[xmlsec] A signed xml msg can't be verified

Aleksey Sanin aleksey at aleksey.com
Sat Jan 4 00:39:33 PST 2003

Hi, Derek!

First of all, it's probably a wrong way to create the signature in the 
way you did
(do sign document and next modify content). Depending on what are you 
you may easily invalidate you signature.
Regarding the error you have, I can only guess since you do not provide 
the document
(see http://www.aleksey.com/xmlsec/bugs.html for a list of required 
when you report bug/request help). I might be wrong but it seems that
you have a problem with ID attribute (see section 3.2 from FAQ).


Derek Lei Liu wrote:

>I construct the signed xml with xmlsec and then
>attached a manually created x509 section.  Although I
>can use xmlsec tool to verify the signed message
>itself (without x509 section). The whole message can't
>be verified due to following error: 
>I am still at beginner level on xml signature stuff,
>so could some expert point out to me what could went
># /usr/local/bin/xmlsec-11 verify --trusted CA.cert
>xmlSecTransformStateParseUri (transforms.c:1181):
>error 4: xml operation failed :
>xmlSecTransformStateCreate (transforms.c:881): error
>2: xmlsec operation failed :
>xmlSecReferenceRead (xmldsig.c:1602): error 2: xmlsec
>operation failed : xmlSecTransformStateCreate
>xmlSecSignedInfoRead (xmldsig.c:1476): error 2: xmlsec
>operation failed : xmlSecReferenceRead - -1
>xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec
>operation failed : xmlSecSignedInfoRead - -1
>xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec
>operation failed : xmlSecSignatureRead - -1
>Error: operation failed
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list