[xmlsec] Unable to find key
kurt at roeckx.be
Mon Nov 26 12:06:08 PST 2012
I'm actually still looking at this, and it seems they have a problem
with the files I generated as well.
The DigestValue seems to be correct. But the signature seems to
be incorrect for some reason.
I created a canonical version of my xml file, and sha256sum
reports the same as the value in DigestValue. So I don't think
I'm having problems with things like whitespace in my file.
However when I put the decoded value of the SignatureValue in
a file and try to use openssl dgst to verify the signuatre the
check fails. I can verify my signed xml file with the library,
so it's making no sense to me at this time.
I can't seem to generate the canonical xml file for the file
they send me. The sha256sum for the file I generated is wrong,
but the library seems to say it has the correct DigestValue.
So I must be doing something wrong here.
On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote:
> Great. From experience, most likely reasons for that are:
> 1) Whitespaces and line ends are important in XML (and signatures).
> 2) C14N is not as easy as it sounds.
> On 11/25/12 12:20 PM, Kurt Roeckx wrote:
> > On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote:
> >> I'm starting to get convinced that the file I'm getting
> >> isn't properly signed, or not with the key the claim it's
> >> signed with.
> > I can verify the file I generate myself and sign myself, so
> > I'll just blame the other side.
> > Kurt
More information about the xmlsec