X509Certificate nodes do not contain signatures. You might want to read a book on cryptography.
Aleksey On 6/11/12 8:50 PM, Giancarlo Piva wrote: > Hi Alekey > > That is right and that is what I am expecting as well.. > > I tried to run my command using your xml on the web site: > > xmlsec1 --sign --output test.xml --pkcs12 > ./certs/8003620833337558-general.p12 --pwd Password --trusted-pem > ./certs/output.pem ./xml/template_test.xml > > in the output I get multiple <X509Certificate> nodes is that normal?? > > this is what i get: > > <?xml version="1.0"?> > <References> > <Book> > <Author> > <FirstName>Bruce</FirstName> > <LastName>Schneier</LastName> > </Author> > <Title>Applied Cryptography</Title> > </Book> > <Web> > <Title>XMLSec</Title> > <Url>http://www.aleksey.com/xmlsec/</Url> > </Web> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <Reference URI=""> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <DigestValue>o/5EifW/Q4LVtDznvqMgBAAC21M=</DigestValue> > </Reference> > </SignedInfo> > > <SignatureValue>jk5S8exrQmxJPwBtz4YsEY3+zhWpAaRYW2rJNRLoo7+Rkq7PWoOAkHki63Gx5BEb > CSmk8bQ5jjqDLoxrbFVsYCmKQiiEpq+r8Kup9lyReA9aA4PRu/FpxufkPYqBXpfN > YML85F+LCoG44xt4LQMwaZtdE7H1KX3HZ1EX3Q+yIxoVxVp2HQjO9Y+3OJUlXUGk > t0yn/q11H/AV4mmZ2CWK+4uUKySYTg0KEhu/Z3RpG/S2VX3zHPUg769bQy/1Bihq > 3bwyO4INAHgP3dMjuc+iTJMMLChy/ZA5zahs5npfmWKFyJSw0ggMApZsRN4Mf8s8 > oDNtKPTja7/HbFBwdbiSdA==</SignatureValue> > <KeyInfo> > <X509Data> > > > > > <X509Certificate>MIIHLDCCBhSgAwIBAgIETXl5dTANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJB > VTESMBAGA1UEChMJTkVIVEFEZW1vMQ8wDQYDVQQLEwZSb290Q0EwHhcNMTEwNjAy > MTUyMjQwWhcNMjEwMzExMDA0NjMzWjAxMQswCQYDVQQGEwJBVTESMBAGA1UEChMJ > TkVIVEFEZW1vMQ4wDAYDVQQLEwVTdWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP > ADCCAQoCggEBAN9Zc8dkNxg9pEaPRxx9Z5H8Fsxt5G7QTXhuVSqwFsxOJNLiuQq+ > Z7q9fr8nry9ulmLj9HgGiPpMqQuFhbRH0aM2kSWhiZtjybVK4d52zwiapa+WcabG > djg8ZRZaevV6wRflwESUdyRM0g+Re8Bc+u8vEli7spKJgVNf31hvo3/zmIqiR3Vs > YFMeT9NgqWC/rUmguwScS4v5ZLBHaJG3WfPemTvmkd8iKxxTchG0uYhoBYtOd2Gc > vcLcj/ZWY3GRcJZIMKTIy34yWhIr1G95ZfdAD5TGfrGrv5WOgTRNGln7Kb00sedZ > UpyIfYMeR6X6tbVsqLquS8yPgrKCc+2a9UsCAwEAAaOCBEkwggRFMA4GA1UdDwEB > /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMIICcAYDVR0gBIICZzCCAmMwggHY > BgwqJAGPUYdqAQEBAQEwggHGMGgGCCsGAQUFBwIBFlxodHRwOi8vcG9saWN5LnBy > b2Ryb290aGlnaDEucGtpLmVsZWN0cm9uaWNoZWFsdGgubmV0LmF1L3Byb2Ryb290 > aGlnaDEvcG9saWN5L05BU0hfUkNBX0NQLnBkZjCCAVgGCCsGAQUFBwICMIIBShqC > AUZDZXJ0aWZpY2F0ZXMgdW5kZXIgdGhpcyBwb2xpY3kgYXJlIGlzc3VlZCBieSB0 > aGUgTkFTSCBSb290IENBIHRvIGl0c2VsZiBhbmQgdG8gQ0FzIHN1Ym9yZGluYXRl > IHRvIHRoZSBOQVNIIFJvb3QgQ0EuIFJlZmVyIHRvIGh0dHA6Ly9wcm9kcm9vdGhp > Z2gxLnBraS5lbGVjdHJvbmljaGVhbHRoLm5ldC5hdS9wcm9kcm9vdGhpZ2gxLyBm > b3IgbW9yZSBpbmZvcm1hdGlvbi4gVXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgaXMg > c3ViamVjdCB0byBBZ3JlZW1lbnRzIGF0IGh0dHA6Ly9wcm9kcm9vdGhpZ2gxLnBr > aS5lbGVjdHJvbmljaGVhbHRoLm5ldC5hdS9wcm9kcm9vdGhpZ2gxLzAqBgkqJAGP > UYdqBQIwHTAbBggrBgEFBQcCAjAPGg1Mb3cgQXNzdXJhbmNlMC8GCSokAY9Rh2oF > AzAiMCAGCCsGAQUFBwICMBQaEk1vZGVyYXRlIEFzc3VyYW5jZTAoBgoqJAGPUYdq > BgQAMBowGAYIKwYBBQUHAgIwDBoKSXNzdWluZyBDQTCBswYIKwYBBQUHAQEEgaYw > gaMwVQYIKwYBBQUHMAKGSWh0dHA6Ly9uZWh0YWRlbW8ubWFuYWdlZC5lbnRydXN0 > LmNvbS9BSUEvQ2VydHNJc3N1ZWR0b05FSFRBRGVtb1Jvb3RDQS5wN2MwSgYIKwYB > BQUHMAGGPmh0dHA6Ly9uZWh0YWRlbW8ubWFuYWdlZC5lbnRydXN0LmNvbS9PQ1NQ > L05FSFRBUm9vdENBUmVzcG9uZGVyMIGZBgNVHR8EgZEwgY4wQaA/oD2GO2h0dHA6 > Ly9uZWh0YWRlbW8ubWFuYWdlZC5lbnRydXN0LmNvbS9DUkxzL05FSFRBREVNT1Jv > b3QuY3JsMEmgR6BFpEMwQTELMAkGA1UEBhMCQVUxEjAQBgNVBAoTCU5FSFRBRGVt > bzEPMA0GA1UECxMGUm9vdENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBDg > Yh+sUVo0ZnLXWMH0NWk/6JFbMB0GA1UdDgQWBBRaPSKrShmC/GJzkLtwm/s56ZsS > rDAZBgkqhkiG9n0HQQAEDDAKGwRWOC4xAwIAgTANBgkqhkiG9w0BAQUFAAOCAQEA > XQTFvV+bBpJshxlfy9bm1gq2ZALukwYPkVB8GhKM43yqT+ZbxwC0im8PYNhbvzRB > lzo5b50mfZcYaC97Ey5zs511qvyFAiJuZdtPTtmrEw10G+uyGqdLjL+OZTcyVwk3 > 8KAYAaSxc7BhBGxsnLf01bKUmK1HSj2anrKk/81PLIaJId2L7IfcrZFi+OlUZfAK > THa5ayk8fxu/pI1WjHQy6+HW1IfDmKQJz+uVbTIq03XmuCW4Bwd3U2qjFhtVuQd3 > TjWcRm05d+1p/LSAKFH+jSzorewiG+URvef8Lznwbg/ChbNSaRnlLV9WQqBMsELZ > 54vPc3pZhOkfrthJYni8jA==</X509Certificate> > <X509SubjectName>OU=SubCA,O=NEHTADemo,C=AU</X509SubjectName> > <X509IssuerSerial> > <X509IssuerName>OU=RootCA,O=NEHTADemo,C=AU</X509IssuerName> > <X509SerialNumber>1299806581</X509SerialNumber> > </X509IssuerSerial> > <X509Certificate>MIIDJDCCAgygAwIBAgIETXlw6TANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJB > VTESMBAGA1UEChMJTkVIVEFEZW1vMQ8wDQYDVQQLEwZSb290Q0EwHhcNMTEwMzEx > MDAxNjMzWhcNMjEwMzExMDA0NjMzWjAyMQswCQYDVQQGEwJBVTESMBAGA1UEChMJ > TkVIVEFEZW1vMQ8wDQYDVQQLEwZSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB > DwAwggEKAoIBAQCz3qq/Tw5CkP+gQl+uhyislJauKGzJS/uyTveAjnuqzdTR4+bC > MFeMjIH3da770r2n52MtLgYxhCo50YJzaAKAchV2+GDK0q+KRnut7d+obSamr9Vp > fMFtYctNvZFaRpPKCOqyz7WfOleOmtaNLv26CUnszM4/nZBcD7CNuoItyX81e4a0 > edMFvg3rqIv7OPg+NSDNYpnBB9rdmbSe1FCLBERon5gsdPGFzh8x5DLtMpZZCwL6 > Q1srclXWLMpnfMAgXDcH8FaLGHVYSfsrHQh9uCCuoV602eic+SgE66/xQ5Uy/OHV > oZJeB1bLzAk2OxIo8pHuVCMeH178xCI1tAGdAgMBAAGjQjBAMA4GA1UdDwEB/wQE > AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQQ4GIfrFFaNGZy11jB9DVp > P+iRWzANBgkqhkiG9w0BAQUFAAOCAQEAcMwGYh5iXTWjYev2+Mmm5IIUD9xRntah > qWo/lNsWP/Lb3dVpdyxQ5hQt/nFmER7SkXHZT394/deWCdh3E2LE6AE2cIZuQYr+ > 1aHbKWYeAkCnHUjdzszuZ2bEp9FW4Y0+dlH4V71LnobHwWQre/PZFTFNlZjf1xYF > giI5YK2MeOSsWaB2ACPkq4gDY4JnsNKK3QCX2xR/zeSG1l3Zjp8A07Z0ldvUiwfa > IFGo8rkHkbbNifCco7d8+6NPiy0qwTG5/Htt9hb7pJ5IStoLSX6AAzKevt/GaRga > xChYv35zMQF6Bgjkk8LXsQiA2oi8r995oFTKCDbDMYdksyK7FyoFHQ==</X509Certificate> > <X509SubjectName>OU=RootCA,O=NEHTADemo,C=AU</X509SubjectName> > <X509IssuerSerial> > <X509IssuerName>OU=RootCA,O=NEHTADemo,C=AU</X509IssuerName> > <X509SerialNumber>1299804393</X509SerialNumber> > </X509IssuerSerial> > <X509Certificate>MIIIvjCCB6agAwIBAgIETXqLsTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJB > VTESMBAGA1UEChMJTkVIVEFEZW1vMQ4wDAYDVQQLEwVTdWJDQTAeFw0xMjAzMDUw > MTQyNDlaFw0xMzAzMDUwMDAwMDBaMIGfMRIwEAYKCZImiZPyLGQBGRYCQVUxEzAR > BgoJkiaJk/IsZAEZFgNORVQxIDAeBgoJkiaJk/IsZAEZFhBFTEVDVFJPTklDSEVB > TFRIMRQwEgYDVQQKEwtNZWRpY2FyZTMwNTE8MDoGA1UEAxMzZ2VuZXJhbC44MDAz > NjIwODMzMzM3NTU4LmlkLmVsZWN0cm9uaWNoZWFsdGgubmV0LmF1MIIBIjANBgkq > hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21303diBXMqVg0Z366xYZc4qCTeHd9zf > oHWJRAd7/YQlfMu3q21sb7MqQI3N88bmQxICn2tg5HRPKh8rB9RqGT8gzGpKiMbz > KFxz81dzzj87gkYkLF57WiuKARKqp98nx2mTIELKcN1ahejHbo2cVjHpkQ+m17Dt > TZJ5sUxna2OT6+qTWEBlilnjsiit2M96iNs1/Y4eySRRCDKNXF2virN/5cqzjfRk > iKTwfgKNQ09MNeCN+wl588JKuGmIzZ8kKQveXzHEvS9eUFQid1ZOVy8x+0jeoUHO > YTNoRb1wckdtV7eFFx5fERE/KuTvjvMchCBezZWYz0WwUXiSKX0/qQIDAQABo4IF > bTCCBWkwDgYDVR0PAQH/BAQDAgSwMIIBMAYIKwYBBQUHAQEEggEiMIIBHjBJBggr > BgEFBQcwAYY9aHR0cDovL25laHRhZGVtby5tYW5hZ2VkLmVudHJ1c3QuY29tL09D > U1AvTkVIVEFTdWJDQVJlc3BvbmRlcjBUBggrBgEFBQcwAoZIaHR0cDovL25laHRh > ZGVtby5tYW5hZ2VkLmVudHJ1c3QuY29tL0FJQS9DZXJ0c0lzc3VlZHRvTkVIVEFE > ZW1vU3ViQ0EucDdjMHsGCCsGAQUFBzAChm9sZGFwOi8vbmVodGFkZW1vLm1hbmFn > ZWQuZW50cnVzdC5jb20vb3U9U3ViQ0Esbz1ORUhUQURlbW8sYz1BVT9jQUNlcnRp > ZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjtiaW5hcnkwHQYDVR0l > BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwggIyBgNVHSAE > ggIpMIICJTCCAcQGDCokAY9Rh2oBAwEEAzCCAbIwZQYIKwYBBQUHAgEWWWh0dHA6 > Ly9wb2xpY3kudGVzdHN1Ym1vZDEucGtpLmVsZWN0cm9uaWNoZWFsdGgubmV0LmF1 > L3Rlc3RzdWJtb2QxL3BvbGljeS9OQVNIX0hQSU9fQ1AucGRmMIIBRwYIKwYBBQUH > AgIwggE5GoIBNUNlcnRpZmljYXRlcyB1bmRlciB0aGlzIHBvbGljeSBhcmUgaXNz > dWVkIGJ5IHRoZSBOQVNIIFN1Ym9yZGluYXRlIENBIHRvIEhlYWx0aGNhcmUgUHJv > dmlkZXIgT3JnYW5pc2F0aW9ucy4gUmVmZXIgdG8gaHR0cDovL3Rlc3RzdWJtb2Qx > LnBraS5lbGVjdHJvbmljaGVhbHRoLm5ldC5hdS90ZXN0c3VibW9kMS8gZm9yIG1v > cmUgaW5mb3JtYXRpb24uIFVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGlzIHN1Ympl > Y3QgdG8gQWdyZWVtZW50cyBhdCBodHRwOi8vdGVzdHN1Ym1vZDEucGtpLmVsZWN0 > cm9uaWNoZWFsdGgubmV0LmF1L3Rlc3RzdWJtb2QxLzAqBgkqJAGPUYdqBQIwHTAb > BggrBgEFBQcCAjAPGg1Mb3cgQXNzdXJhbmNlMC8GCiokAY9Rh2oGBwMwITAfBggr > BgEFBQcCAjATGhFXZWJTZXJ2aWNlIERldmljZTCBgQYDVR0RBHoweIIzZ2VuZXJh > bC44MDAzNjIwODMzMzM3NTU4LmlkLmVsZWN0cm9uaWNoZWFsdGgubmV0LmF1hkFo > dHRwOi8vbnMuZWxlY3Ryb25pY2hlYWx0aC5uZXQuYXUvaWQvaGkvaHBpby8xLjAv > ODAwMzYyMDgzMzMzNzU1ODCB+wYDVR0fBIHzMIHwMIGjoIGgoIGdhjpodHRwOi8v > bmVodGFkZW1vLm1hbmFnZWQuZW50cnVzdC5jb20vQ1JMcy9ORUhUQURFTU9TdWIu > Y3Jshl9sZGFwOi8vbmVodGFkZW1vLm1hbmFnZWQuZW50cnVzdC5jb20vb3U9U3Vi > Q0Esbz1ORUhUQURlbW8sYz1BVT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2Jp > bmFyeTBIoEagRKRCMEAxCzAJBgNVBAYTAkFVMRIwEAYDVQQKEwlORUhUQURlbW8x > DjAMBgNVBAsTBVN1YkNBMQ0wCwYDVQQDEwRDUkw4MB8GA1UdIwQYMBaAFFo9IqtK > GYL8YnOQu3Cb+znpmxKsMB0GA1UdDgQWBBTJ0D/1ayPl4d+NQZLxTUdJVGr/ZDAN > BgkqhkiG9w0BAQUFAAOCAQEAEFvbTBlGeI1rj8mNZDQtoNN7pFdR1WH3N1Exbcez > +zoUncZXAIqmvVG/pTxuDpaLx2Kg+JIBbYZSvFp/RRiea3DuV416c7yqcsbfBhMO > pwqZs8e0UUKKMugrSy7Z2DXCTjGlxNw9gR8QDdz+ddn98dRqAlh/UV289sFBNEbK > 5PLtjgtUxhqzn9CKmxgLO2RUkIJvWmVDRF+SvOzb8/QcGk3OX3YlWFlMeTsaHMyK > KKnbmkrGRlj1sfK4OUWmdaLKWbIhvA2eBf5iHlwSiZ0I2LuXp2TI29KCPmCaHmkd > h1AZzEQWh1sXCpUScS+dNkKaJiqMvuPRVBFniv5W/XZjNg==</X509Certificate> > <X509SubjectName>CN=general.8003620833337558.id.electronichealth.net.au,O=Medicare305,DC=ELECTRONICHEALTH,DC=NET,DC=AU</X509SubjectName> > <X509IssuerSerial> > <X509IssuerName>OU=SubCA,O=NEHTADemo,C=AU</X509IssuerName> > <X509SerialNumber>1299876785</X509SerialNumber> > </X509IssuerSerial> > </X509Data> > <KeyValue> > <RSAKeyValue> > <Modulus> > 21303diBXMqVg0Z366xYZc4qCTeHd9zfoHWJRAd7/YQlfMu3q21sb7MqQI3N88bm > QxICn2tg5HRPKh8rB9RqGT8gzGpKiMbzKFxz81dzzj87gkYkLF57WiuKARKqp98n > x2mTIELKcN1ahejHbo2cVjHpkQ+m17DtTZJ5sUxna2OT6+qTWEBlilnjsiit2M96 > iNs1/Y4eySRRCDKNXF2virN/5cqzjfRkiKTwfgKNQ09MNeCN+wl588JKuGmIzZ8k > KQveXzHEvS9eUFQid1ZOVy8x+0jeoUHOYTNoRb1wckdtV7eFFx5fERE/KuTvjvMc > hCBezZWYz0WwUXiSKX0/qQ== > </Modulus> > <Exponent> > AQAB > </Exponent> > </RSAKeyValue> > </KeyValue> > </KeyInfo> > </Signature> > </References> > > > > On Tue, Jun 12, 2012 at 12:53 PM, Aleksey Sanin <[email protected]> wrote: >> Not sure what do you mean. There should be 3 digests and one signature. >> >> Aleksey >> >> >> On 6/11/12 6:58 PM, Giancarlo Piva wrote: >>> Hi Aleksey, >>> >>> I am tring to use xmlsec1 in linux to sign multiple parts of an xml >>> document (header, body, timestamp) >>> in my template i have 3 digests with 3 uris >>> xmlsec works fine but I end up with three signature instead of one in >>> the output file >>> >>> I am using xmlsec1 --sign --output test.xml --pkcs12 ./certs/cert.p12 >>> --pwd Password --trusted-pem ./certs/RootCA.crt ./xml/template.xml >>> >>> is there an option to sign multiple part of a doc via command line? >>> >>> Kind Regards, >>> >>> Carlo >>> >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
