[xmlsec] xmlsec1 and RetrievalMethod

Mark Murphy mmurphy at municorps.org
Sat Apr 28 18:09:36 PDT 2007

First, to the authors: many, many thanks for writing and maintaining 
this tool!

I am having some difficulty getting the xmlsec1 utility to verify signed 
XML using a public key referenced via RetrievalMethod.

When I create the XML to be signed, I am including:

	<RetrievalMethod URI="http://my.server/pubkey.xml" 

The XML file referenced in the URI attribute is the output of xmlsec1 
--keys --gen-key rsa-1024 with the private key stripped out, which 
appears to be the proper format.

The document signs successfully via the xmlsec1 utility. And, if I 
specify --keys-file to a local copy of the public key XML file, it 
verifies successfully via the xmlsec1 utility.

If, however, I do not specify --keys-file with --verify, with the intent 
of having xmlsec1 retrieve the key via the RetrievalMethod, I get:

library function failed:
is not found:
library function failed:
library function failed:
Error: signature failed
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "test-signed.html"

Is the xmlsec1 utility supposed to be able to retrieve public keys via 
HTTP URLs in RetrievalMethod? If so, any idea where I'm going wrong?

I can always parse out the URL, retrieve the file myself, and use the 
local copy, but I'd prefer to let xmlsec1 handle it all if it can.

This is with 1.2.9-3ubuntu2 as installed on Ubuntu 6.10 (Edgy Eft).


Mark Murphy
mmurphy -at- municorps.org

More information about the xmlsec mailing list