I've created a project in Visual Studio that uses libxmlsec, and I've used it to successfully verify some of the sample signed documents that are provided with the Online Verifier. However, a coworker created a signed document for me using Microsoft's implementation of .NET 2.0, and I can't verify the signature on it.
He sent me the entire X509 certificate chain that he used, including the root certificate, and I successfully loaded each certificate into a keys manager. When I try to verify the signature, I get this error message: func=xmlSecOpenSSLEvpDigestVerify:file=..\..\src\open_ssl\digests.c:line =229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match Signature is INVALID I noticed that, back in a 2004 thread, someone mentioned that Microsoft's .NET implementation had a problem with c14n, but not with exc-c14n. Does anyone out there know whether this continues to be a problem? Here is the Signature portion of the document I'm trying to work with: <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue>BCxyTVrdNmHOUVJeCyuAoFm3Yfg=</DigestValue> </Reference> </SignedInfo> <SignatureValue>bRfw29/Xz11s+IpE6VrGNHvs2Ry1wx5fQyf+Q2hkjcJxG5TiB5rt/HmM r7T4gXA/J9DfV7BtrLalNnhXhlhZCRs4mv/ek1oukoOC8VuDzOyDlmNhcaggsgIdJkDo9YO3 RloqnKWsW3E7dP7+xRq161j/JXmcq1JAko0e097gXx4=</SignatureValue> </Signature> Any advice would be appreciated. Thank you!
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
