Try xmlsec with --store-signatures option Aleksey
On 11/26/12 12:06 PM, Kurt Roeckx wrote: > I'm actually still looking at this, and it seems they have a problem > with the files I generated as well. > > The DigestValue seems to be correct. But the signature seems to > be incorrect for some reason. > > I created a canonical version of my xml file, and sha256sum > reports the same as the value in DigestValue. So I don't think > I'm having problems with things like whitespace in my file. > > However when I put the decoded value of the SignatureValue in > a file and try to use openssl dgst to verify the signuatre the > check fails. I can verify my signed xml file with the library, > so it's making no sense to me at this time. > > I can't seem to generate the canonical xml file for the file > they send me. The sha256sum for the file I generated is wrong, > but the library seems to say it has the correct DigestValue. > So I must be doing something wrong here. > > > Kurt > > On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote: >> Great. From experience, most likely reasons for that are: >> 1) Whitespaces and line ends are important in XML (and signatures). >> 2) C14N is not as easy as it sounds. >> >> Best, >> >> Aleksey >> >> On 11/25/12 12:20 PM, Kurt Roeckx wrote: >>> On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote: >>>> I'm starting to get convinced that the file I'm getting >>>> isn't properly signed, or not with the key the claim it's >>>> signed with. >>> >>> I can verify the file I generate myself and sign myself, so >>> I'll just blame the other side. >>> >>> >>> Kurt >>> >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
