[xmlsec] X509, verification of signature
Aleksey Sanin
aleksey at aleksey.com
Tue Mar 15 10:36:44 PST 2005
The error indicates that one of the digests does not match. There
are two most common reasons for this error:
- The document was actually modified (may be, accidentialy). For
example, spaces or end-of-lines were inserted by a mailer program.
- The C14N incompatibility either because the of difference in a way
Phaos and xmlsec do C14N or because the C14N was done from different
contexts.
If you have access to the code that does the signature, I would suggest
to do the following:
- Make sure that document is not changed on the way.
- Make sure that signature happens from the same context (e.g. inside
the SOAP stuff).
- Try C14N instead of exc C14N.
- Get the c14n output from Phaos right before it digests it and compare
with what xmlsec does (--store-references option for xmlsec command
line utility).
Best,
Aleksey
More information about the xmlsec
mailing list