[xmlsec] Unable to find key

Kurt Roeckx kurt at roeckx.be
Mon Nov 26 12:06:08 PST 2012

I'm actually still looking at this, and it seems they have a problem
with the files I generated as well.

The DigestValue seems to be correct.  But the signature seems to
be incorrect for some reason.

I created a canonical version of my xml file, and sha256sum
reports the same as the value in DigestValue.  So I don't think
I'm having problems with things like whitespace in my file.

However when I put the decoded value of the SignatureValue in
a file and try to use openssl dgst to verify the signuatre the
check fails.  I can verify my signed xml file with the library,
so it's making no sense to me at this time.

I can't seem to generate the canonical xml file for the file
they send me.  The sha256sum for the file I generated is wrong,
but the library seems to say it has the correct DigestValue.
So I must be doing something wrong here.


On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote:
> Great. From experience, most likely reasons for that are:
> 1) Whitespaces and line ends are important in XML (and signatures).
> 2) C14N is not as easy as it sounds.
> Best,
> Aleksey
> On 11/25/12 12:20 PM, Kurt Roeckx wrote:
> > On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote:
> >> I'm starting to get convinced that the file I'm getting
> >> isn't properly signed, or not with the key the claim it's
> >> signed with.
> > 
> > I can verify the file I generate myself and sign myself, so
> > I'll just blame the other side.
> > 
> > 
> > Kurt
> > 

More information about the xmlsec mailing list