[xmlsec] Fail to verify symmetric sign

Aleksey Sanin aleksey at aleksey.com
Thu Mar 18 19:44:58 PDT 2010 

Please read the error carefully.

Aleksey

On 3/18/2010 6:15 PM, igor at das.ufsc.br wrote:
> Hello guys,
>
> I'm using xmlsec1 for encryption and signing, but I'm having trouble
> verifying the signature. I am signing only the Header of the SOAP message
> using HMAC with the same AES key to encrypt the message.
>
> Using the console, I can verify the signature with the following command:
> xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data
>
> My function in C that would verify the signature shows the following error:
>
> func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature
> is not implemented:
> func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId
> != xmlSecKeyDataIdUnknown:error=100:assertion:
> Error: failed to load des key from binary file "aeskey.bin"
> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize
>> 0:error=100:assertion:
> func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
> library function failed:dataSize=0
> Error: encryption failed
>
>
> I am using a function of the examples with a slight modification:
>
> int
> verify_file(const char* xml_file, const char* key_file) {
>      xmlDocPtr doc = NULL;
>      xmlNodePtr node = NULL;
>      xmlSecDSigCtxPtr dsigCtx = NULL;
>      int res = -1;
>
>      assert(xml_file);
>      assert(key_file);
>
>      /* load file */
>      doc = xmlParseFile(xml_file);
>      if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
> 	fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
> 	goto done;
>      }
>
>      /* find start node */
>      node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature,
> xmlSecDSigNs);
>      if(node == NULL) {
> 	fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
> 	goto done;
>      }
>
>      /* create signature context, we don't need keys manager in this
> example */
>      dsigCtx = xmlSecDSigCtxCreate(NULL);
>      if(dsigCtx == NULL) {
>          fprintf(stderr,"Error: failed to create signature context\n");
> 	goto done;
>      }
>
>      /* load AES key, assuming that there is not password */
>      dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId,
> key_file);
>      if(dsigCtx->signKey == NULL) {
>          fprintf(stderr,"Error: failed to load des key from binary file
> \"%s\"\n", key_file);
> 	goto done;
>      }
>
>      /* set key name to the file name, this is just an example! */
>      if(xmlSecKeySetName(dsigCtx->signKey, key_file)<  0) {
>      	fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n",
> key_file);
> 	goto done;
>      }
>
>      /* Verify signature */
>      if(xmlSecDSigCtxVerify(dsigCtx, node)<  0) {
>          fprintf(stderr,"Error: signature verify\n");
> 	goto done;
>      }
>
>      /* print verification result to stdout */
>      if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
> 	fprintf(stdout, "Signature is OK\n");
>      } else {
> 	fprintf(stdout, "Signature is INVALID\n");
>      }
>
>      /* success */
>      res = 0;
>
> done:
>      /* cleanup */
>      if(dsigCtx != NULL) {
> 	xmlSecDSigCtxDestroy(dsigCtx);
>      }
>
>      if(doc != NULL) {
> 	xmlFreeDoc(doc);
>      }
>      return(res);
> }
>
> Any help?
>
> BR,
> Igor
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list