I'm actually still looking at this, and it seems they have a problem with the files I generated as well.
The DigestValue seems to be correct. But the signature seems to be incorrect for some reason. I created a canonical version of my xml file, and sha256sum reports the same as the value in DigestValue. So I don't think I'm having problems with things like whitespace in my file. However when I put the decoded value of the SignatureValue in a file and try to use openssl dgst to verify the signuatre the check fails. I can verify my signed xml file with the library, so it's making no sense to me at this time. I can't seem to generate the canonical xml file for the file they send me. The sha256sum for the file I generated is wrong, but the library seems to say it has the correct DigestValue. So I must be doing something wrong here. Kurt On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote: > Great. From experience, most likely reasons for that are: > 1) Whitespaces and line ends are important in XML (and signatures). > 2) C14N is not as easy as it sounds. > > Best, > > Aleksey > > On 11/25/12 12:20 PM, Kurt Roeckx wrote: > > On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote: > >> I'm starting to get convinced that the file I'm getting > >> isn't properly signed, or not with the key the claim it's > >> signed with. > > > > I can verify the file I generate myself and sign myself, so > > I'll just blame the other side. > > > > > > Kurt > > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
