[xmlsec] xmlsec1_verify VERSUS xmldsig-verifier.html
Si St
sigbj-st at operamail.com
Mon Nov 21 11:46:55 PST 2011
Upon verification of a signed document with xmlsec1 like this:
xmlsec1 sign --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem
--output alekseysigned_KOM.xml uKOM.xml
I get OK with these 2:
xmlsec1 verify --trusted gpg-des/newcorvus_cert_key/bpV28_ca.pem
alekseysigned_KOM.xml
xmlsec1 verify --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem
alekseysigned_KOM.xml
If I try to verify the same file in
http://www.aleksey.com/xmlsec/xmldsig-verifier.html I get the following:
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function failed:subj=/C=NO/O=MYLASTNAME
MYFIRST\xC3\x98NAME/CN=MYLASTNAME
MYFIRST\xC3\x98NAME/serialNumber=981789261;err=20;msg=unable to get
local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
do not match:signature do not match
RESULT: Signature is INVALID
---------------------------------------------------
= VERIFICATION CONTEXT
== Status: invalid ..etc,etc
The <X509Certificate> as <KeyInfo> in the document is the corresponding
cert to the S-key.pem:
gpg-des/newcorvus_cert_key/bpV28_S-cer.pem
What do I do wrong?
-S-
--
Si St
sigbj-st at operamail.com
--
http://www.fastmail.fm - IMAP accessible web-mail
More information about the xmlsec
mailing list