Aleksey, I found my mistake! I was calling the function that checks the signature before loading the xmlsec own.
Thank you for all! BR, ---------------------------- Original Message ---------------------------- Subject: Re: [xmlsec] Fail to verify symmetric sign From: [email protected] Date: Tue, March 23, 2010 10:27 am To: "Aleksey Sanin" <[email protected]> Cc: "[email protected]" <[email protected]> -------------------------------------------------------------------------- Aleksey, Does not make sense. Why it works on script console and not on c function? Why do you indicated a book? I think I have a specific problem and not a conceptual problem. Thank you! BR. > I suggest to take a look at a good book on cryptography > (e.g. Schneier's "Applied Cryptography"): > > https://www.aleksey.com/xmlsec/related.html > > Aleksey > > On 3/22/2010 7:09 AM, igor wrote: >> >> Aleksey, >> >> By your answer, seem obvious solve the problem. I'm feeling helpless and >> I >> ask your help in identifying this problem. >> >> The error that appears is: failed to load des key from binary file >> "aeskey.bin" >> >> But the key is not des, it is aes. >> >> Thank you in advance! >> >> BR, >> Igor >> >> On Thu, 18 Mar 2010 19:44:58 -0700, Aleksey Sanin<[email protected]> >> wrote: >>> Please read the error carefully. >>> >>> Aleksey >>> >>> On 3/18/2010 6:15 PM, [email protected] wrote: >>>> Hello guys, >>>> >>>> I'm using xmlsec1 for encryption and signing, but I'm having trouble >>>> verifying the signature. I am signing only the Header of the SOAP >>> message >>>> using HMAC with the same AES key to encrypt the message. >>>> >>>> Using the console, I can verify the signature with the following >>> command: >>>> xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data >>>> >>>> My function in C that would verify the signature shows the following >>> error: >>>> >>>> >>> >> func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature >>>> is not implemented: >>>> >>> >> func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId >>>> != xmlSecKeyDataIdUnknown:error=100:assertion: >>>> Error: failed to load des key from binary file "aeskey.bin" >>>> >>> >> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize >>>>> 0:error=100:assertion: >>>> >>> >> func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec >>>> library function failed:dataSize=0 >>>> Error: encryption failed >>>> >>>> >>>> I am using a function of the examples with a slight modification: >>>> >>>> int >>>> verify_file(const char* xml_file, const char* key_file) { >>>> xmlDocPtr doc = NULL; >>>> xmlNodePtr node = NULL; >>>> xmlSecDSigCtxPtr dsigCtx = NULL; >>>> int res = -1; >>>> >>>> assert(xml_file); >>>> assert(key_file); >>>> >>>> /* load file */ >>>> doc = xmlParseFile(xml_file); >>>> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ >>>> fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); >>>> goto done; >>>> } >>>> >>>> /* find start node */ >>>> node = xmlSecFindNode(xmlDocGetRootElement(doc), >>> xmlSecNodeSignature, >>>> xmlSecDSigNs); >>>> if(node == NULL) { >>>> fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); >>>> goto done; >>>> } >>>> >>>> /* create signature context, we don't need keys manager in this >>>> example */ >>>> dsigCtx = xmlSecDSigCtxCreate(NULL); >>>> if(dsigCtx == NULL) { >>>> fprintf(stderr,"Error: failed to create signature >>>> context\n"); >>>> goto done; >>>> } >>>> >>>> /* load AES key, assuming that there is not password */ >>>> dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId, >>>> key_file); >>>> if(dsigCtx->signKey == NULL) { >>>> fprintf(stderr,"Error: failed to load des key from binary >>>> file >>>> \"%s\"\n", key_file); >>>> goto done; >>>> } >>>> >>>> /* set key name to the file name, this is just an example! */ >>>> if(xmlSecKeySetName(dsigCtx->signKey, key_file)< 0) { >>>> fprintf(stderr,"Error: failed to set key name for key from >>> \"%s\"\n", >>>> key_file); >>>> goto done; >>>> } >>>> >>>> /* Verify signature */ >>>> if(xmlSecDSigCtxVerify(dsigCtx, node)< 0) { >>>> fprintf(stderr,"Error: signature verify\n"); >>>> goto done; >>>> } >>>> >>>> /* print verification result to stdout */ >>>> if(dsigCtx->status == xmlSecDSigStatusSucceeded) { >>>> fprintf(stdout, "Signature is OK\n"); >>>> } else { >>>> fprintf(stdout, "Signature is INVALID\n"); >>>> } >>>> >>>> /* success */ >>>> res = 0; >>>> >>>> done: >>>> /* cleanup */ >>>> if(dsigCtx != NULL) { >>>> xmlSecDSigCtxDestroy(dsigCtx); >>>> } >>>> >>>> if(doc != NULL) { >>>> xmlFreeDoc(doc); >>>> } >>>> return(res); >>>> } >>>> >>>> Any help? >>>> >>>> BR, >>>> Igor >>>> >>>> _______________________________________________ >>>> xmlsec mailing list >>>> [email protected] >>>> http://www.aleksey.com/mailman/listinfo/xmlsec >> > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
