[xmlsec] KeyInfo node X509Data gets emptied when singing with xmlsec1
Aleksey Sanin
aleksey at aleksey.com
Mon Mar 7 12:41:58 PST 2011
Try
<SignatureValue>
</SignatureValue>
<KeyInfo>
<X509Data>
</X509Data>
</KeyInfo>
Aleksey
On 3/7/11 3:49 AM, Markus Wernig wrote:
> Hi all
>
> I have a problem with xmlsec1 1.2.16 (openssl), compiled on 32 bit
> Gentoo Linux (from portage, i.e. source).
>
> When signing an XML document that contains a template section for the
> X509Data of the signing certificate, the node gets cleared and an empty
> newline is inserted instead for every subnode. The signature process
> overall succeeds without any messages.
>
> I am using this command:
> xmlsec1 --sign --pkcs12 certs/xmlsig-test.p12 --pwd testme --output
> tmpl-signed.xml tmpl-sign.xml.
> I have verified that the PKCS12 file contains both certificate and
> private key.
>
> I have also tried any combination of --X509-skip-strict-checks,
> --privkey-[pem|der], --pubkey-[pem|der], after extracting the cert and
> key from the .p12. The result remains the same: valid signature, but
> X509Data does not get populated (regardless of whether the signing CA
> certificate is present or not)
>
> This is the section in question:
>
> Template:
> [...]
> <SignatureValue>
> </SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> [...]
>
> Result:
> [...]
> <SignatureValue>FRBI01gzAf................</SignatureValue>
> <KeyInfo>
> <X509Data>
>
> </X509Data>
> </KeyInfo>
> [...]
>
> I would be very grateful for any help, as I am still very new to xmlsec.
>
> Thanks and kind regards
>
> Markus
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list