[xmlsec] xmlse usage

Wayne Cheng chengw168 at yahoo.com
Sun Dec 22 21:14:51 PST 2002 

Hi Aleksey,

Thanks for your help, I modify xml.txt for the right signature
algorithm. Now, the following signing works. 

xmlsec sign  --privkey:signed ./signing.key xml.txt >xml.signed

I wonder if it is possible to use the certificate to verify
the signed document. So far, I can use the folllowing format
to verify the signed document. 
xmlsec verify --print-signature .cert xml.signed 

If I use the format:
xmlsec verify --pubkey:signed ./signing.cert xml.signed
or
xmlsec verify --print-signature  --pubkey:signed ./signing.cert xml.signed

It will complain about the wrong format. 

Thanks,

Wayne



--- Aleksey Sanin <aleksey at aleksey.com> wrote:
> Forgot to say that algorithm and all other signature parameters used by 
> xmlsec
> utility are in the templates file. Please read XML Digital Signature 
> spec for details.
> 
> Aleksey
> 
> Aleksey Sanin wrote:
> 
> > I am not sure I clear understand what does the "generation algorithm 
> > RSA-SHA1" mean
> > but assuming that server.key has a private RSA key then you should 
> > check that xml.txt
> > template uses RSA-SHA1 signature algorithm. This is the only reasons I 
> > can think of for
> > the error you have.
> >
> > BTW, I think it'll be very helpful if you send related files next time :)
> >
> > Aleksey
> >
> >
> >
> > Wayne Cheng wrote:
> >
> >> Thank you so much for your quick response.
> >>
> >> The server.key generation algorithm we used is RSA-sha1. I am not 
> >> sure where to
> >> find/change
> >> algorithm used for signature for xmlsec utility.
> >>
> >> I tried the new format and it still not working. Also, I am not sure 
> >> if rename
> >> for server is required or not.
> >>
> >> bash-2.05$ xmlsec sign --privkey:server ./server.key xml.txt
> >> xmlSecKeysMngrGetKey (keys.c:451): error 17: key not found :
> >> xmlSecSignedInfoRead (xmldsig.c:1385): error 17: key not found :
> >> xmlSecSignatureRead (xmldsig.c:1124): error 2: xmlsec operation failed :
> >> xmlSecS
> >> ignedInfoRead - -1
> >> xmlSecDSigGenerate (xmldsig.c:792): error 2: xmlsec operation failed :
> >> xmlSecSig
> >> natureRead - -1
> >> Error: xmlSecDSigGenerate() failed
> >> Error: operation failed
> >> bash-2.05$
> >>
> >> Thanks,
> >>
> >> Wayne
> >>  
> >>
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

More information about the xmlsec mailing list