[xmlsec] xmlsec sing with gost

Nikolay Shaplov dhyan at nataraj.su
Fri Mar 21 12:10:56 PDT 2014

On Friday 21 March 2014 20:22:06 Nikolay Shaplov wrote:
> On Friday 21 March 2014 08:27:24 you wrote:
> > The template (tests/aleksey-xmldsig-01/x509data-test.tmpl) uses RSA
> > signatures. You need to modify it to use GOST instead.
> Oh! You are right! I've missed it. Thank you!
> Just for history, correct gost 2001 signing example is following:
> /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key tests/aleksey-
> xmldsig-01/enveloped-gost.tmpl

Eh... sorry, but now I have problems with verifying of 
what I've signed:

$ /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key tests/aleksey-xmldsig-01/enveloped-gost.tmpl >my/enveloped-gost.xml

$ /usr/local/bin/xmlsec1 --verify --trusted-pem my/gost2001.pem my/enveloped-gost.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
Error: signature failed 
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "my/enveloped-gost.xml"

If I check gost example from test, check goes well. May be I did something 
wrong with key creation or something?

More information about the xmlsec mailing list