[xmlsec] Internally Detached Signature verification

miguel galvez cendegui hdimac at gmail.com
Wed Sep 3 14:30:45 PDT 2014 

I am trying to verify a internally detached signature with the online
xmldsig-verifier from the official website. In this case the signed data is
signature's sibling (data and signature inside an envelope element), and is
referenced with data's id (ID="someid") as uri attribute from signature's
reference (URI="#someid").

I get the next log from the online verifier:

"func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function failed:expr=xpointer(id('A1001'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed: Error: signature verification failed"

Here is an outline of what I am producing:

-xml version encoding
-envelope
    -data ID="A1001"
    -Signature
        -SignedInfo
            -CanonicalizationMethod
            -SignatureMethod
            -Reference URI ="#A1001"
        -SignatureValue
        -KeyInfo

Primarily I need to know if the online verifying tool is accepts this kind
of signature.

Regards

-- 
Miguel Gálvez A.K.A. Milo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140903/23aba5e4/attachment.html>

More information about the xmlsec mailing list