Yes, all of the above is done by xmlsec during signature verification.
However, the online tool you've mentioned supports only ONE root
certificate. You have to write your own program to do that or use
xmlsec command line tool.
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
thanks for ur reply, Let me try to elaborate.
I ve one one signature.xml file which has two x509 certificates as part
of x509Certificate tag plus one root ca certifiacte file as roorcert.crt
file.
I ve to verify the following:
1. Verify signataturemethod, canonicalization method and digest method.
2. Verify the digest value for all the reference tags which as sha256 hash.
3. verify SignatureValue which is calculated over the signed info using
the first x509certificate
4. verify the certificate chain, ( two certs embedded in the
signature.xml file ) and one crt file outside.
i need to do the above mentioned verification using the programming
API's , can u pls suggest if this can be done using one api or i ve
to divide each verification,
also pls suggest if i ve to get my input certificate in some other format.
~Ashish
On Fri, Apr 3, 2009 at 11:37 PM, Aleksey Sanin <[email protected]
<mailto:[email protected]>> wrote:
Sorry, I am not sure I understand the question about the online
tool. Could you please give more details? E.g. error messages
you see?
Regarding things verified... Yes, xmlsec verifies the signature
according to XMLDsig standard and also performs the certificates
chain verification.
Aleksey
Ashish Agrawal wrote:
On Fri, Apr 3, 2009 at 3:48 PM, Ashish Agrawal
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Hi Aleksey,
I ve a doubt on the sample implementation which is present at
http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html.
My understanding is, the xml file is the signature.xml file which
contains the signatureValue and the x509 certificates,
when it asks for another pem certifaicate does it mean to get the
root CA certificate which has signed one of the x509 cert
present in
the signature.xml file.
also when we say verification (xmlSecDSigCtxVerify) what all
things
are verified from the signature.xml, does it do
1. signatureValue verification
2. root chain verification ?
can u let me know is there is nything else that is verified ?
~Regards,
Ashish
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
