[xmlsec] [Fwd: Re: Fail to verify symmetric sign]

igor at das.ufsc.br igor at das.ufsc.br
Tue Mar 23 07:05:16 PDT 2010


Aleksey,

I found my mistake! I was calling the function that checks the signature
before loading the xmlsec own.

Thank you for all!

BR,

---------------------------- Original Message ----------------------------
Subject: Re: [xmlsec] Fail to verify symmetric sign
From:    igor at das.ufsc.br
Date:    Tue, March 23, 2010 10:27 am
To:      "Aleksey Sanin" <aleksey at aleksey.com>
Cc:      "xmlsec at aleksey.com" <xmlsec at aleksey.com>
--------------------------------------------------------------------------

Aleksey,

Does not make sense. Why it works on script console and not on c function?

Why do you indicated a book? I think I have a specific problem and not a
conceptual problem.

Thank you!

BR.

> I suggest to take a look at a good book on cryptography
> (e.g. Schneier's "Applied Cryptography"):
>
> https://www.aleksey.com/xmlsec/related.html
>
> Aleksey
>
> On 3/22/2010 7:09 AM, igor wrote:
>>
>> Aleksey,
>>
>> By your answer, seem obvious solve the problem. I'm feeling helpless and
>> I
>> ask your help in identifying this problem.
>>
>> The error that appears is: failed to load des key from binary file
>> "aeskey.bin"
>>
>> But the key is not des, it is aes.
>>
>> Thank you in advance!
>>
>> BR,
>> Igor
>>
>> On Thu, 18 Mar 2010 19:44:58 -0700, Aleksey Sanin<aleksey at aleksey.com>
>> wrote:
>>> Please read the error carefully.
>>>
>>> Aleksey
>>>
>>> On 3/18/2010 6:15 PM, igor at das.ufsc.br wrote:
>>>> Hello guys,
>>>>
>>>> I'm using xmlsec1 for encryption and signing, but I'm having trouble
>>>> verifying the signature. I am signing only the Header of the SOAP
>>> message
>>>> using HMAC with the same AES key to encrypt the message.
>>>>
>>>> Using the console, I can verify the signature with the following
>>> command:
>>>> xmlsec1 verify --hmackey aeskey.bin Server-Recv-XMLCifrado.data
>>>>
>>>> My function in C that would verify the signature shows the following
>>> error:
>>>>
>>>>
>>>
>> func=xmlSecKeyDataHmacGetKlass:file=app.c:line=211:obj=unknown:subj=keyDataHmacId:error=9:feature
>>>> is not implemented:
>>>>
>>>
>> func=xmlSecKeyReadBinaryFile:file=keys.c:line=1219:obj=unknown:subj=dataId
>>>> != xmlSecKeyDataIdUnknown:error=100:assertion:
>>>> Error: failed to load des key from binary file "aeskey.bin"
>>>>
>>>
>> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=1091:obj=unknown:subj=dataSize
>>>>> 0:error=100:assertion:
>>>>
>>>
>> func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=333:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
>>>> library function failed:dataSize=0
>>>> Error: encryption failed
>>>>
>>>>
>>>> I am using a function of the examples with a slight modification:
>>>>
>>>> int
>>>> verify_file(const char* xml_file, const char* key_file) {
>>>>       xmlDocPtr doc = NULL;
>>>>       xmlNodePtr node = NULL;
>>>>       xmlSecDSigCtxPtr dsigCtx = NULL;
>>>>       int res = -1;
>>>>
>>>>       assert(xml_file);
>>>>       assert(key_file);
>>>>
>>>>       /* load file */
>>>>       doc = xmlParseFile(xml_file);
>>>>       if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>>>> 	fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* find start node */
>>>>       node = xmlSecFindNode(xmlDocGetRootElement(doc),
>>> xmlSecNodeSignature,
>>>> xmlSecDSigNs);
>>>>       if(node == NULL) {
>>>> 	fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* create signature context, we don't need keys manager in this
>>>> example */
>>>>       dsigCtx = xmlSecDSigCtxCreate(NULL);
>>>>       if(dsigCtx == NULL) {
>>>>           fprintf(stderr,"Error: failed to create signature
>>>> context\n");
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* load AES key, assuming that there is not password */
>>>>       dsigCtx->signKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataHmacId,
>>>> key_file);
>>>>       if(dsigCtx->signKey == NULL) {
>>>>           fprintf(stderr,"Error: failed to load des key from binary
>>>> file
>>>> \"%s\"\n", key_file);
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* set key name to the file name, this is just an example! */
>>>>       if(xmlSecKeySetName(dsigCtx->signKey, key_file)<   0) {
>>>>       	fprintf(stderr,"Error: failed to set key name for key from
>>> \"%s\"\n",
>>>> key_file);
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* Verify signature */
>>>>       if(xmlSecDSigCtxVerify(dsigCtx, node)<   0) {
>>>>           fprintf(stderr,"Error: signature verify\n");
>>>> 	goto done;
>>>>       }
>>>>
>>>>       /* print verification result to stdout */
>>>>       if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>>>> 	fprintf(stdout, "Signature is OK\n");
>>>>       } else {
>>>> 	fprintf(stdout, "Signature is INVALID\n");
>>>>       }
>>>>
>>>>       /* success */
>>>>       res = 0;
>>>>
>>>> done:
>>>>       /* cleanup */
>>>>       if(dsigCtx != NULL) {
>>>> 	xmlSecDSigCtxDestroy(dsigCtx);
>>>>       }
>>>>
>>>>       if(doc != NULL) {
>>>> 	xmlFreeDoc(doc);
>>>>       }
>>>>       return(res);
>>>> }
>>>>
>>>> Any help?
>>>>
>>>> BR,
>>>> Igor
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>





More information about the xmlsec mailing list