[xmlsec] Unable to find key
aleksey at aleksey.com
Mon Nov 26 12:10:29 PST 2012
Try xmlsec with --store-signatures option
On 11/26/12 12:06 PM, Kurt Roeckx wrote:
> I'm actually still looking at this, and it seems they have a problem
> with the files I generated as well.
> The DigestValue seems to be correct. But the signature seems to
> be incorrect for some reason.
> I created a canonical version of my xml file, and sha256sum
> reports the same as the value in DigestValue. So I don't think
> I'm having problems with things like whitespace in my file.
> However when I put the decoded value of the SignatureValue in
> a file and try to use openssl dgst to verify the signuatre the
> check fails. I can verify my signed xml file with the library,
> so it's making no sense to me at this time.
> I can't seem to generate the canonical xml file for the file
> they send me. The sha256sum for the file I generated is wrong,
> but the library seems to say it has the correct DigestValue.
> So I must be doing something wrong here.
> On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote:
>> Great. From experience, most likely reasons for that are:
>> 1) Whitespaces and line ends are important in XML (and signatures).
>> 2) C14N is not as easy as it sounds.
>> On 11/25/12 12:20 PM, Kurt Roeckx wrote:
>>> On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote:
>>>> I'm starting to get convinced that the file I'm getting
>>>> isn't properly signed, or not with the key the claim it's
>>>> signed with.
>>> I can verify the file I generate myself and sign myself, so
>>> I'll just blame the other side.
More information about the xmlsec