Upon verification of a signed document with xmlsec1 like this: xmlsec1 sign --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem --output alekseysigned_KOM.xml uKOM.xml I get OK with these 2:
xmlsec1 verify --trusted gpg-des/newcorvus_cert_key/bpV28_ca.pem alekseysigned_KOM.xml xmlsec1 verify --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem alekseysigned_KOM.xml If I try to verify the same file in http://www.aleksey.com/xmlsec/xmldsig-verifier.html I get the following: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=NO/O=MYLASTNAME MYFIRST\xC3\x98NAME/CN=MYLASTNAME MYFIRST\xC3\x98NAME/serialNumber=981789261;err=20;msg=unable to get local issuer certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data do not match:signature do not match RESULT: Signature is INVALID --------------------------------------------------- = VERIFICATION CONTEXT == Status: invalid ..etc,etc The <X509Certificate> as <KeyInfo> in the document is the corresponding cert to the S-key.pem: gpg-des/newcorvus_cert_key/bpV28_S-cer.pem What do I do wrong? -S- -- Si St [email protected] -- http://www.fastmail.fm - IMAP accessible web-mail _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
