<div class="gmail_quote">Hi<div><br></div><div>We are trying to sign an XMl document with an X509 certificate, but any having problems getting the X509Data node populated. </div><div><br></div><div>We are following Philippe Camacho's tutorial here:</div>


<div><a href="http://www.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html#htoc7" target="_blank">http://www.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html#htoc7</a><br clear="all"><br></div><div>The command that we use is copied from the tutorial, and we are using the keysncerts.zip file that contains the appropriate keys and certificates. </div>


<div><br></div><div>The command (using v 1.2.16 on Mac OSX 10.6) is: </div><div>xmlsec1 --sign --pkcs12 usercert.p12 --trusted-pem cacert.pem --pwd hello doc-x509.xml</div><div><br></div><div>The contents of the doc-x509.xml is (the document we are trying to sign):</div>


<div><div><References></div><div> <Book></div><div>  <Author></div><div>   <FirstName>Bruce</FirstName></div><div>   <LastName>Schneier</LastName></div><div>  </Author></div>


<div>  <Title>Applied Cryptography</Title></div><div> </Book></div><div> <Web></div><div>  <Title>XMLSec</Title></div><div>  <Url><a href="http://www.aleksey.com/xmlsec/" target="_blank">http://www.aleksey.com/xmlsec/</a></Url></div>


<div> </Web></div><div> <Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"></div><div>  <SignedInfo></div><div>   <CanonicalizationMethod Algorithm=</div>


<div>    "<a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>"/></div><div>   <SignatureMethod Algorithm=</div><div>    "<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/></div>


<div>   <Reference URI=""></div><div>    <Transforms></div><div>     <Transform Algorithm=</div><div>      "<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>" /></div>


<div>    </Transforms></div><div>    <DigestMethod Algorithm=</div><div>      "<a href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>"/></div><div>

    <DigestValue></DigestValue></div>
<div>   </Reference></div><div>  </SignedInfo></div><div>  <SignatureValue /></div><div>  <KeyInfo></div><div>   <X509Data ></div><div>    <X509SubjectName/></div><div>    <X509IssuerSerial/></div>


<div>    <X509Certificate/></div><div>   </X509Data></div><div>   <KeyValue /></div><div>  </KeyInfo></div><div> </Signature></div><div></References></div></div><div><br></div><div>We get this output from running the command:</div>


<div><br></div><div><div><?xml version="1.0"?></div><div><References></div><div>    <Book></div><div>        <Author></div><div>            <FirstName>Bruce</FirstName></div>

<div>
            <LastName>Schneier</LastName></div><div>        </Author></div><div>        <Title>Applied Cryptography</Title></div><div>    </Book></div><div>    <Web></div><div>        <Title>XMLSec</Title></div>


<div>        <Url><a href="http://www.aleksey.com/xmlsec/" target="_blank">http://www.aleksey.com/xmlsec/</a></Url></div><div>    </Web></div><div>    <Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"></div>


<div>        <SignedInfo></div><div>            <CanonicalizationMethod Algorithm="<a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>"/></div>


<div>                <SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/></div><div>                <Reference URI=""></div>


<div>                <Transforms></div><div>                    <Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/></div>


<div>                </Transforms></div><div>                <DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>"/></div>

<div>                <DigestValue>V0ilDen0qBzCslw7EkJfhWO13/I=</DigestValue></div>
<div>            </Reference></div><div>        </SignedInfo></div><div>        <SignatureValue>jWDgAy5cp6+EnitDkTUiIaXMsN6tW5rEFQsTabuSm8kW7CMUEVqYxUZGT6YWtWLS</div><div>lbCQNxOFChDSQpu30B5MIAaR+j8/FfrAmERlXv7RWzY5mb/4InvUoDF4Bs10Rqb2</div>


<div>twHNsyLPpW9FTeQ7Z3ftaXShKcyPeh6zOvMwDRKLxdQ=</SignatureValue></div><div>        </div><div>        <KeyInfo></div><div>            <X509Data></div><div>                </div><div>                </div>


<div>                </div><div>            </X509Data></div><div>            <KeyValue></div><div><RSAKeyValue></div><div><Modulus></div><div>vBKEgNWKPbRcULxXcGzxefpve5Fryuc+CQwJz3YujE1z8jMKuLD2C700amz9vBqd</div>


<div>aBlsrm9rjpjbtrEWEeja42T1kTaWPRRB6AV0EaUQg632GWkcVKpOeZcAqtpId3bL</div><div>GFV74moYiu3JNCW5ZU084Ipd3zO5sWBaqVQxcyufwnM=</div><div></Modulus></div><div><Exponent></div><div>AQAB</div><div></Exponent></div>


<div></RSAKeyValue></div><div></KeyValue></div><div>        </KeyInfo></div><div>        </div><div>    </Signature></div><div></References></div></div><div><br></div><div>As you can see, the X509Data node is blank. </div>


<div><br></div><div>We have tried including the --print-xml-debug option, and this shows a number of fields, including:</div><div><br></div><div><div><X509Data></div><div><KeyCertificate></div><div><SubjectName>/C=CL/ST=RM/O=littlecryptographer/CN=John Smith/emailAddress=<a href="mailto:jsmith@hello.com" target="_blank">jsmith@hello.com</a></SubjectName></div>


<div><IssuerName>/C=CL/ST=RM/L=Santiago/O=littlecryptographer/CN=Philippe Camacho/emailAddress=<a href="mailto:lostilos@free.fr" target="_blank">lostilos@free.fr</a></IssuerName></div><div><SerialNumber>11E</SerialNumber></div>


<div></KeyCertificate></div><div></X509Data></div></div><div><br></div><div>We have also tried these commands with our own generated keys, and different XML files too. We get the same result each time. </div>

<div>
<br></div><div>I have searched this mailing list, and note that Braja Biswal had a similar problem:</div><div><a href="http://www.aleksey.com/pipermail/xmlsec/2009/008672.html" target="_blank">http://www.aleksey.com/pipermail/xmlsec/2009/008672.html</a></div>


<div><br></div><div>We would really appreciate any help, as we seem to be out of ideas. Our last idea is to try the same approach using Ubuntu - perhaps this is "a Mac thing". We used MacPorts to install Xmlsec.</div>


<div><br></div><div>Thanks</div><div><br></div><div>Nigel</div><div><br></div><div><br></div><div><br>-- <br>Nigel Ramsay<br>Principal Consultant<br>Able Technology<br><br><div>04 910 3100<br>021 323 990<div><a href="http://www.abletech.co.nz" target="_blank">http://www.abletech.co.nz</a><br>


<a href="http://nigel.ramsay.org.nz" target="_blank">http://nigel.ramsay.org.nz</a></div></div><br>
</div>
</div><br>