Next update? Re: [xmlsec] What's version included into OOo?
Hi Aleksey, Now I checking CVS tree: http://cvs.gnome.org/viewcvs/xmlsec/ http://lxr.mozilla.org/seamonkey/source/security/ Please update your CVS tree with bugfixes, if you have any fix code I will build xmlsec on Windows after bugfix by you with NSS or CAPI. Best Regards, Takahiro Aleksey Sanin wrote: >> When you will release after v1.2.9? >> > > Good question... I want to do it for a few weeks > now but I can't find time to really do it... May > be next week. > > Aleksey > > > ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] xmlsec 's future
Hi, ed, You and the OASIS published XAdES and EPM document: http://www.oasis-open.org/committees/download.php/ 17485/oasis-dss-1.0-profiles-XAdES-spec-wd-07.doc http://docs.oasis-open.org/dss/oasis-dss-1.0-profiles-epm-spec-cd-01.pdf # But I'm not a member of OASIS... Did you create a Token of "XML Timestamp" by xmlsec? My goal is make the XAdES plugin of OpenOffice.org with RFC3161 TimeStamp. What do you think about this idea? # Current TSA's only support RFC3161 TimeStamp. If you possibiy want to support EPM into the OpenDocument Format, I have very interesting EPM. But Japanese PostOffice do not support EPM. And the specification were unrelated with the Office documents. Takahiro [EMAIL PROTECTED] wrote: Hello, On your last question, RFC3161 timestamps are by definition PKCS7 ASN1 binary signatures. The only XMLDSIG-based timestamp I am aware of is from the OASIS DSS Technical Committee at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss I have used xmlsec to create dss:Timestamps without problems. Ed - Original Message From: 野口隆弘 <[EMAIL PROTECTED]> To: Aleksey Sanin <[EMAIL PROTECTED]> Cc: tnoguchi <[EMAIL PROTECTED]>; t.noguchi <[EMAIL PROTECTED]>; xmlsec@aleksey.com; [EMAIL PROTECTED] Sent: Friday, April 21, 2006 12:10:01 AM Subject: [xmlsec] xmlsec 's future Hi, Aleksey, What do you think future image of xmlsec? You did update hash algorithms with OpnSSL. Is this enhancement were measures for NIST sha-1 announce? http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Mar2005.html But the CAs and IC card vendor could not upgrade algorithms soon. Because it depend on OS function and IC chip. So, the TSA did upgrade algorithms and wrap signature by new algorithms timestamp. www.e-timestamp.com and www.pfutsa.net <http://www.pfutsa.net/> already support RSA2048bit and SHA-2 algorithms timestamp. The pfutsa.net is japanese site And TSAs has SDK for own service. Will you support RFC3161 timestamp on xmlsec? Takahiro ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] xmlsec1.2.9 with "OpenSSL-fips-1.0.tar.gz"
Does anyone try to test OpenSSL-fips-1.0.tar.gz with xmlsec? NIST Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules 2006, http://csrc.nist.gov/cryptval/140-1/1401val2006.htm Cert# : 642 Vendor: Open Source Software Institute Cryptographic Module: OpenSSL FIPS Object Module, (Source Content Version: OpenSSLfips1.0.tar.gz; Resultant Compiled Software Version: 1.0) Val. Date: 03/22/2006 Overall Level: 1 Takahiro ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] What's version included into OOo?
Hello Daniel, Is it mean that you did link to original xmlsec1.2.9 with NSS for Fedora Core 5? What's version of NSS module with xmlsec 1.2.9? Current NSS version is 3.11. http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/src/nss-3.11.tar.gz OpenOffice.org 2.0.2 source has this: OOo_202_src\OOB680_m5\libxmlsec\xmlsec1-1.2.6.patch Original OOo2.0.2 binary do not use verisign test cert and another cert on windows... Can you use verising's cert with own build OOo2.0.2 on Fedra Core 5? Regards, Takahiro Daniel Veillard wrote: On Thu, Apr 20, 2006 at 06:21:45PM -0700, Aleksey Sanin wrote: OO.org uses modified version of xmlsec which I can not support. Thus you might want to ask this question in OO.org mailing list. Actually on Fedora Core 5, our version of openoffice.org links dynamically to the installed xmlsec1: paphio:~ -> rpm -q --requires openoffice.org-core | grep xmlsec libxmlsec1-nss.so.1 libxmlsec1.so.1 paphio:~ -> rpm -q --whatprovides libxmlsec1-nss.so.1 xmlsec1-nss-1.2.9-4.2 paphio:~ -> rpm -q --whatprovides libxmlsec1.so.1 xmlsec1-1.2.9-4.2 paphio:~ -> So it may depend on the target environment, Daniel ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] xmlsec 's future
Aleksey Sanin wrote: > XADES spec is under development for last ... 3 years??? Not sure > if it is anywhere close to be finished. Personally, I don't see > much interest from people in XADES at the moment. It might change > but I have my doubts about it. And again, I do accept patches :) > XAdES example: http://www.coe.hu-berlin.de/sun/index_html http://www.xicrypt.com/pdf/index2.php?pageid=161 In japan, 3 vender has XAdES module. (NEC, Fuji Xerox, KSS) I think W3C will refar "ETSI TS 101 903 V1.3.2 (2006-03) XAdES" soon. And OASIS DSS group will change refer latest XAdES spec soon. The Internet Draft already refer CAdES and XAdES: http://tools.ietf.org/wg/smime/draft-ietf-smime-cades/draft-ietf-smime-cades-01.txt I hope you will be provide cool XML Security module to OpenOffice.org and any applications. Takahiro PS. Is some photo your children on gallery? I have two sons(8 and 6year) and a daughter(3year). ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] xmlsec 's future
Aleksey Sanin wrote: > Kind of... It is more of a response to the new OpenSSL > functionality :) > I know. Did you intention to support SHA-2 famiry by OpenSSL? If you want to learn more cool algoristhms, look at GNU-Cryptro like RSA-PSS and WHIRLPOOL hash. http://www.gnu.org/software/gnu-crypto/ DES, RSA512, MD4/5, SHA-0 were broken. >> Will you support RFC3161 timestamp on xmlsec? >> > > Not sure how does this RFC applies to XML. But in general > patches are welcome :) > Please look at my sample file for XAdES-T by RFC3161 timestamp of PFU TSA. Takahiro. http://www.w3.org/2000/09/xmldsig#";>http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />http://www.w3.org/2000/09/xmldsig#sha1"; />OSPLLdRasEMIhgFt6hVkGTfWzdk=http://uri.etsi.org/01903/v1.1.1#SignedProperties";>http://www.w3.org/2000/09/xmldsig#sha1"; />Aul5RsVzz4uL3YfSwOSfXSJkcAI=ojFjUM+rNIFLMRqd8szYqJ+OAZJCX6gdPctW653Kjo2LulowpxYvZoORNgDOLbiudxNlZfyKzUj4ImEDZihtMH2Ur8eSj3LTsiFhFZKOqq04SMU9vuJzMf6UBkFYus8gT9bXDn0tYm63N7gCOOxd2Rg7ukxqD2FAR3wZKFisFNY=MIIGWjCCBUKgAwIBAgICFxIwDQYJKoZIhvcNAQEFBQAwbjELMAkGA1UEBh! MCSlAxJTAjBgNVBAoTHEphcGFuIENlcnRpZmljYXRpb24gU2VydmljZXMxODA2BgNVBAMTL0FjY3JlZGl0ZWRTaWduIFB1YmxpYyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTA2MDIyODE1MDAwMFoXDTA4MDMzMDE1MDAwMFowgZ4xCzAJBgNVBAYTAkpQMQ4wDAYDVQQIDAVUb2t5bzFFMEMGA1UEBww8RWRvZ2F3YWt1IEVkb2dhd2EgM2Nob3VtZSAzOGJhbmNoaSBLb3N1bW9pY2hpbm9lZ3VyYW5rb3RvNDAyMRYwFAYDVQQDDA1NaXlhY2hpIE5hb3RvMSAwHgYKCZImiZPyLGQBAQwQNDIwNjAyMjQ1MjY1NjQ0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzyzVxNQkeWGS7llJZWbSPehl1c0tp8sBC684WLOWZTCpCzHZvVhg8naIRf8MhA4ZvkEmrnv+XP/oL0men7UXZLtbxFBlUHA9bRL/TndAKDjMnT84fVArxWs38T71o9lW8ogDs7veHlL/rN8EyXJjq7fyJ0bucM5rIOdeZqFfPSMCAwEAAaOCA1MwggNPMIGYBgNVHSMEgZAwgY2AFDH0c8s9lPdFzJ4tzAb71Hlmk7O3oXKkcDBuMQswCQYDVQQGEwJKUDElMCMGA1UEChMcSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlczE4MDYGA1UEAxMvQWNjcmVkaXRlZFNpZ24gUHVibGljIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDKCAQEwDgYDVR0PAQH/BAQDAgbAMIH+BgNVHSABAf8EgfMwgfAwdgYIKoMIjJsLAwMwajAxBggrBgEFBQcCARYlaHR0cHM6Ly9jcC5qY3NpbmMuY28uanAvMi9BX1NpZ24uaHRtbDA1BggrBgEFBQcCAjApGidBY2NyZWRpdG! VkIHVuZGVyIGUtU2lnbmF0dXJlIExhdyhKYXBhbikwdgYIKoMIjJsLAwQwajAxBggrBgEF BQcCARYlaHR0cHM6Ly9jcC5qY3NpbmMuY28uanAvMi9BX1NpZ24uaHRtbDA1BggrBgEFBQcCAjApGidBY2NyZWRpdGVkIHVuZGVyIGUtU2lnbmF0dXJlIExhdyhKYXBhbikwgdAGA1UdEQSByDCBxaSBwjCBvzEWMBQGA1UEAwwN5a6u5ZywIOebtOS6ujEqMCgGA1UECgwh5pyJ6ZmQ5Lya56S+44Op44Oz44Kw44O744Ko44OD44K4MVIwUAYDVQQLDEnkuovmpa3miYDmiYDlnKjlnLDvvJrmnbHkuqzpg73ljYPku6PnlLDljLrlsqnmnKznlLrkuozkuIHnm64xNOeVquWcsDEy5Y+3MRgwFgYDVQQMDA/ku6Pooajlj5bnt6DlvbkxCzAJBgNVBAYTAkpQMIGuBgNVHR8EgaYwgaMwgaCggZ2ggZqGgZdsZGFwOi8vaXNvMzg5Lmpjc2luYy5jby5qcC9jbj1BY2NyZWRpdGVkU2lnbiUyMFB1YmxpYyUyMENlcnRpZmljYXRpb24lMjBBdXRob3JpdHklMjAyLG89SmFwYW4lMjBDZXJ0aWZpY2F0aW9uJTIwU2VydmljZXMsYz1KUD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MB0GA1UdDgQWBBRL0v/ZcJ9jcdwjwCTH5MSDGlZFljANBgkqhkiG9w0BAQUFAAOCAQEAM8oL5FE5BxMrBS7n2iiUlB3RHDlR4x8gogfQG0CFz0idzOz5l2sXgNNshLW8Qwoa6DUhKpbv3IrxHurSDs99LNcYwLwy5QvN4M9DBOwjI9N8Hw1Y0UloBGCyBdPKtOtIrWgcAOqzqr6a8NvDxlFtn3T3J3smHGU3CqtwFYW+oTvoqwALAiizikyA/zG2iuv9P2S1n9xnUl0tx6TQfJtFk1BHIeSSHMlopMVNcB1rIlfQ22BaBrxgs68nf1N52z0CKQoN6OBDYiwMSa8cT! pZGLbpqJvidnxr7VuzILd5hFGTLu3NPvsyJuSczHJjHUMBhTN/FhWur35D2TyyNsOEiTg==y+MN7sgkM1txIF/TxUqlbtUBQCJ5TzaYDI18oAinDpihB/Ak4sWA0mpv57zHxc5PFod+lH6FbyZqB/lAVcinmCck0i4CdwlmOO1/E1PsDn04kWJV9qX3D5r9+bfduci4HyILYvoRdCD5cjBvuNC88JyRzia5ki5lGGGymLrcans=AQABhttp://uri.etsi.org/01903/v1.1.1#";>2006-03-09T22:08:56http://www.w3.org/2000/09/xmldsig#sha1"; />k1eEoobS5L3842TRlJsbKmNd4RA=http://www.w3.org/2000/09/xmldsig#";>CN=AccreditedSign Public Certification Authority 2, O=Japan Certification Services, C=JPhttp://www.w! 3.org/2000/09/xmldsig#">5906< /SigningCertificate>http://uri.etsi.org/01903/v1.1.1#";>2006-03-09T22:08:56http://www.w3.org/2000/09/xmldsig#sha1"; />k1eEoobS5L3842TRlJsbKmNd4RA=http://www.w3.org/2000/09/xmldsig#";>CN=AccreditedSign Public Certification Authority 2, O=Japan Certification Services, C=JPhttp://www.w3.org/2000/09/xmldsig#";>5906MIIKQgYJKoZIhvcNAQcCoIIKMzCCCi8CAQMxCzAJBgUrDgMCGgUAMIIBJgYLKoZIhvcNAQkQAQSgggEVBIIBETCCAQ0CAQEGCgKDOIybeQEBAQEwITAJBgUrDgMCGgUABBTaOaPuXmtLDTJVv++VYBiQr9gHCQIDRaUQGBMyMDA2MDMwOTEzMDkwOC44NTFaMASAAgH0Agh0iHoOgSsfE6CBrqSBqzCBqDELMAkGA1UEBhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMREwDwYDVQQHEwhLYXdhc2FraTEUMBIGA1UEChMLUEZVIExpbWl0ZWQxFTATBgNVBAsTDFBGVSB0ZXN0IFRTQTEtMCsGA1UECxMkU292ZXJlaWduIFRpbWUgVFMgU2VydmVyIFNOOjkzRDAwOTYyMRcwFQYDVQQDEw5QRlUtdGVzdC1UU1UwMaCCBtcwggQvMIIDF6ADAgECAgEGMA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNVBAYTAkpQMREwDwYDVQQIEwhLYW5hZ2F3YTERMA8GA1UEBxMIS2F3YXNha2kxDDAKBgNVBAoTA1BGVTEQMA4GA1UECxMHUEZVIFRTQTEUMBIGA1UEAxMLUEZVIHRlc3QgQ0EwHhcNMDUwOTE1MTExNjI2WhcNMDcwOTE1MTExNjI2WjCBqDELMAkGA1UEBhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMREwDwYDVQQHEwhLYXdhc2FraTEUMBIGA1UEChMLUEZVIExpbWl0ZWQxFTATBgNVBAsTDFBGVSB0ZXN0IFRTQTEtMCsGA1UECxMkU292ZXJlaWduI! FRpbWUgVFMgU2VydmVyIFNOOjkzRDAwOTYyMRcwFQYDVQQDEw5QRlUtdGVzdC1UU1UwMTC BnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCg
[xmlsec] xmlsec 's future
Hi, Aleksey, What do you think future image of xmlsec? You did update hash algorithms with OpnSSL. Is this enhancement were measures for NIST sha-1 announce? http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/Burr_Mar2005.html But the CAs and IC card vendor could not upgrade algorithms soon. Because it depend on OS function and IC chip. So, the TSA did upgrade algorithms and wrap signature by new algorithms timestamp. www.e-timestamp.com and www.pfutsa.net already support RSA2048bit and SHA-2 algorithms timestamp. The pfutsa.net is japanese site And TSAs has SDK for own service. Will you support RFC3161 timestamp on xmlsec? Takahiro ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] What's version included into OOo?
Hi Aleksey, I think current OOo2.0.2's xmlsec had some bugs. I want to rebuild OOo2.0.2 with latest xmlsec as own version OOo. When you will release after v1.2.9? Thanks, Takahiro Aleksey Sanin wrote: > 野口隆弘 wrote: > >> Hi, >> >> Who handling modified version xmlsec? >> Did you update on a latest xmlsec from OOo xmlsec patch? >> >> Takahiro >> > > > I tried... But I got problems with xmlsec unit test > thus I believe that OO.org xmlsec patch is severely > broken: > > http://www.aleksey.com/pipermail/xmlsec/2005/002590.html > > (look into the other messages in this thread for names/emails > of OO.org guys). > > I never heard back from OO.org folks so I really don't know > the current state of this patch :( > > > Aleksey > > ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] What's version included into OOo?
Hi, Who handling modified version xmlsec? Did you update on a latest xmlsec from OOo xmlsec patch? Takahiro Aleksey Sanin wrote: > OO.org uses modified version of xmlsec which I can not > support. Thus you might want to ask this question in > OO.org mailing list. > > Best, > Aleksey > > 野口隆弘 wrote: > >> Hi, >> >> Please let me know, what version the xmlsec included into OpenOffice.org? >> My certificate could not sign on OOo writer document. >> I want to check signature module with OOo. >> >> BTW, >> The MS Word has a cool plugin of dignature and timestamp as >> documentsignature. >> https://www.uspsepm.com/info/main.adate >> >> Thanks, >> Takahiro Noguchi >> >> ___ >> xmlsec mailing list >> xmlsec@aleksey.com >> http://www.aleksey.com/mailman/listinfo/xmlsec >> > > ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] What's version included into OOo?
Hi, Please let me know, what version the xmlsec included into OpenOffice.org? My certificate could not sign on OOo writer document. I want to check signature module with OOo. BTW, The MS Word has a cool plugin of dignature and timestamp as documentsignature. https://www.uspsepm.com/info/main.adate Thanks, Takahiro Noguchi ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] XAdES new spec at 2006-03-01
FYI, An new XAdES spec "ETSI TS 101 903 V1.3.2(2006-03)" published. OASIS XAdES Working Draft 07, 3 April 2006 http://www.oasis-open.org/committees/download.php/17485/oasis-dss-1.0-profiles-XAdES-spec-wd-07.doc EPM(Electronic PostMark) profile Committee Draft, 24 Dec. 2004 http://docs.oasis-open.org/dss/oasis-dss-1.0-profiles-epm-spec-cd-01.pdf I hope the xmlsec will support XAdES, like a OpenXAdES.org. Thanks, Takahiro Noguchi ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec