[xmlsec] Unable to find key

Kurt Roeckx kurt at roeckx.be
Mon Nov 26 12:40:26 PST 2012 

I was a little stupid and tried to verify the same string as the
DigestValue was created over, but of course I had to use the
SignedInfo.  So I can properly verify what I signed myself,
and I'm now pretty sure the problem is all on their end.

Thanks for the help.

Kurt

On Mon, Nov 26, 2012 at 12:10:29PM -0800, Aleksey Sanin wrote:
> Try xmlsec with --store-signatures option
> 
> Aleksey
> 
> On 11/26/12 12:06 PM, Kurt Roeckx wrote:
> > I'm actually still looking at this, and it seems they have a problem
> > with the files I generated as well.
> > 
> > The DigestValue seems to be correct.  But the signature seems to
> > be incorrect for some reason.
> > 
> > I created a canonical version of my xml file, and sha256sum
> > reports the same as the value in DigestValue.  So I don't think
> > I'm having problems with things like whitespace in my file.
> > 
> > However when I put the decoded value of the SignatureValue in
> > a file and try to use openssl dgst to verify the signuatre the
> > check fails.  I can verify my signed xml file with the library,
> > so it's making no sense to me at this time.
> > 
> > I can't seem to generate the canonical xml file for the file
> > they send me.  The sha256sum for the file I generated is wrong,
> > but the library seems to say it has the correct DigestValue.
> > So I must be doing something wrong here.
> > 
> > 
> > Kurt
> > 
> > On Mon, Nov 26, 2012 at 10:40:46AM -0800, Aleksey Sanin wrote:
> >> Great. From experience, most likely reasons for that are:
> >> 1) Whitespaces and line ends are important in XML (and signatures).
> >> 2) C14N is not as easy as it sounds.
> >>
> >> Best,
> >>
> >> Aleksey
> >>
> >> On 11/25/12 12:20 PM, Kurt Roeckx wrote:
> >>> On Sun, Nov 25, 2012 at 08:24:28PM +0100, Kurt Roeckx wrote:
> >>>> I'm starting to get convinced that the file I'm getting
> >>>> isn't properly signed, or not with the key the claim it's
> >>>> signed with.
> >>>
> >>> I can verify the file I generate myself and sign myself, so
> >>> I'll just blame the other side.
> >>>
> >>>
> >>> Kurt
> >>>
> >>
>

More information about the xmlsec mailing list