[xmlsec] Verify invalid certificate chain

Aleksey Sanin aleksey at aleksey.com
Fri Aug 17 07:36:33 PDT 2012 

That makes sense. If you have KeyValue then xmlsec happily pick it up.
You can limit the key data used by xmlsec for looking up the key.
With xmlsec command line tool, try "--enabled-key-data" option
(use --list-key-data to see the list).

Aleksey

On 8/17/12 5:38 AM, Roman Khlystik wrote:
> Thanks, Aleksey.
> 
> Really, I had RSA key in signature file.
> 
> I made some investigation, I may be wrong, but I don't understand the
> security guarantee of xml signature.
> I'll try to explain my view on it, please indicate where I'm wrong.
> 
> As I've understood during signature verification xmlsec might choose key
> for verification from KeyValue field or from certificate in X509Data
> field. There isn't any check that public key from KeyValue is the same
> as public key from certificate.
> Key selection algorithm is the next: 
> - Xmlsec is trying to build certificate chain from certificate in the
> file up to a trusted cert.
>   - if it successed, key from certificate is used
>   - if it failed, xmlsec is looking for the KeyValue field.
>       - if KeyValue field is found, xmlsec uses it for verification.
>       - if KeyValue isn't found xmlsec reports an error.
>        
> So, lets assume that I'm a bad guy and I want to substitute a signed xml
> file.
> All I have to do is just sign a file only with KeyValue field and
> without any X509Data field.
> Thus, user of signed document can't be sure that this document was sent
> by expected sender.
> 
> I think that there is some misunderstanding in application of xml
> signature or I've just missed something.
> Maybe it's possible to force xmlsec perform verification using key only
> from X509 field? Or maybe I just may ask xmlsec to ignore key from
> KeyValue field?
> 
> Thanks.
> 
> 2012/8/15 Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
> 
>     That shouldn't be the case. The only possibility is that there
>     is a key in the signature file (not in certificate).
> 
>     Run xmlsec with debug output to find out where it finds key
> 
>     Aleksey
> 
>     On 8/15/12 1:21 AM, Roman Khlystik wrote:
>     > Thanks for your answer, Aleksey.
>     >
>     > I think I've understood behaviour of xmlsec in this situation.
>     > And according to this logic I assume (and actually I checked it) that
>     > when there isn't any
>     > valid certificate chain result code of signature verification is still
>     > succeeded. Why?
>     >
>     > Here is example using command-line tool.
>     > ca.crt isn't related to the certificate
>     > in license-signed-ca1-server1.xml. So, there isn't any valid
>     certificate
>     > chain. Why verification status is OK?
>     >
>     >     #xmlsec1 --verify --trusted-pem cas/ca2/ca/certs/ca.crt
>     >     license-signed-ca1-server1.xml
>     >
>     >
>     >
>     >    
>     func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
>     >     library function failed:subj=/C=UA/ST=Kyiv
>     >     region/L=Kyiv/O=test/OU=Ukraine
>     >     Department/CN=server1/emailAddress=support at test.com
>     <mailto:support at test.com>
>     >     <mailto:support at test.com
>     <mailto:support at test.com>>;err=20;msg=unable to get local issuer
>     >     certificate
>     >    
>     func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
>     >     verification failed:err=20;msg=unable to get local issuer
>     certificate
>     >     OK
>     >     SignedInfo References (ok/all): 1/1
>     >     Manifests References (ok/all): 0/0
>     >
>     >
>     >
>     > So, I have another question: Is it possibe to detect with xmlsec that
>     > there is no one valid certificate chain up to the one of the trusted
>     > certificates? I want to reject signed xml file if there isn't any
>     valid
>     > vertificate chain.
>     >
>     > Thanks.
>     >
>     > 2012/8/14 Aleksey Sanin <aleksey at aleksey.com
>     <mailto:aleksey at aleksey.com> <mailto:aleksey at aleksey.com
>     <mailto:aleksey at aleksey.com>>>
>     >
>     >     Roman,
>     >
>     >     During the verification, xmlsec tries to verify the signature
>     using
>     >     all possible certificate chains. It is enough to have one of them
>     >     succeed. The errors you see are from ones that failed. Safe to
>     ignore
>     >     as long, just check the result code.
>     >
>     >     Aleksey
>     >
>     >     On 8/14/12 8:38 AM, Roman Khlystik wrote:
>     >     > Hi Aleksey!
>     >     >
>     >     > I'm trying to develop simple license system using xmlsec
>     library.
>     >     > My idea was to build simple private PKI with one CA key pair and
>     >     > separate key-pair for each customer.
>     >     > Then I planned to sign xml license file with client certificate
>     >     for each
>     >     > client.
>     >     >
>     >     > I decided to embbed CA certificate in our app and verify
>     certificate
>     >     > chain from xml file up to CA certificate.
>     >     > But I have a problem with xmlsec library. I can't find how
>     to verify
>     >     > full certificate chain with it.
>     >     > I used example from here
>     >     >
>     http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html·
>     <http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
>     >    
>     <http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
>     >     >
>     <http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
>     >     > and I have a problem when certificate chain is invalid.
>     >     > I got error to console:
>     >     >
>     >     >
>     >    
>     func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
>     >     > library function failed:subj=/C=UA/ST=Kyiv
>     >     > region/L=Kyiv/O=test/OU=test/CN=server1/emailAddress=s
>     >     >
>     >    
>     func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
>     >     > verification failed:err=20;msg=unable to get local issuer
>     certificate
>     >     > OK
>     >     > SignedInfo References (ok/all): 1/1·
>     >     > Manifests References (ok/all): 0/0·
>     >     >
>     >     > but verification result dsigCtx->status has
>     >     xmlSecDSigStatusSucceeded value.
>     >     >
>     >     > Can you tell me how can I verify that certificate chain is
>     invalid
>     >     with
>     >     > xmlsec api?
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > xmlsec mailing list
>     >     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>     >     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     >     >
>     >
>     >
> 
>

More information about the xmlsec mailing list