The reference uris are supported by xmlsec from the very beginning and the fact that the first step of verification (digests check) succeeded shows that that part worked fine.
Try to run xmlsec command line tool with --store-signatures and --store-references flags. This will print exact details of what was signed and verified. Aleksey On 2/18/2010 5:57 AM, Gaurav Gangwar wrote:
Hi Aleksey, I am verifying the signature file with following format from W3C spec <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#” Id="DistributorASignature" > <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <Reference URI="config.xml"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>...</DigestValue> </Reference> <Reference URI="index.html"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>.... </DigestValue> </Reference> <Reference URI="#prop "> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>.... </DigestValue> </Reference> </SignedInfo> <SignatureValue>... </SignatureValue> <KeyInfo><X509Data> <X509Certificate>MI...</X509Certificate> <X509Certificate>MI...</X509Certificate> </X509Data></KeyInfo> <Object Id="prop"> <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties";> <SignatureProperty Id="profile" Target="#DistributorASignature"> <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"; /> </SignatureProperty> <SignatureProperty Id="role" Target="#DistributorASignature"> <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"; /> </SignatureProperty> <SignatureProperty Id="identifier" Target="#DistributorASignature"> <dsp:Identifier>J............</dsp:Identifier> </SignatureProperty> </SignatureProperties> </Object> </Signature> I am getting the signature verification failure Error is : func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha256:subj=EVP_VerifyFinal:error=18:data do not match:signature do not match I am concluding that the problem is because of #prop is due to the fact that i am not getting any error with other signature files which don,t have #prop. So my question is does xmlsec supports <Reference URI="#prop "> ? If yes then to which version i have to update? If not please point me to where i have to make changes to support this. Thanks and Regards Gaurav _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
