[xmlsec] KeyValue by MsCrypto

Jürgen Heiss jheiss at Mesonic.com
Fri Aug 25 02:28:46 PDT 2006 

I sign my File by using an template.
I till now works fine with mscrypto. But when I try to verify the files with openSSL.
I got an Error. After debugging I found out that the problems are some missing tags.

			<dsig:KeyValue>
				<dsig:RSAKeyValue>
					<dsig:Modulus></dsig:Modulus>
					<dsig:Exponent></dsig:Exponent>
				</dsig:RSAKeyValue>
			</dsig:KeyValue>

With this tags the verification in openssl work too.

But still I have the problem that I don't know how to fill this tags!

When I try to sign this with the command line tool (openssl) I got an error.

<error >
D:\XMLSec\libxmlsec-1.2.8.win32\bin>xmlsec --sign --crypto openssl --output d:\x
mlsigner\out\ssl.xml d:\xmlsigner\in\new.xml
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:
subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow
n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi
gCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature failed
Error: failed to sign file "d:\xmlsigner\in\new.xml"

When I sign with mscrypto it works but the tag(KeyValue) are empty.


<The File I want to sign>

<?xml version="1.0" encoding="ISO-8859-1"?>
<eb:Invoice xmlns:eb="http://www.ebinterface.at/schema/2p0/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd" eb:Cancellation="false" eb:GeneratingSystem="MESONIC WINLine 8.4 (Build 1112)">
	<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
		<dsig:SignedInfo>
			<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
			<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
			<dsig:Reference URI="">
				<dsig:Transforms>
					<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
				</dsig:Transforms>
				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
				<dsig:DigestValue></dsig:DigestValue>
			</dsig:Reference>
		</dsig:SignedInfo>
		<dsig:SignatureValue></dsig:SignatureValue>
		<dsig:KeyInfo>
			<dsig:KeyName>SomeBody</dsig:KeyName>
			<dsig:KeyValue>
				<dsig:RSAKeyValue>
					<dsig:Modulus></dsig:Modulus>
					<dsig:Exponent></dsig:Exponent>
				</dsig:RSAKeyValue>
			</dsig:KeyValue>
			<dsig:X509Data>
			</dsig:X509Data>
		</dsig:KeyInfo>
	</dsig:Signature>
....
....
..


Thanks for any help.

More information about the xmlsec mailing list