[xmlsec] KeyInfo node X509Data gets emptied when singing with xmlsec1

Markus Wernig public at wernig.net
Mon Mar 7 03:49:48 PST 2011


Hi all

I have a problem with xmlsec1 1.2.16 (openssl), compiled on 32 bit
Gentoo Linux (from portage, i.e. source).

When signing an XML document that contains a template section for the
X509Data of the signing certificate, the node gets cleared and an empty
newline is inserted instead for every subnode. The signature process
overall succeeds without any messages.

I am using this command:
xmlsec1 --sign --pkcs12 certs/xmlsig-test.p12 --pwd testme --output
tmpl-signed.xml tmpl-sign.xml.
I have verified that the PKCS12 file contains both certificate and
private key.

I have also tried any combination of --X509-skip-strict-checks,
--privkey-[pem|der], --pubkey-[pem|der], after extracting the cert and
key from the .p12. The result remains the same: valid signature, but
X509Data does not get populated (regardless of whether the signing CA
certificate is present or not)

This is the section in question:

Template:
[...]
<SignatureValue>
</SignatureValue>
<KeyInfo>
  <X509Data>
    <X509Certificate>
    </X509Certificate>
  </X509Data>
</KeyInfo>
[...]

Result:
[...]
<SignatureValue>FRBI01gzAf................</SignatureValue>
<KeyInfo>
  <X509Data>

  </X509Data>
</KeyInfo>
[...]

I would be very grateful for any help, as I am still very new to xmlsec.

Thanks and kind regards

Markus


More information about the xmlsec mailing list