[xmlsec] Verify invalid certificate chain

Roman Khlystik dont.avt at gmail.com
Fri Aug 17 08:18:32 PDT 2012 

Thanks, Aleksey.
It's exactly what I wanted.

2012/8/17 Aleksey Sanin <aleksey at aleksey.com>

> That makes sense. If you have KeyValue then xmlsec happily pick it up.
> You can limit the key data used by xmlsec for looking up the key.
> With xmlsec command line tool, try "--enabled-key-data" option
> (use --list-key-data to see the list).
>
> Aleksey
>
> On 8/17/12 5:38 AM, Roman Khlystik wrote:
> > Thanks, Aleksey.
> >
> > Really, I had RSA key in signature file.
> >
> > I made some investigation, I may be wrong, but I don't understand the
> > security guarantee of xml signature.
> > I'll try to explain my view on it, please indicate where I'm wrong.
> >
> > As I've understood during signature verification xmlsec might choose key
> > for verification from KeyValue field or from certificate in X509Data
> > field. There isn't any check that public key from KeyValue is the same
> > as public key from certificate.
> > Key selection algorithm is the next:
> > - Xmlsec is trying to build certificate chain from certificate in the
> > file up to a trusted cert.
> >   - if it successed, key from certificate is used
> >   - if it failed, xmlsec is looking for the KeyValue field.
> >       - if KeyValue field is found, xmlsec uses it for verification.
> >       - if KeyValue isn't found xmlsec reports an error.
> >
> > So, lets assume that I'm a bad guy and I want to substitute a signed xml
> > file.
> > All I have to do is just sign a file only with KeyValue field and
> > without any X509Data field.
> > Thus, user of signed document can't be sure that this document was sent
> > by expected sender.
> >
> > I think that there is some misunderstanding in application of xml
> > signature or I've just missed something.
> > Maybe it's possible to force xmlsec perform verification using key only
> > from X509 field? Or maybe I just may ask xmlsec to ignore key from
> > KeyValue field?
> >
> > Thanks.
> >
> > 2012/8/15 Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com
> >>
> >
> >     That shouldn't be the case. The only possibility is that there
> >     is a key in the signature file (not in certificate).
> >
> >     Run xmlsec with debug output to find out where it finds key
> >
> >     Aleksey
> >
> >     On 8/15/12 1:21 AM, Roman Khlystik wrote:
> >     > Thanks for your answer, Aleksey.
> >     >
> >     > I think I've understood behaviour of xmlsec in this situation.
> >     > And according to this logic I assume (and actually I checked it)
> that
> >     > when there isn't any
> >     > valid certificate chain result code of signature verification is
> still
> >     > succeeded. Why?
> >     >
> >     > Here is example using command-line tool.
> >     > ca.crt isn't related to the certificate
> >     > in license-signed-ca1-server1.xml. So, there isn't any valid
> >     certificate
> >     > chain. Why verification status is OK?
> >     >
> >     >     #xmlsec1 --verify --trusted-pem cas/ca2/ca/certs/ca.crt
> >     >     license-signed-ca1-server1.xml
> >     >
> >     >
> >     >
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> >     >     library function failed:subj=/C=UA/ST=Kyiv
> >     >     region/L=Kyiv/O=test/OU=Ukraine
> >     >     Department/CN=server1/emailAddress=support at test.com
> >     <mailto:support at test.com>
> >     >     <mailto:support at test.com
> >     <mailto:support at test.com>>;err=20;msg=unable to get local issuer
> >     >     certificate
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> >     >     verification failed:err=20;msg=unable to get local issuer
> >     certificate
> >     >     OK
> >     >     SignedInfo References (ok/all): 1/1
> >     >     Manifests References (ok/all): 0/0
> >     >
> >     >
> >     >
> >     > So, I have another question: Is it possibe to detect with xmlsec
> that
> >     > there is no one valid certificate chain up to the one of the
> trusted
> >     > certificates? I want to reject signed xml file if there isn't any
> >     valid
> >     > vertificate chain.
> >     >
> >     > Thanks.
> >     >
> >     > 2012/8/14 Aleksey Sanin <aleksey at aleksey.com
> >     <mailto:aleksey at aleksey.com> <mailto:aleksey at aleksey.com
> >     <mailto:aleksey at aleksey.com>>>
> >     >
> >     >     Roman,
> >     >
> >     >     During the verification, xmlsec tries to verify the signature
> >     using
> >     >     all possible certificate chains. It is enough to have one of
> them
> >     >     succeed. The errors you see are from ones that failed. Safe to
> >     ignore
> >     >     as long, just check the result code.
> >     >
> >     >     Aleksey
> >     >
> >     >     On 8/14/12 8:38 AM, Roman Khlystik wrote:
> >     >     > Hi Aleksey!
> >     >     >
> >     >     > I'm trying to develop simple license system using xmlsec
> >     library.
> >     >     > My idea was to build simple private PKI with one CA key pair
> and
> >     >     > separate key-pair for each customer.
> >     >     > Then I planned to sign xml license file with client
> certificate
> >     >     for each
> >     >     > client.
> >     >     >
> >     >     > I decided to embbed CA certificate in our app and verify
> >     certificate
> >     >     > chain from xml file up to CA certificate.
> >     >     > But I have a problem with xmlsec library. I can't find how
> >     to verify
> >     >     > full certificate chain with it.
> >     >     > I used example from here
> >     >     >
> >     http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html·
> >     <
> http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
> >     >
> >     <
> http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
> >     >     >
> >     <
> http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html%C2%B7>
> >     >     > and I have a problem when certificate chain is invalid.
> >     >     > I got error to console:
> >     >     >
> >     >     >
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> >     >     > library function failed:subj=/C=UA/ST=Kyiv
> >     >     > region/L=Kyiv/O=test/OU=test/CN=server1/emailAddress=s
> >     >     >
> >     >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> >     >     > verification failed:err=20;msg=unable to get local issuer
> >     certificate
> >     >     > OK
> >     >     > SignedInfo References (ok/all): 1/1·
> >     >     > Manifests References (ok/all): 0/0·
> >     >     >
> >     >     > but verification result dsigCtx->status has
> >     >     xmlSecDSigStatusSucceeded value.
> >     >     >
> >     >     > Can you tell me how can I verify that certificate chain is
> >     invalid
> >     >     with
> >     >     > xmlsec api?
> >     >     >
> >     >     >
> >     >     > _______________________________________________
> >     >     > xmlsec mailing list
> >     >     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >     <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> >     >     > http://www.aleksey.com/mailman/listinfo/xmlsec
> >     >     >
> >     >
> >     >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120817/4f84a978/attachment.html>

More information about the xmlsec mailing list