<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
Hello,<BR>
<BR>
I've an XMLDSig file which includes the signing certificate in a <ds:X509Certificate> tag, but xmlsec shows these error messages when I try to verify the signature with "xmlsec verify ..\endesa.xml":<BR>
<BR>
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKe<BR>ysMngrFindKey:error=1:xmlsec library function failed:<BR>
<BR>func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:<BR>subj=unknown:error=45:key is not found:<BR>
<BR>func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow<BR>n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:<BR>
<BR>func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecD<BR>SigCtxSigantureProcessNode:error=1:xmlsec library function failed:<BR>
<BR>Error: signature failed<BR>ERROR<BR>SignedInfo References (ok/all): 2/2<BR>Manifests References (ok/all): 0/0<BR>Error: failed to verify file "..\endesa.xml"<BR>
<BR>
The signature is OK, and I can verify this if I extract manually the certificate and, from openssl, get its public key and then, again from xmlsec, retry the verification so:<BR>
<BR>
xmlsec verify --pubkey endesa-pkey.pem ..\endesa.xml<BR>
<BR>
OK<BR>SignedInfo References (ok/all): 2/2<BR>Manifests References (ok/all): 0/0<BR>
<BR>
This is the certificate that xmlsec doesn't handle well:<BR>
<BR>
<ds:X509Certificate xmlns:ds="<A href="http://www.w3.org/2000/09/xmldsig">http://www.w3.org/2000/09/xmldsig</A>#"><BR>MIII2zCCB8OgAwIBAgIQZpIEicjJWTFxpWfnQvHRDTANBgkqhkiG9w0BAQUFADCB2jELMAkGA1UE<BR>BhMCRVMxDzANBgNVBAgTBk1hZHJpZDE3MDUGA1UEBxMuUGFzZW8gZGVsIEdlbmVyYWwgTWFydGlu<BR>ZXogQ2FtcG9zIDQ2LTZhIHBsYW50YTFLMEkGA1UEChNCQWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0<BR>aWZpY2FjaW9uIFMuTC4gVW5pcGVyc29uYWwgLSBDSUYgQjgzMzk1OTg4MTQwMgYDVQQDEytBTkNF<BR>UlQgQ2VydGlmaWNhZG9zIE5vdGFyaWFsZXMgQ29ycG9yYXRpdm9zMB4XDTA3MDExNzEzNDExMloX<BR>DTEwMDExNjEzNDExMlowggE+MQswCQYDVQQGEwJFUzE7MDkGA1UEChMyQ2VydGlmaWNhZG8gTm90<BR>YXJpYWwgQ29ycG9yYXRpdm8gZGUgUmVwcmVzZW50YWNpb24xODA2BgNVBAsTL0VOREVTQSBFTkVS<BR>R0lBIFMuQS4gVU5JUEVSU09OQUwgLSBDSUYgQTgxOTQ4MDc3MTcwNQYDVQQLEy5BdXRvcml6YWRv<BR>IGFudGUgTm90YXJpbyBTQU5USUFHTyBSVUJJTyBMSU5JRVJTMRIwEAYDVQQFEwkxODQxNDQ2N1Qx<BR>FjAUBgNVBAQTDUFaTkFSIEJSVVNDQVMxETAPBgNVBCoTCEZFUk5BTkRPMR8wHQYDVQQDExZGRVJO<BR>QU5ETyBBWk5BUiBCUlVTQ0FTMR8wHQYJKoZIhvcNAQkBFhBmYXpuYXJAZW5kZXNhLmVzMIGfMA0G<BR>CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9SYH3av2JmIf4gC37JxDaQUA4pKY5tTPPHuqbkJ0c9LfM<BR>JgsCGZ8+jC8xMRYVuuMlzqPlBzPR0Pw5NX4Egd5vkGAzLWvyqtk/JSfPQYtHlUDAGc2g/oXJE2Lq<BR>qsMOJWByyoQri1ZscpG3Xd40/V1qOBwQA6S5FdpJfyOM01HPEwIDAQABo4IEuDCCBLQwPwYIKwYB<BR>BQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5hYy5hbmNlcnQuY29tL29jc3AueHVk<BR>YTAfBgNVHSMEGDAWgBRRGituL85KOF50CLZR7ow3XROMrTAMBgNVHRMBAf8EAjAAMIGPBgNVHR8E<BR>gYcwgYQwgYGgf6B9hidodHRwOi8vd3d3LmFuY2VydC5jb20vY3JsL0FOQ0VSVENOQy5jcmyGKGh0<BR>dHA6Ly93d3cyLmFuY2VydC5jb20vY3JsL0FOQ0VSVENOQy5jcmyGKGh0dHA6Ly93d3czLmFuY2Vy<BR>dC5jb20vY3JsL0FOQ0VSVENOQy5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4G<BR>A1UdDwEB/wQEAwIE8DAbBgNVHREEFDASgRBmYXpuYXJAZW5kZXNhLmVzMBEGCWCGSAGG+EIBAQQE<BR>AwIHgDCCAmMGA1UdIASCAlowggJWMIICUgYMKwYBBAGBk2gBAwIBMIICQDCCAjwGCCsGAQUFBwIC<BR>MIICLjAKFgZBTkNFUlQwABqCAh5Fc3RlIGNlcnRpZmljYWRvIHNlIGV4cGlkZSBjb21vIENlcnRp<BR>ZmljYWRvIFJlY29ub2NpZG8gZGUgYWN1ZXJkbyBjb24gbGEgbGVnaXNsYWNpb24gdmlnZW50ZS4g<BR>TGEgZGVjbGFyYWNpb24gZGUgcHJhY3RpY2FzIGRlIGNlcnRpZmljYWNpb24geSBsYSBwb2xpdGlj<BR>YSBkZSBjZXJ0aWZpY2FjaW9uIHF1ZSByaWdlbiBlbCBmdW5jaW9uYW1pZW50byBkZSBlc3RlIGNl<BR>cnRpZmljYWRvIHNlIGVuY3VlbnRyYW4gZGlzcG9uaWJsZXMgZW4gaHR0cDovL3d3dy5hbmNlcnQu<BR>Y29tLgoKQ2xhc2UgQXBvZGVyYW1pZW50bzogQXBvZGVyYWRvIE1lcmNhbnRpbApMaW1pdGUgZGUg<BR>Q3VhbnRpYTogU2luIGxpbWl0ZSBkZSBjdWFudGlhClJlcHJlc2VudGFjaW9uOiBOb3RhcmlvIFNB<BR>TlRJQUdPIFJVQklPIExJTklFUlMgLSAjMTIgLSAyMDA2CkRhdG9zIHJlZ2lzdHJhbGVzIGRlbCBQ<BR>b2RlciBkZWwgUmVwcmVzZW50YW50ZTogUkVHSVNUUk8gTUVSQ0FOVElMIERFIE1BRFJJRCwgVE9N<BR>TyAxMjc5NywgRk9MSU8gMjA4LCBIT0pBIE0tMjA1MzgxLCBJTlNDUklQQ0lPTiAxCjAjBgorBgEE<BR>gZNoCgEBBBUTE0Fwb2RlcmFkbyBNZXJjYW50aWwwJQYKKwYBBIGTaAoBAgQXExVTaW4gbGltaXRl<BR>IGRlIGN1YW50aWEwOwYKKwYBBIGTaAoBAwQtEytOb3RhcmlvIFNBTlRJQUdPIFJVQklPIExJTklF<BR>UlMgLSAjMTIgLSAyMDA2MGEGCisGAQSBk2gKAQYEUxNRUkVHSVNUUk8gTUVSQ0FOVElMIERFIE1B<BR>RFJJRCwgVE9NTyAxMjc5NywgRk9MSU8gMjA4LCBIT0pBIE0tMjA1MzgxLCBJTlNDUklQQ0lPTiAx<BR>MA0GCSqGSIb3DQEBBQUAA4IBAQCrGMcH6PmCRMvWKrn/FARQkj0iSdKrzRBdSRvZf53anz5srD4y<BR>VTAevvd3ww93gT3zUCiKADKZszNmmIe2/ByWjdaGH6EXzyCsIGr/uKGgJuTbcD158L6GVz/1eK+k<BR>V5RcXPfHLYheTUKZBrAIR7mhOcjOCVZI8UJunjqYWBx0yKFC1iiuIbMicWu5UEJ3BRfC05DhJ8jf<BR>amTDu2vYaUKi0ig8/VjFg80h1j6WzcWKCMFNe8iT0V1+z7Dgy1Abes/MU+15Cl2Ruz9eJspWHeqm<BR>9wkbVX+2tDwMVVhfxSOm3IWTWwp7avzt0gBqExOSt8xD+/jpErd1npddRMiklfbK<BR></ds:X509Certificate><BR>
<BR>
Do you know why xmlsec fails to recover the public key from this certificate? (openssl command line tool works well with it)<BR>
<BR>
There is some solution?<RTE_TEXT></RTE_TEXT><BR><br /><hr />¡Accede al correo desde el móvil! <a href='http://vivelive.com/encuesta/' target='_new'>¿Qué opinas? </a></body>
</html>