[xmlsec] support for <Reference URI="#prop ">

Gaurav Gangwar gauravgangwaar at gmail.com
Thu Feb 18 05:57:19 PST 2010


Hi Aleksey,

I am verifying the signature file with following format from W3C spec
<?xml version="1.0" encoding="UTF-8"?>

<Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”
Id="DistributorASignature" >
<SignedInfo>
 <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
"/>
 <SignatureMethod Algorithm="
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
 <Reference URI="config.xml">
       <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
       <DigestValue>...</DigestValue>
 </Reference>
 <Reference URI="index.html">
       <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
       <DigestValue>.... </DigestValue>
 </Reference>
 <Reference URI="#prop ">
       <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <DigestValue>.... </DigestValue>
 </Reference>
</SignedInfo>
<SignatureValue>... </SignatureValue>
 <KeyInfo><X509Data>
    <X509Certificate>MI...</X509Certificate>
    <X509Certificate>MI...</X509Certificate>
 </X509Data></KeyInfo>
 <Object Id="prop">
        <SignatureProperties xmlns:dsp="
http://www.w3.org/2009/xmldsig-properties">
              <SignatureProperty Id="profile"
Target="#DistributorASignature">
                 <dsp:Profile URI="
http://www.w3.org/ns/widgets-digsig#profile" /> </SignatureProperty>
              <SignatureProperty Id="role" Target="#DistributorASignature">
                 <dsp:Role         URI="
http://www.w3.org/ns/widgets-digsig#role-distributor" />
</SignatureProperty>
              <SignatureProperty Id="identifier"
Target="#DistributorASignature">
                 <dsp:Identifier>J............</dsp:Identifier>
</SignatureProperty>
         </SignatureProperties>
 </Object>
</Signature>

I am getting the signature verification failure
Error is :
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha256:subj=EVP_VerifyFinal:error=18:data
do not match:signature do not match

I am concluding that the problem is because of #prop is due to the fact that
i am not getting any error with other signature files which don,t have
#prop.

So my question is does xmlsec supports <Reference URI="#prop "> ? If yes
then to which version i have to update?
If not please point me to where i have to make changes to support this.


Thanks and Regards
Gaurav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100218/76bebc9c/attachment.html>


More information about the xmlsec mailing list