[xmlsec] A signed xml msg can't be verified
Derek Lei Liu
leiliu98 at yahoo.com
Sat Jan 4 14:38:22 PST 2003
Thanks Aleksey! I agree that manually attach the x509
section is a bad idea and it is very likely the root
cause of my problem. So I need to change that. The
code we are using was derived from one of your example
(the 2nd one I believe). However, that sample doesn't
have x509 related functions. I just browsed the
xmlsec
API reference and found some x509 related functions.
However, since I am pretty new to xml signature stuff,
I don't know how to use them. Do you happen to have
some sample code for signing xml message and attach
with x509 certificates? Or any pointers might be
helpful?
thanks
Derek
--- Aleksey Sanin <aleksey at aleksey.com> wrote:
> Hi, Derek!
>
> First of all, it's probably a wrong way to create
> the signature in the
> way you did
> (do sign document and next modify content).
> Depending on what are you
> signing
> you may easily invalidate you signature.
> Regarding the error you have, I can only guess since
> you do not provide
> the document
> (see http://www.aleksey.com/xmlsec/bugs.html for a
> list of required
> information
> when you report bug/request help). I might be wrong
> but it seems that
> you have a problem with ID attribute (see section
> 3.2 from FAQ).
>
>
> Aleksey
>
> Derek Lei Liu wrote:
>
> >Hi,
> >
> >I construct the signed xml with xmlsec and then
> >attached a manually created x509 section. Although
> I
> >can use xmlsec tool to verify the signed message
> >itself (without x509 section). The whole message
> can't
> >be verified due to following error:
> >
> >I am still at beginner level on xml signature
> stuff,
> >so could some expert point out to me what could
> went
> >wrong?
> >
> >thanks
> >
> >Derek
> >
>
>====================================================
>
> >
> ># /usr/local/bin/xmlsec-11 verify --trusted CA.cert
> >./pares.txt
> >xmlSecTransformStateParseUri (transforms.c:1181):
> >error 4: xml operation failed :
> >xmlXPtrEval(PARes1041661547-977789)
> >xmlSecTransformStateCreate (transforms.c:881):
> error
> >2: xmlsec operation failed :
>
>xmlSecTransformStateParseUri(#PARes1041661547-977789)
> >xmlSecReferenceRead (xmldsig.c:1602): error 2:
> xmlsec
> >operation failed : xmlSecTransformStateCreate
> >xmlSecSignedInfoRead (xmldsig.c:1476): error 2:
> xmlsec
> >operation failed : xmlSecReferenceRead - -1
> >xmlSecSignatureRead (xmldsig.c:1175): error 2:
> xmlsec
> >operation failed : xmlSecSignedInfoRead - -1
> >xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec
> >operation failed : xmlSecSignatureRead - -1
> >ERROR
> >Error: operation failed
> >
> >
> >__________________________________________________
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> >http://mailplus.yahoo.com
> >_______________________________________________
> >xmlsec mailing list
> >xmlsec at aleksey.com
> >http://www.aleksey.com/mailman/listinfo/xmlsec
> >
> >
>
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the xmlsec
mailing list