[xmlsec] RetrievalMethod with local URI?

Aleksey Sanin aleksey at aleksey.com
Wed Jul 17 09:59:42 PDT 2002 

Thanks, the file made it clear: you have a mistake in your file.
The reference URI in RetrievalMethod should point to the
KeyValue, not the KeyInfo. It is not clear rom the spec but take
a look at the XML DSig archive:
    
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/0068.html

The correct file in your case should look like this one:

    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <KeyValue Id="foo">
             
<DSAKeyValue>                                                              
                ...
              </DSAKeyValue>
        </KeyValue>
    </KeyInfo>


Aleksey

John Belmonte wrote:

> Aleksey Sanin wrote:
>
>> How do you verify signature? Do you use xmlsec application or your code?
>
>
> Sorry about that, I'm using the xmlsec application.  That's what I 
> meant by "xmlsec tool".
>
> I'll attach the actual xml.  To verify, I run:
>
>     xmlsec verify <file>
>
>
> -John
>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><Envelope xmlns="urn:envelope">
>  <Data>
>    Hello, World!
>  </Data>
>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>    <SignedInfo>
>      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
>      <Reference URI="">
>        <Transforms>
>          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>        </Transforms>
>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>        <DigestValue>VweSIbNEl2P2r6lm+OL7hVJTwt8=</DigestValue>
>      </Reference>
>    </SignedInfo>
>    <SignatureValue>HfKV8YVy6s+YIEejVAXMW1wUlq8KXQH+XNMQmwDOkdzMMnIvgTOtUw==</SignatureValue>
>    <KeyInfo>
>      <RetrievalMethod URI="#foo"/>
>    </KeyInfo>
>  </Signature>
>  <KeyInfo Id="foo" xmlns="http://www.w3.org/2000/09/xmldsig#">
>    <KeyValue>
>      <DSAKeyValue>
>        <P>
>        iqx200qTk5ojXcvGRmTXtwLmBwDrmWoBfl0L1VzxQm0BDjmnVgoCIiyeeYQH7YDB
>        iuP7f2AcJrocqaBa4pi+hG1pu/WfAyc2sc9dPavAqDo99ywL58dhE3blIL/bXhy7
>        MH4NzXY7196xTCuZyMBnZQ3qxUReghREd22m2YmFe60=
>        </P>
>        <Q>
>        nAIxeeJw9cjPjjD5NPT4X4I1eqU=
>        </Q>
>        <G>
>        Wai06HIyzWrDJzaMtPeYbi3DXlIf0N9eBgEcDDvK77ikG8+9A9iw6ymStZJdummy
>        MpBEKh7rSQ9GfaGvrBUyUlS34qaH7dvMfTHPWV9y1xaSysjuUT7U0dOxeBQw4uDF
>        sQXwcJS+UT/twnWlYBf1L5OdNy4mq0wib6pfevWsLEo=
>        </G>
>        <Y>
>        Oux1jjrB5ZYxIk1HHCBw5razG03KNhsHPDSU7ibHjWz+PonMTH6Tbcs32mCMaaOG
>        k1YKuPpTwemHhr0JbR2DbyLJzCBdLUe9Czr2UF70euSr+SHPvSluqMByRmS3mNKL
>        tUaYERHYl8dqzOEHTfD1D0QY2aCzAXrpYt56UEwMCoM=
>        </Y>
>      </DSAKeyValue>
>    </KeyValue>
>  </KeyInfo>
></Envelope>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20020717/462c677a/attachment.htm

More information about the xmlsec mailing list