\n", keyfile);
            xmlSecKeyDestroy(key);
            return(-1);
        }


Signature verification fails when i load 2 keys into the manager
=====================================

__loaded key "public/[EMAIL PROTECTED]"
__loaded key "public/[EMAIL PROTECTED]"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/[EMAIL 
PROTECTED];err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
do not match:signature do not match


Verification succeeds if i load only alice's key into the manager
====================================

__loaded key "public/[EMAIL PROTECTED]"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/[EMAIL 
PROTECTED];err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
__signature OK
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to