[xmlsec] Verify invalid certificate chain

Roman Khlystik dont.avt at gmail.com
Fri Aug 17 05:38:28 PDT 2012 

Thanks, Aleksey.

Really, I had RSA key in signature file.

I made some investigation, I may be wrong, but I don't understand the
security guarantee of xml signature.
I'll try to explain my view on it, please indicate where I'm wrong.

As I've understood during signature verification xmlsec might choose key
for verification from KeyValue field or from certificate in X509Data field.
There isn't any check that public key from KeyValue is the same as public
key from certificate.
Key selection algorithm is the next:
- Xmlsec is trying to build certificate chain from certificate in the file
up to a trusted cert.
  - if it successed, key from certificate is used
  - if it failed, xmlsec is looking for the KeyValue field.
      - if KeyValue field is found, xmlsec uses it for verification.
      - if KeyValue isn't found xmlsec reports an error.

So, lets assume that I'm a bad guy and I want to substitute a signed xml
file.
All I have to do is just sign a file only with KeyValue field and without
any X509Data field.
Thus, user of signed document can't be sure that this document was sent by
expected sender.

I think that there is some misunderstanding in application of xml signature
or I've just missed something.
Maybe it's possible to force xmlsec perform verification using key only
from X509 field? Or maybe I just may ask xmlsec to ignore key from KeyValue
field?

Thanks.

2012/8/15 Aleksey Sanin <aleksey at aleksey.com>

> That shouldn't be the case. The only possibility is that there
> is a key in the signature file (not in certificate).
>
> Run xmlsec with debug output to find out where it finds key
>
> Aleksey
>
> On 8/15/12 1:21 AM, Roman Khlystik wrote:
> > Thanks for your answer, Aleksey.
> >
> > I think I've understood behaviour of xmlsec in this situation.
> > And according to this logic I assume (and actually I checked it) that
> > when there isn't any
> > valid certificate chain result code of signature verification is still
> > succeeded. Why?
> >
> > Here is example using command-line tool.
> > ca.crt isn't related to the certificate
> > in license-signed-ca1-server1.xml. So, there isn't any valid certificate
> > chain. Why verification status is OK?
> >
> >     #xmlsec1 --verify --trusted-pem cas/ca2/ca/certs/ca.crt
> >     license-signed-ca1-server1.xml
> >
> >
> >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> >     library function failed:subj=/C=UA/ST=Kyiv
> >     region/L=Kyiv/O=test/OU=Ukraine
> >     Department/CN=server1/emailAddress=support at test.com
> >     <mailto:support at test.com>;err=20;msg=unable to get local issuer
> >     certificate
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> >     verification failed:err=20;msg=unable to get local issuer certificate
> >     OK
> >     SignedInfo References (ok/all): 1/1
> >     Manifests References (ok/all): 0/0
> >
> >
> >
> > So, I have another question: Is it possibe to detect with xmlsec that
> > there is no one valid certificate chain up to the one of the trusted
> > certificates? I want to reject signed xml file if there isn't any valid
> > vertificate chain.
> >
> > Thanks.
> >
> > 2012/8/14 Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com
> >>
> >
> >     Roman,
> >
> >     During the verification, xmlsec tries to verify the signature using
> >     all possible certificate chains. It is enough to have one of them
> >     succeed. The errors you see are from ones that failed. Safe to ignore
> >     as long, just check the result code.
> >
> >     Aleksey
> >
> >     On 8/14/12 8:38 AM, Roman Khlystik wrote:
> >     > Hi Aleksey!
> >     >
> >     > I'm trying to develop simple license system using xmlsec library.
> >     > My idea was to build simple private PKI with one CA key pair and
> >     > separate key-pair for each customer.
> >     > Then I planned to sign xml license file with client certificate
> >     for each
> >     > client.
> >     >
> >     > I decided to embbed CA certificate in our app and verify
> certificate
> >     > chain from xml file up to CA certificate.
> >     > But I have a problem with xmlsec library. I can't find how to
> verify
> >     > full certificate chain with it.
> >     > I used example from here
> >     > http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html·
> >     <
> http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
> >     > <
> http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
> >     > and I have a problem when certificate chain is invalid.
> >     > I got error to console:
> >     >
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> >     > library function failed:subj=/C=UA/ST=Kyiv
> >     > region/L=Kyiv/O=test/OU=test/CN=server1/emailAddress=s
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> >     > verification failed:err=20;msg=unable to get local issuer
> certificate
> >     > OK
> >     > SignedInfo References (ok/all): 1/1·
> >     > Manifests References (ok/all): 0/0·
> >     >
> >     > but verification result dsigCtx->status has
> >     xmlSecDSigStatusSucceeded value.
> >     >
> >     > Can you tell me how can I verify that certificate chain is invalid
> >     with
> >     > xmlsec api?
> >     >
> >     >
> >     > _______________________________________________
> >     > xmlsec mailing list
> >     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >     > http://www.aleksey.com/mailman/listinfo/xmlsec
> >     >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120817/c85c7ce9/attachment.html>

More information about the xmlsec mailing list