[EGB] Re: [xmlsec] [Q.] verification fail (can not find <KeyInfo>)

EGB:STONEROSES at MATRIX (Blusjune Jung / Daum.net) blusjune at daum.net
Fri Jan 10 08:18:16 PST 2003

A. Sanin > As far as I can understand the spec, 
A. Sanin > 
A. Sanin > <dsig:RetrievalMethod 
A. Sanin > Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" .../> 
A. Sanin > should point to <dsig:RSAKeyValue/> element.In your XML it points to 
A. Sanin > <dsig:KeyInfo/> 
A. Sanin > element which seems wrong to me. I would agree that the XML DSig is not 
A. Sanin > fully clear 
A. Sanin > here but I believe there was a disussion in XML DSig working group 
A. Sanin > mailing list about this. 
A. Sanin > However, I might be wrong and it'll be great to get second opinion on 
A. Sanin > this. Rich? 
A. Sanin > 
A. Sanin > Aleksey 

Sorry for late reply to your mail. ^^;;

Let me talk about the above topic:

According to the XML-Signature Syntax and Processing document
of which version is W3C Recommendation 12 February 2002, 
we can see the following statement in section 4.4.3:

	4.4.3 The RetrievalMethod Element 
	A RetrievalMethod element within KeyInfo is used
	to convey a reference to KeyInfo information that is stored at another location.

So, I think that statement means the very target <RetrievalMethod/>
actually points can be <KeyInfo/> element.

The ``Type'' attribute value itself in <dsig:RetrievalMethod
Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" .../> is to indicate
<RSAKeyValue/> element, but I think that is just to determine and notify
the type of sub(child) element in <KeyInfo/>, and (may) not to directly point
the <RSAKeyValue> element. (just was my thought. ^^)

What do you think about my opinion?

Have a nice weekend!  :)


Currently, I've got solved my problmatic situation by the quick-and-dirty way.   :)
(Here's the output of diff(1) against the modified source (keyinfo.c))

$ diff -u keyinfo.c.original keyinfo.c
--- keyinfo.c.original	Wed Jan  8 15:45:58 2003
+++ keyinfo.c	Wed Jan  8 15:45:44 2003
@@ -551,7 +551,12 @@
 		keyName = NULL;
 	} else {
+		xmlNodePtr keyInfoNode = cur;
 	    cur = xmlSecGetNextElementNode(cur->next);
+		if (cur == (xmlNodePtr)0) {
+			cur = xmlSecFindChild(keyInfoNode, BAD_CAST "KeyValue", xmlSecDSigNs);
+		}
     if(keyName != NULL) {

To be a rock, and not to roll. 
EGB ::= EternalGoldenBGE
BGE ::= Blusjune'sGotEGB

-x-x-[?]EGB:STONEROSES at MATRIX[!]-x-x- 
| blusjune at EGBSD | ^_^ | stoneroses | 
$ NAME=\
$ "Blusjune Jung <blusjune at daum.net>"
$ PGPKEYID="0x33067610" 
-x-x-x Eternal Golden Blusjune x-x-x-

More information about the xmlsec mailing list