From an example in WD widgets spec
<Reference URI="config.xml">
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>...</DigestValue>
</Reference>Aleksey Ashish Agrawal wrote:
Hi Aleksey, This URl is again based on the new widget spec 1.1, when i try to verify using this method i get error as: xmlsec1 --verify --trusted-pem Root.pem signature.xml error : Unknown IO errorfunc=xmlSecTransformNodeRead:file=transforms.c:line=1511:obj=unknown:subj=xmlSecTransformIdListFindByHref:error=1:xmlsec library function failed:href=http://www.w3.org/2000/09/xmldsig#sha256 func=xmlSecTransformCtxNodeRead:file=transforms.c:line=666:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec library function failed:name=DigestMethod func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1505:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec library function failed:node=DigestMethod func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=817:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=560:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:Error: signature failed ERROR SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Error: failed to verify file "signature.xml" Regards, AshishOn Tue, Jun 2, 2009 at 9:43 PM, Aleksey Sanin <[email protected] <mailto:[email protected]>> wrote:xmlsec support SHA256, your URL is incorrect: http://www.aleksey.com/pipermail/xmlsec/2005/007037.html Aleksey Ashish Agrawal wrote: ok , thanks for pointing. also i need to provide support for the digest method as : http://www.w3.org/200009/xmldsig#sha256 <http://www.w3.org/2000/09/xmldsig#sha256> for supporting this do i need to modify xmlsec ? Regards, Ashish On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> wrote: Look at LibXML2 library, file c14n.c Aleksey Ashish Agrawal wrote: Hi Aleksey, I would like to work on providing the latest canonical support, can u give me some pointers on the areas in the code where i need to foucs for the changes. Regards, Ashish On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>> wrote: Sure, I see your point. Well, I haven't seen a lot of interest in C14N 1.1 support so far. BTW, C14N is a part of LibXML2. If you need C14N 1.1, then I am sure that Daniel will be happy to apply your patches to the main tree. Aleksey Ashish Agrawal wrote: Hi Aleksey, Thanks for prompt reply. The basis of my argument is the newer Widgets DSig specifies certain fixed values for Canonicalizationmethod & Digest Method. Eg: <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethodAlgorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethodAlgorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; /><Reference URI="config.xml"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>j6...8nk=</DigestValue> </Reference> <Reference URI="index.html"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>lm...34=</DigestValue> </Reference> <Reference URI="icon.png"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>pq...56=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0E~LE=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MI...lVN</X509Certificate> </X509Data> </KeyInfo> </Signature> So when i create a signature file with the abov mentioned canonicalizaiton and Digest method, xmlsec fails. Pls clarify. Regards, Ashish On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>>> wrote: xmlsec implements XML DSig and the Widgets DSig is just a profile of XML DSig. Thus, I don't see why you claim that xmlsec doesn't support it. Aleksey Ashish Agrawal wrote: Hi Aleksey, I need to support*http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*and seems that current version of xmlsec doesn't support it, Is there any plan for it. Regards, Ashish On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>>>> wrote: https://www.aleksey.com/xmlsec/xmldsig.html Aleksey Ashish Agrawal wrote: Hi Aleksey, i want to know which standards of DigestMethod and Canonicalization Method is supported by xmlsec currently. I ve a requirement where i ve the Digest method as:http://www.w3.org/2000/09/xmldsig#sha256 andCanonicalization methord as : http://www.w3.org/2006/12/xml-c14n11. Will this be supported ? ~Ashish------------------------------------------------------------------------_______________________________________________xmlsec mailing list [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>>>http://www.aleksey.com/mailman/listinfo/xmlsec------------------------------------------------------------------------_______________________________________________ xmlsec mailing list [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>> http://www.aleksey.com/mailman/listinfo/xmlsec ------------------------------------------------------------------------ _______________________________________________ xmlsec mailing list [email protected] <mailto:[email protected]> http://www.aleksey.com/mailman/listinfo/xmlsec ------------------------------------------------------------------------ _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
