[xmlsec] A signed xml msg can't be verified
Derek Lei Liu
leiliu98 at yahoo.com
Sat Jan 4 14:38:22 PST 2003
Thanks Aleksey! I agree that manually attach the x509
section is a bad idea and it is very likely the root
cause of my problem. So I need to change that. The
code we are using was derived from one of your example
(the 2nd one I believe). However, that sample doesn't
have x509 related functions. I just browsed the
API reference and found some x509 related functions.
However, since I am pretty new to xml signature stuff,
I don't know how to use them. Do you happen to have
some sample code for signing xml message and attach
with x509 certificates? Or any pointers might be
--- Aleksey Sanin <aleksey at aleksey.com> wrote:
> Hi, Derek!
> First of all, it's probably a wrong way to create
> the signature in the
> way you did
> (do sign document and next modify content).
> Depending on what are you
> you may easily invalidate you signature.
> Regarding the error you have, I can only guess since
> you do not provide
> the document
> (see http://www.aleksey.com/xmlsec/bugs.html for a
> list of required
> when you report bug/request help). I might be wrong
> but it seems that
> you have a problem with ID attribute (see section
> 3.2 from FAQ).
> Derek Lei Liu wrote:
> >I construct the signed xml with xmlsec and then
> >attached a manually created x509 section. Although
> >can use xmlsec tool to verify the signed message
> >itself (without x509 section). The whole message
> >be verified due to following error:
> >I am still at beginner level on xml signature
> >so could some expert point out to me what could
> ># /usr/local/bin/xmlsec-11 verify --trusted CA.cert
> >xmlSecTransformStateParseUri (transforms.c:1181):
> >error 4: xml operation failed :
> >xmlSecTransformStateCreate (transforms.c:881):
> >2: xmlsec operation failed :
> >xmlSecReferenceRead (xmldsig.c:1602): error 2:
> >operation failed : xmlSecTransformStateCreate
> >xmlSecSignedInfoRead (xmldsig.c:1476): error 2:
> >operation failed : xmlSecReferenceRead - -1
> >xmlSecSignatureRead (xmldsig.c:1175): error 2:
> >operation failed : xmlSecSignedInfoRead - -1
> >xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec
> >operation failed : xmlSecSignatureRead - -1
> >Error: operation failed
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up
> >xmlsec mailing list
> >xmlsec at aleksey.com
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
More information about the xmlsec