[xmlsec] FW: xmlsec1 sign problem with openssl 1.0.2j

Aleksey Sanin aleksey at aleksey.com
Fri Nov 11 09:17:24 PST 2016 

Look at the template, what key type does it specify?

Aleksey

On 11/11/16 12:25 AM, Alexopoulou, Georgia wrote:
> 
> 
> -----Original Message-----
> From: Alexopoulou, Georgia 
> Sent: Thursday, November 10, 2016 10:46 AM
> To: 'Aleksey Sanin'
> Subject: RE: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j
> 
> Hello Aleksey,
> 
> This is what I understood too.
> But I cannot figure out why.
> With DSA I do not have any problem with signing.
> The point is that with RSA key, which I have to use for my project, the signing does not work.
> 
> Why does this happen with RSA?
> Do you have any ideas what to do?
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: Wednesday, November 09, 2016 7:51 PM
> To: Alexopoulou, Georgia; xmlsec at aleksey.com
> Subject: Re: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j
> 
> I would guess this error means that signature type should match the key type (i.e. if template has DSA signature then DSA key is needed).
> 
> Aleksey
> 
> On 11/9/16 4:04 AM, Alexopoulou, Georgia wrote:
>> Hello Aleksey,
>>
>> Thanks a lot for your quick response.
>> I compiled the code with the latest changes and I still have the same error.
>> The error appears only when RSA keys are used.
>> When I generated a DSA key and tried to sign everything worked fine.
>>
>> See the new error output below:
>>
>> ../xmlsec1 sign --privkey-pem rsakey.pem --output signrsa.xml 
>> sign1-tmpl.xml 
>> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=498:o
>> bj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: 101101678: digital envelope routines: EVP_SignFinal wrong public key type func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:
>> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed: 
>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unkn
>> own:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=c14n func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
>> Error: signature failed
>> Error: failed to sign file "sign1-tmpl.xml"
>>
>>
>> I cannot understand what the "wrong public key type" means. But when I generate a new RSA key with openssl and try that I still get the same error.
>>
>>
>> Regards,
>> Georgia
>>
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>> Sent: Wednesday, November 09, 2016 4:11 AM
>> To: Alexopoulou, Georgia; xmlsec at aleksey.com
>> Subject: Re: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j
>>
>> I modified the OpenSSL error reporting to print out more details (https://github.com/lsh123/xmlsec/pull/57). It's merged into master and this should help you with debugging.
>>
>> Best,
>>
>> Aleksey
>>
>> On 11/8/16 11:14 AM, Aleksey Sanin wrote:
>>> As a wild guess, I would suggest to check that you are loading 
>>> correct versions of all the shared library. I'll add better reporting 
>>> for openssl errors in a day or two -- this will help with debugging 
>>> it further.
>>>
>>> Aleksey
>>>
>>> On 11/8/16 4:57 AM, Alexopoulou, Georgia wrote:
>>>> Hello to all,
>>>>
>>>>  
>>>>
>>>> I have cross compiled libxmlsec1 for powerpc arch with openssl 
>>>> 1.0.2j in order to use it in a project.
>>>>
>>>> I just run the examples in the example folder and I encountered the 
>>>> following errors:
>>>>
>>>>  
>>>>
>>>> ../xmlsec1 sign --crypto openssl --privkey rsakey.pem --output 
>>>> signtest.xml sign1-tmpl.xml
>>>>
>>>> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=522:
>>>> obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto
>>>> library function failed:
>>>>
>>>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=r
>>>> s a-sha1:subj=xmlSecTransformExecute:error=1:xmlsec
>>>> library function failed:final=1
>>>>
>>>> func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rs
>>>> a -sha1:subj=xmlSecTransformPushBin:error=1:xmlsec
>>>> library function failed:
>>>>
>>>> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=x
>>>> m
>>>> lOutputBufferClose:error=5:libxml2
>>>> library function failed:
>>>>
>>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=un
>>>> k nown:subj=xmlSecTransformPushXml:error=1:xmlsec
>>>> library function failed:transform=c14n
>>>>
>>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=u
>>>> n known:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>>>> library function failed:
>>>>
>>>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlS
>>>> e cDSigCtxSignatureProcessNode:error=1:xmlsec
>>>> library function failed:
>>>>
>>>> Error: signature failed
>>>>
>>>> Error: failed to sign file "sign1-tmpl.xml"
>>>>
>>>>  
>>>>
>>>> Info:
>>>>
>>>> XMLSec version number: 1.2.23
>>>>
>>>> The platform/compiler you are using: linux kernel 3.12.19-rt30 
>>>> powerpc
>>>>
>>>> The exact xmlsec utility command line: see above. Command at stated 
>>>> in example README
>>>>
>>>> All the files mentioned in this command line: see above. I used the 
>>>> files in example folder
>>>>
>>>> The xmlsec utility output: See above
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>> Kind regards,
>>>>
>>>> Georgia
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list