Hi Aleksey, This URl is again based on the new widget spec 1.1, when i try to verify using this method i get error as:
xmlsec1 --verify --trusted-pem Root.pem signature.xml error : Unknown IO error func=xmlSecTransformNodeRead:file=transforms.c:line=1511:obj=unknown:subj=xmlSecTransformIdListFindByHref:error=1:xmlsec library function failed:href=http://www.w3.org/2000/09/xmldsig#sha256 func=xmlSecTransformCtxNodeRead:file=transforms.c:line=666:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec library function failed:name=DigestMethod func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1505:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec library function failed:node=DigestMethod func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=817:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=560:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Error: failed to verify file "signature.xml" Regards, Ashish On Tue, Jun 2, 2009 at 9:43 PM, Aleksey Sanin <[email protected]> wrote: > xmlsec support SHA256, your URL is incorrect: > > http://www.aleksey.com/pipermail/xmlsec/2005/007037.html > > Aleksey > > Ashish Agrawal wrote: > >> ok , thanks for pointing. >> >> also i need to provide support for the digest method as : >> http://www.w3.org/200009/xmldsig#sha256 < >> http://www.w3.org/2000/09/xmldsig#sha256> >> >> for supporting this do i need to modify xmlsec ? >> >> Regards, >> Ashish >> >> On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin <[email protected]<mailto: >> [email protected]>> wrote: >> >> Look at LibXML2 library, file c14n.c >> >> Aleksey >> >> Ashish Agrawal wrote: >> >> Hi Aleksey, >> >> I would like to work on providing the latest canonical support, >> can u give me some pointers on the areas in the code where i >> need to foucs for the changes. >> >> Regards, >> Ashish >> >> On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> wrote: >> >> Sure, I see your point. Well, I haven't seen a lot of interest >> in C14N 1.1 support so far. BTW, C14N is a part of LibXML2. >> If you need C14N 1.1, then I am sure that Daniel will be happy >> to apply your patches to the main tree. >> >> Aleksey >> >> >> Ashish Agrawal wrote: >> >> Hi Aleksey, >> >> Thanks for prompt reply. >> >> The basis of my argument is the newer Widgets DSig specifies >> certain fixed values for Canonicalizationmethod & Digest >> Method. >> >> Eg: >> <?xml version="1.0" encoding="UTF-8"?> >> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >> <SignedInfo> >> <CanonicalizationMethod >> Algorithm=" >> http://www.w3.org/2006/12/xml-c14n11"/> >> <SignatureMethod >> Algorithm=" >> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; /> >> <Reference URI="config.xml"> >> <DigestMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> <DigestValue>j6...8nk=</DigestValue> >> </Reference> >> <Reference URI="index.html"> >> <DigestMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> <DigestValue>lm...34=</DigestValue> >> </Reference> >> <Reference URI="icon.png"> >> <DigestMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> <DigestValue>pq...56=</DigestValue> >> </Reference> >> </SignedInfo> >> <SignatureValue>MC0E~LE=</SignatureValue> >> <KeyInfo> >> <X509Data> >> <X509Certificate>MI...lVN</X509Certificate> >> </X509Data> >> </KeyInfo> >> </Signature> >> >> >> So when i create a signature file with the abov mentioned >> canonicalizaiton and Digest method, xmlsec fails. >> Pls clarify. >> >> Regards, >> Ashish >> >> On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>>> wrote: >> >> xmlsec implements XML DSig and the Widgets DSig is just >> a profile of XML DSig. Thus, I don't see why you claim >> that xmlsec doesn't support it. >> >> Aleksey >> >> Ashish Agrawal wrote: >> >> Hi Aleksey, >> >> I need to support >> * >> http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/* >> and seems that current version of xmlsec doesn't >> support >> it, Is >> there any plan for it. >> >> Regards, >> Ashish >> >> On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> >> <mailto:[email protected] >> <mailto:[email protected]> <mailto:[email protected] >> <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>>>> >> wrote: >> >> https://www.aleksey.com/xmlsec/xmldsig.html >> >> Aleksey >> >> Ashish Agrawal wrote: >> >> Hi Aleksey, >> >> i want to know which standards of >> DigestMethod and >> Canonicalization Method is supported by xmlsec >> currently. >> >> I ve a requirement where i ve the Digest >> method as: >> http://www.w3.org/2000/09/xmldsig#sha256 and >> Canonicalization >> methord as : >> http://www.w3.org/2006/12/xml-c14n11. >> Will this be supported ? >> >> ~Ashish >> >> >> >> ------------------------------------------------------------------------ >> >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> <mailto:[email protected]> <mailto:[email protected] >> <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> >> <mailto:[email protected] >> <mailto:[email protected]> <mailto:[email protected] >> <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>>> >> >> >> >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>> >> <mailto:[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >> >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
