[xmlsec] Verify on Microsoft-produced sig

Edward Shallow ed.shallow at rogers.com
Fri Aug 29 10:02:29 PDT 2003

Hi Aleksey,

    The attached file is a signature produced by Microsoft's InfoPath (XML
forms Manager from Office 2003). It's an enveloped signature with an extra
reference to a comment element. XMLSec verify reports data and digest
problem (as below). InfoPath uses the latest .Net Framework librairies which
is used across all Microsoft XMLDSIG implementations.

    Is this the same problem as referenced in your FAQ section 3.2 ? Or is
this something else ?


C:\XMLSec>xmlsec verify --store-signatures --print-debug
=sha1:subj=unknown:error=12:invalid data:data and digest do not match

P.S.  For all the XMLSec followers waiting for a MS CAPI implementation, we
have a work-around for our desktop signer which essentially exports the key
from the MS Crypto Store using CAPICOM. There XMLSEC can get at it as a
P12/PFX on the file system. There is a password prompt, but we enforce
password protection of the MS Crypto Store anyway. The only pre-requisite is
that the key/cert must be marked as exportable when initially loaded into
the MS Crypto Store. It has been getting us by while we wait. Our XMLSec is
running OpenSSL on the desktop.  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SimpleForm-2003-08-13.zip
Type: application/x-zip-compressed
Size: 2770 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030829/87d58bc2/SimpleForm-2003-08-13.bin

More information about the xmlsec mailing list