Hello, Now I understand what you meant. But unfortunately, I can not get the Pre-digest value from signer, because I got the message from the service which is developed by other project and not well supported. But I run (I was wrong in the former mail, uri should be used for namespace): xmlsec1 --verify --trusted-pem 1f0e8352.0 --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion --store-references assertion11.xml
I got the message, and I can not see anything wrong from the message (PreDigest data) in verification side. Can you see anything wrong? Thanks a lot Weizhong Qiang ********************* xmlsec1 --verify --trusted-pem 1f0e8352.0 --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion --store-references assertion11.xml func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 = VERIFICATION CONTEXT == Status: invalid == flags: 0x00000006 == flags2: 0x00000000 == Key Info Read Ctx: = KEY INFO READ CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000000 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Key Info Write Ctx: = KEY INFO WRITE CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000001 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Signature Transform Ctx: == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == Signature Method: === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == SignedInfo References List: === list size: 1 = REFERENCE VERIFICATION CONTEXT == Status: invalid == URI: "#_80310c3e-3ee4-425f-aee0-226729374b95" == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: === uri xpointer expr: #_80310c3e-3ee4-425f-aee0-226729374b95 === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: enveloped-signature (href= http://www.w3.org/2000/09/xmldsig#enveloped-signature) === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) === Transform: membuf-transform (href=NULL) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) == PreDigest data - start buffer: <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_80310c3e-3ee4-425f-aee0-226729374b95" IssueInstant="2008-10-09T22:58:25.448Z" Version="2.0"><saml:Issuer>CN=Weizhong Qiang,OU=fys.uio.no,O=NorduGrid,O=Grid</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=test,O=UiO,ST=Oslo,C=NO</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig# "><ds:X509Data><ds:X509Certificate>MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQQFADA3MQswCQYDVQQGEwJOTzENMAsGA1UECBME T3NsbzEMMAoGA1UEChMDVWlPMQswCQYDVQQDEwJDQTAeFw0wNzExMDYxNTE4NDlaFw0wODExMDUx NTE4NDlaMDkxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQwwCgYDVQQKEwNVaU8xDTALBgNV BAMTBHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUZpDYNYNuoqohEkP4w/MnGAiXV sZUSPuFChL2HT2sE7VQ2/RsFKRyAFXNaBIPcpoJF2uTv6Llc0G9F5v4G5ZyZiiexgl3HtnmiMcgW ie/d5XfYf0o+2xhofdsgxb5d2DRFyUVxkKnBRYSSebR9wsdlwtlduSDxsN22CFITqL3FAgMBAAGj gbwwgbkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFGtX2cUVfSVs1xLKLwwscpNon2duMF8GA1UdIwRYMFaAFLg5jUhGbh+u jBIx6kabFY+E5JrWoTukOTA3MQswCQYDVQQGEwJOTzENMAsGA1UECBMET3NsbzEMMAoGA1UEChMD VWlPMQswCQYDVQQDEwJDQYIBADANBgkqhkiG9w0BAQQFAAOBgQAIrqV+I9YbXvpsRvwJLOFIVIuX Cy8l5RjfSrd4UG3oX3c0nmr5oe93XomAJ525ULOGSh5w8kmfGA96yUi2LRmdM9ZQyyVWLDagU0dt mdcJm2CedeRxI+ShtIE3PRc/OTEjz/dvY6gD/jiHDUr/IcooHMSApIuDZXWvSNWSql0Swg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2008-10-09T22:58:25.448Z" NotOnOrAfter="2008-10-10T09:58:25.448Z"></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="Degree" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">PhD</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://voms.forge.cnaf.infn.it/group"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">/knowarc</saml:AttributeValue><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">/knowarc/UiO</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion> == PreDigest data - end buffer == Manifest References List: === list size: 0 Error: failed to verify file "assertion11.xml"
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
