[xmlsec] xmlsec1_verify VERSUS xmldsig-verifier.html
Aleksey Sanin
aleksey at aleksey.com
Mon Nov 21 11:57:27 PST 2011
You are doing nothing wrong. The online verifier obviously doesn't have
the trusted (root) certificate you are using.
Aleksey
On 11/21/11 11:46 AM, Si St wrote:
> Upon verification of a signed document with xmlsec1 like this:
> xmlsec1 sign --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem
> --output alekseysigned_KOM.xml uKOM.xml
> I get OK with these 2:
>
> xmlsec1 verify --trusted gpg-des/newcorvus_cert_key/bpV28_ca.pem
> alekseysigned_KOM.xml
> xmlsec1 verify --privkey gpg-des/newcorvus_cert_key/bpV28_S-key.pem
> alekseysigned_KOM.xml
>
> If I try to verify the same file in
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html I get the following:
>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> library function failed:subj=/C=NO/O=MYLASTNAME
> MYFIRST\xC3\x98NAME/CN=MYLASTNAME
> MYFIRST\xC3\x98NAME/serialNumber=981789261;err=20;msg=unable to get
> local issuer certificate
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> verification failed:err=20;msg=unable to get local issuer certificate
> func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
> do not match:signature do not match
> RESULT: Signature is INVALID
> ---------------------------------------------------
> = VERIFICATION CONTEXT
> == Status: invalid ..etc,etc
>
>
> The<X509Certificate> as<KeyInfo> in the document is the corresponding
> cert to the S-key.pem:
> gpg-des/newcorvus_cert_key/bpV28_S-cer.pem
>
> What do I do wrong?
>
> -S-
More information about the xmlsec
mailing list