Hello,
I was verifying whether xmlsec supports XAdES signature (Does it?). As
you probably know, XAdES is an European extension of XMLsign.
I'm able to sign the attached XAdES template without errors but
xmlsec1 is not able to verify its own resulting signature:
> xmlsec1 --version
xmlsec1 1.2.18 (openssl)
> xmlsec1 sign --pkcs12 ../../certificado-ceres-alfredo-esteban.p12 --output
> hola.xsig --pwd xxxxxxxxxxxxx ejemplo-xades-enveloped.xml
> xmlsec1 verify --trusted-der aet-cert.der ejemplo-xades-enveloped.xsig
> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid
> data:data and digest do not match
FAIL
SignedInfo References (ok/all): 1/2
Manifests References (ok/all): 0/0
Error: failed to verify file "ejemplo-xades-enveloped.xsig"
Is it a bug? Any help is welcome.
Thanks,
Alfredo
<?xml version="1.0" encoding="UTF-8"?>
<documento id="documento">
<titulo id="titulo">Documento de pruebas</titulo>
<descripcion id="descripcion">Documento destinado a realizar pruebas de firma</descripcion>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#"; Id="Signature504735">
<ds:SignedInfo Id="Signature-SignedInfo1024952">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="SignedPropertiesID429729" Type="http://uri.etsi.org/01903#SignedProperties"; URI="#Signature504735-SignedProperties48056">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1237555">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
<ds:Reference Id="Reference-ID-200615" URI="">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue552465">
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1237555">
<ds:X509Data>
<ds:X509Certificate>
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus></ds:Modulus>
<ds:Exponent></ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature504735-Object873466">
<etsi:QualifyingProperties Target="#Signature504735">
<etsi:SignedProperties Id="Signature504735-SignedProperties48056">
<etsi:SignedSignatureProperties>
<etsi:SigningTime></etsi:SigningTime>
<etsi:SigningCertificate>
<etsi:Cert>
<etsi:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</etsi:CertDigest>
<etsi:IssuerSerial>
<ds:X509IssuerName></ds:X509IssuerName>
<ds:X509SerialNumber></ds:X509SerialNumber>
</etsi:IssuerSerial>
</etsi:Cert>
</etsi:SigningCertificate>
</etsi:SignedSignatureProperties>
<etsi:SignedDataObjectProperties>
<etsi:DataObjectFormat ObjectReference="#Reference-ID-200615">
<etsi:Description></etsi:Description>
<etsi:MimeType></etsi:MimeType>
</etsi:DataObjectFormat>
</etsi:SignedDataObjectProperties>
</etsi:SignedProperties>
</etsi:QualifyingProperties>
</ds:Object>
</ds:Signature>
</documento>_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
