[xmlsec] xmlsec1 sign problem with openssl 1.0.2j

Aleksey Sanin aleksey at aleksey.com
Wed Nov 9 09:50:40 PST 2016


I would guess this error means that signature type should match
the key type (i.e. if template has DSA signature then DSA key
is needed).

Aleksey

On 11/9/16 4:04 AM, Alexopoulou, Georgia wrote:
> Hello Aleksey,
> 
> Thanks a lot for your quick response.
> I compiled the code with the latest changes and I still have the same error.
> The error appears only when RSA keys are used.
> When I generated a DSA key and tried to sign everything worked fine.
> 
> See the new error output below:
> 
> ../xmlsec1 sign --privkey-pem rsakey.pem --output signrsa.xml sign1-tmpl.xml 
> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=498:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: 101101678: digital envelope routines: EVP_SignFinal wrong public key type
> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
> func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed: 
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=c14n
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
> Error: signature failed 
> Error: failed to sign file "sign1-tmpl.xml"
> 
> 
> I cannot understand what the "wrong public key type" means. But when I generate a new RSA key with openssl and try that I still get the same error.
> 
> 
> Regards,
> Georgia
> 
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Wednesday, November 09, 2016 4:11 AM
> To: Alexopoulou, Georgia; xmlsec at aleksey.com
> Subject: Re: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j
> 
> I modified the OpenSSL error reporting to print out more details (https://github.com/lsh123/xmlsec/pull/57). It's merged into master and this should help you with debugging.
> 
> Best,
> 
> Aleksey
> 
> On 11/8/16 11:14 AM, Aleksey Sanin wrote:
>> As a wild guess, I would suggest to check that you are loading correct 
>> versions of all the shared library. I'll add better reporting for 
>> openssl errors in a day or two -- this will help with debugging it 
>> further.
>>
>> Aleksey
>>
>> On 11/8/16 4:57 AM, Alexopoulou, Georgia wrote:
>>> Hello to all,
>>>
>>>  
>>>
>>> I have cross compiled libxmlsec1 for powerpc arch with openssl 1.0.2j 
>>> in order to use it in a project.
>>>
>>> I just run the examples in the example folder and I encountered the 
>>> following errors:
>>>
>>>  
>>>
>>> ../xmlsec1 sign --crypto openssl --privkey rsakey.pem --output 
>>> signtest.xml sign1-tmpl.xml
>>>
>>> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=522:
>>> obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto
>>> library function failed:
>>>
>>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rs
>>> a-sha1:subj=xmlSecTransformExecute:error=1:xmlsec
>>> library function failed:final=1
>>>
>>> func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa
>>> -sha1:subj=xmlSecTransformPushBin:error=1:xmlsec
>>> library function failed:
>>>
>>> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xm
>>> lOutputBufferClose:error=5:libxml2
>>> library function failed:
>>>
>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unk
>>> nown:subj=xmlSecTransformPushXml:error=1:xmlsec
>>> library function failed:transform=c14n
>>>
>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=un
>>> known:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>>> library function failed:
>>>
>>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSe
>>> cDSigCtxSignatureProcessNode:error=1:xmlsec
>>> library function failed:
>>>
>>> Error: signature failed
>>>
>>> Error: failed to sign file "sign1-tmpl.xml"
>>>
>>>  
>>>
>>> Info:
>>>
>>> XMLSec version number: 1.2.23
>>>
>>> The platform/compiler you are using: linux kernel 3.12.19-rt30 
>>> powerpc
>>>
>>> The exact xmlsec utility command line: see above. Command at stated 
>>> in example README
>>>
>>> All the files mentioned in this command line: see above. I used the 
>>> files in example folder
>>>
>>> The xmlsec utility output: See above
>>>
>>>  
>>>
>>>  
>>>
>>> Kind regards,
>>>
>>> Georgia
>>>
>>>
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>


More information about the xmlsec mailing list