I suggest to take a look at a good book on cryptography
(e.g. Schneier's "Applied Cryptography"):
https://www.aleksey.com/xmlsec/related.html
Aleksey
On 3/22/2010 7:09 AM, igor wrote:
Aleksey,
By your answer, seem obvious solve the problem. I'm feeling helpless and I
ask your help in identifying this problem.
The error that appears is: failed to load des key from binary file
"aeskey.bin"
But the key is not des, it is aes.
Thank you in advance!
BR,
Igor
On Thu, 18 Mar 2010 19:44:58 -0700, Aleksey Sanin<[email protected]>
wrote:
Please read the error carefully.
Aleksey
On 3/18/2010 6:15 PM, [email protected] wrote:
Hello guys,
I'm using xmlsec1 for encryption and signing, but I'm having trouble
verifying the signature. I am signing only the Header of the SOAP
message
using HMAC with the same AES key to encrypt the message.
Using the console, I can verify the signature with the following
command:
xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data
My function in C that would verify the signature shows the following
error:
func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature
is not implemented:
func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId
!= xmlSecKeyDataIdUnknown:error=100:assertion:
Error: failed to load des key from binary file "aeskey.bin"
func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize
0:error=100:assertion:
func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
library function failed:dataSize=0
Error: encryption failed
I am using a function of the examples with a slight modification:
int
verify_file(const char* xml_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(xml_file);
assert(key_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc),
xmlSecNodeSignature,
xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context, we don't need keys manager in this
example */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* load AES key, assuming that there is not password */
dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId,
key_file);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file
\"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(dsigCtx->signKey, key_file)< 0) {
fprintf(stderr,"Error: failed to set key name for key from
\"%s\"\n",
key_file);
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node)< 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is INVALID\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
Any help?
BR,
Igor
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
