Thanks a lot Aleksey, now I got the command line verification to work as excpected.
The solution was to use several --id-attr parameters to xmlsec1. This is the command line I used: xmlsec1 --verify --id-attr:ID 'http://www.mycompany.com/myapp:Routing' --id-attr:ID 'http://www.w3.org/2001/12/soap-envelope:Body' signedmod.xml The command invocation adds the ID:s for both the "Routing" and the "Body" tag. When called with the XML I provided below, xmlsec1 will correctly come to the conclusion that the signature of that document does not match - since I have modified it. This is the output I get: ============================= func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Error: failed to verify file "signedmod.xml" ============================= When used with a document with a signature that does match I get: ============================= OK SignedInfo References (ok/all): 2/2 Manifests References (ok/all): 0/0 ============================= Now the command line is up and running, so then I should be able to do the same in code using xmlAddID(). Many thanks. Regards /Magnus > Date: Tue, 18 Dec 2012 08:10:54 -0800 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [xmlsec] Verifying signature for enveloped signature with > multiple signatures > > Section 3.2 in the FAQ > > http://www.aleksey.com/xmlsec/faq.html > > Aleksey >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
