From an example in the WD Widgets spec
<Reference URI="config.xml">
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>...</DigestValue>
</Reference>
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
This URl is again based on the new widget spec 1.1,
when i try to verify using this method i get error as:
xmlsec1 --verify --trusted-pem Root.pem signature.xml
error : Unknown IO error
func=xmlSecTransformNodeRead:file=transforms.c:line=1511:obj=unknown:subj=xmlSecTransformIdListFindByHref:error=1:xmlsec
library function failed:href=http://www.w3.org/2000/09/xmldsig#sha256
func=xmlSecTransformCtxNodeRead:file=transforms.c:line=666:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec
library function failed:name=DigestMethod
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1505:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec
library function failed:node=DigestMethod
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=817:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=560:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "signature.xml"
Regards,
Ashish
On Tue, Jun 2, 2009 at 9:43 PM, Aleksey Sanin <[email protected]
<mailto:[email protected]>> wrote:
xmlsec support SHA256, your URL is incorrect:
http://www.aleksey.com/pipermail/xmlsec/2005/007037.html
Aleksey
Ashish Agrawal wrote:
ok , thanks for pointing.
also i need to provide support for the digest method as :
http://www.w3.org/200009/xmldsig#sha256
<http://www.w3.org/2000/09/xmldsig#sha256>
for supporting this do i need to modify xmlsec ?
Regards,
Ashish
On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Look at LibXML2 library, file c14n.c
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
I would like to work on providing the latest canonical
support,
can u give me some pointers on the areas in the code where i
need to foucs for the changes.
Regards,
Ashish
On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>> wrote:
Sure, I see your point. Well, I haven't seen a lot of
interest
in C14N 1.1 support so far. BTW, C14N is a part of
LibXML2.
If you need C14N 1.1, then I am sure that Daniel will
be happy
to apply your patches to the main tree.
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
Thanks for prompt reply.
The basis of my argument is the newer Widgets DSig
specifies
certain fixed values for Canonicalizationmethod &
Digest
Method.
Eg:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; />
<Reference URI="config.xml">
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>j6...8nk=</DigestValue>
</Reference>
<Reference URI="index.html">
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>lm...34=</DigestValue>
</Reference>
<Reference URI="icon.png">
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>pq...56=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MC0E~LE=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MI...lVN</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
So when i create a signature file with the abov
mentioned
canonicalizaiton and Digest method, xmlsec fails.
Pls clarify.
Regards,
Ashish
On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>> wrote:
xmlsec implements XML DSig and the Widgets DSig
is just
a profile of XML DSig. Thus, I don't see why
you claim
that xmlsec doesn't support it.
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
I need to support
*http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
and seems that current version of xmlsec
doesn't
support
it, Is
there any plan for it.
Regards,
Ashish
On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
<[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>
<mailto:[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>>> wrote:
https://www.aleksey.com/xmlsec/xmldsig.html
Aleksey
Ashish Agrawal wrote:
Hi Aleksey,
i want to know which standards of
DigestMethod and
Canonicalization Method is supported
by xmlsec
currently.
I ve a requirement where i ve the Digest
method as:
http://www.w3.org/2000/09/xmldsig#sha256 and
Canonicalization
methord as :
http://www.w3.org/2006/12/xml-c14n11.
Will this be supported ?
~Ashish
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>
<mailto:[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>>
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected] <mailto:[email protected]>
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
