[xmlsec] verifying with key in XML

Aleksey Sanin aleksey at aleksey.com
Thu May 8 12:41:33 PDT 2008


The simplest way is to use "KeyName" to specify the key.

Aleksey

Rolando Abarca wrote:
> I read the thread here:
> 
> http://www.mail-archive.com/xmlsec@aleksey.com/msg03219.html
> 
> but still can't verify my signature with the supplied KeyInfo. This is 
> what I've been doing so far:
> 
>     dsigCtx = xmlSecDSigCtxCreate(NULL);
>     if (dsigCtx == NULL) {
>         rb_raise(rb_eXMLError, "Failed to create Signature Context");
>     }
> 
>     if ((xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), 
> (xmlSecPtr) xmlSecKeyDataX509Id) < 0) ||
>         (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), 
> (xmlSecPtr) xmlSecKeyDataRsaId) < 0)){
>         xmlSecDSigCtxDestroy(dsigCtx);
>         rb_raise(rb_eXMLError, "Failed to limit key info");
>     }
> 
>     if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>         xmlSecDSigCtxDestroy(dsigCtx);
>         rb_raise(rb_eXMLError, "Failed to verify signature");
>     }
> 
> but I still can't make it verify with the supplied key:
> 
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
> library function failed:
> 
> can you please tell me what do I need to do in order to verify a xml 
> file with the RSA pub key inside the xml? like this:
> 
> <foo>
> <data>...</data>
> <Signature>
> ...
> <KeyInfo>
> <KeyValue>
> ...
> </KeyValue>
> <X509Data>
> ...
> </X509Data>
> </KeyInfo>
> </Signature>
> </foo>
> 
> the xml was built with libxml and signed with xmlsec (using a 
> dinamically created template).
> 
> regards,



More information about the xmlsec mailing list