[xmlsec] Signing works in command line tool but not in code? [SEC=UNCLASSIFIED]

Cartland, Bruce Bruce.Cartland at ato.gov.au
Mon Feb 28 20:27:23 PST 2011 

 
Probably helpful if I include this
 
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=465:ob
j=unknown:subj=dsigCtx->c14nMethod == NULL:error=100:assertion:
func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=x
mlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function fai
led:

Bruce

 

________________________________

From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
Behalf Of Cartland, Bruce
Sent: Tuesday, 1 March 2011 15:23
To: xmlsec at aleksey.com
Subject: Re: [xmlsec] Signing works in command line tool but not in
code?[SEC=UNCLASSIFIED]


Yeah - sorry about the signature. The corporate firewall shoves it in.
 
As for the right key for the given template; I've checked this and the
same template/key files are used in the command line tool which works
and in my code below, which does not? Are you saying that you expect the
code below to work as is? In which case, I'll investigate further or
work my way through the command line source and use its approach
instead.
 
thanks
Bruce 
 

________________________________

From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Tuesday, 1 March 2011 14:33
To: Cartland, Bruce
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Signing works in command line tool but not in
code? [SEC=UNCLASSIFIED]


Make sure you have the right key for the crypto algorithm used in the
template.

BTW, your signature makes no sense for a public mailing list

Aleksey

On 2/28/11 7:30 PM, Cartland, Bruce wrote: 


	I am using the command line tool to successfully sign a template
file. A dotnet soap service successfully processes the sign.xml file. 

	        xmlsec --sign --print-debug --privkey-der pk.der
--output sign.xml vstsout.xml 

	I am now trying the same thing in code with exactly the same
files but the signature fails. I based this on the sample "sign1.c".
However I notice the command line source uses a quite different approach
(e.g. a keymanager instance). Before I delve into that, is there
anything obviously missing here?

	        doc = xmlParseFile("vstsout.xml"); 
	        node = xmlSecFindNode(xmlDocGetRootElement(doc),
xmlSecNodeSignature, xmlSecDSigNs); 
	      dsigCtx = xmlSecDSigCtxCreate(NULL); 
	      dsigCtx->signKey = xmlSecCryptoAppKeyLoad("pk.der",
xmlSecKeyDataFormatDer, NULL, NULL, NULL); 
	      xmlSecKeySetName(dsigCtx->signKey, BAD_CAST "pk-der"); 

	      xmlSecDSigCtxSign(dsigCtx, node);   <<<<<<-------- the
signature fails 

	Thanks muchly 
	Bruce 


**********************************************************************
IMPORTANT
	The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
**********************************************************************
IMPORTANT
	The information transmitted is for the use of the intended
recipient only and may contain confidential and/or legally
privileged material. Any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other
than the intended recipient is prohibited and may result in
severe penalties. If you have received this e-mail in error
please notify the Privacy Hotline of the Australian Taxation
Office, telephone 13 2869 and delete all copies of this
transmission together with any attachments.
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110301/9e60dbb9/attachment-0001.html>

More information about the xmlsec mailing list