[xmlsec] Static compile
Hi Aleksey, Hi, I compiled libxml2, libxslt, xmlsec, and the openssl crypto Libary as Multithread Dll and static. This works fine, but when I try to load the library into my application I got the following link errors. xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlFree xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlMalloc xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxFinalize xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxVerify xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecNodeSignature xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecKeysMngrDestroy xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecBase64Decode xmlsec.obj : error LNK2001: unresolved external symbol _xmlStrlen xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecBufferReadFile xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecBufferInitialize xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigNs xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecFindChild xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecFindNode xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxInitialize xmlsec.obj : error LNK2001: unresolved external symbol _xmlDocGetRootElement xmlsec.obj : error LNK2001: unresolved external symbol _xmlParseFile xmlsec.obj : error LNK2001: unresolved external symbol _xmlFreeDoc xmlsec.obj : error LNK2001: unresolved external symbol _xmlFreeDtd xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppKeysMngrCertLoadMemory xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppDefaultKeysMngrInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecKeysMngrCreate xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecCheckVersionExt xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecInit xmlsec.obj : error LNK2001: unresolved external symbol _xmlInitParser Any ideas? thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Static compile
I made this defines! -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 20. März 2007 15:42 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Static compile https://www.aleksey.com/xmlsec/api/xmlsec-notes-compiling-windows.html #define LIBXML_STATIC #define LIBXSLT_STATIC #define XMLSEC_STATIC Aleksey Jürgen Heiss wrote: Hi Aleksey, Hi, I compiled libxml2, libxslt, xmlsec, and the openssl crypto Libary as Multithread Dll and static. This works fine, but when I try to load the library into my application I got the following link errors. xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlFree xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlMalloc xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxFinalize xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxVerify xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecNodeSignature xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecKeysMngrDestroy xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecBase64Decode xmlsec.obj : error LNK2001: unresolved external symbol _xmlStrlen xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecBufferReadFile xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecBufferInitialize xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigNs xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecFindChild xmlsec.obj : error LNK2001: unresolved external symbol _xmlSecFindNode xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecDSigCtxInitialize xmlsec.obj : error LNK2001: unresolved external symbol _xmlDocGetRootElement xmlsec.obj : error LNK2001: unresolved external symbol _xmlParseFile xmlsec.obj : error LNK2001: unresolved external symbol _xmlFreeDoc xmlsec.obj : error LNK2001: unresolved external symbol _xmlFreeDtd xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppKeysMngrCertLoadMemory xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppDefaultKeysMngrInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecKeysMngrCreate xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecOpenSSLAppInit xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecCheckVersionExt xmlsec.obj : error LNK2001: unresolved external symbol __imp__xmlSecInit xmlsec.obj : error LNK2001: unresolved external symbol _xmlInitParser Any ideas? thanks Jürgen -- -- ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Troubles with xPointer
Hi, Something doesn't work with the xPointer. This is a part of my xmlfile. dsig:Reference Id=etsi-data-reference-0-1172582018-20293312-702 Type=http://uri.etsi.org/01903/v1.1.1#SignedProperties http://uri.etsi.org/01903/v1.1.1#SignedProperties URI=#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1172582018-20293312-30582')/child::etsi:QualifyingProperties/child::etsi:SignedProperties) dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValueOQXGzv7kDEF+1MF/MqC49V2bPeQ=/dsig:DigestValue /dsig:Reference Everything went fine, till the Function xmlSecTransformMemBufGetBuffer(transform); ctx-result = xmlSecTransformMemBufGetBuffer(transform); xmlSecBufferPtr xmlSecTransformMemBufGetBuffer(xmlSecTransformPtr transform) { xmlSecBufferPtr buffer; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), NULL); buffer = xmlSecTransformMemBufGetBuf(transform); xmlSecAssert2(buffer != NULL, NULL); return(buffer); } Transform look alright, doesn't it? But the result buffer always ist NULL? - transform 0x029ab660 {id=0x10061280 xmlSecTransformMemBufKlass operation=xmlSecTransformOperationNone status=xmlSecTransformStatusNone ...} _xmlSecTransform * + id 0x10061280 xmlSecTransformMemBufKlass const _xmlSecTransformKlass * operation xmlSecTransformOperationNone xmlSecTransformOperation status xmlSecTransformStatusNone xmlSecTransformStatus + hereNode 0x {_private=??? type=??? name=??? ...} _xmlNode * + next 0x {id=??? operation=??? status=??? ...} _xmlSecTransform * + prev 0x029adf50 {id=0x0085a240 xmlSecOpenSSLSha1Klass operation=xmlSecTransformOperationVerify status=xmlSecTransformStatusNone ...} _xmlSecTransform * + inBuf {data=0x Bad Ptr size=0 maxSize=0 ...} _xmlSecBuffer + outBuf {data=0x Bad Ptr size=0 maxSize=0 ...} _xmlSecBuffer + inNodes 0x {nodes=??? doc=??? destroyDoc=??? ...} _xmlSecNodeSet * + outNodes 0x {nodes=??? doc=??? destroyDoc=??? ...} _xmlSecNodeSet * reserved0 0x void * reserved1 0x void * 0x 0 int - buffer 0x029ab6a8 {data=0x Bad Ptr size=0 maxSize=0 ...} _xmlSecBuffer * + data 0x Bad Ptr unsigned char * size 0 unsigned int maxSize 0 unsigned int allocMode xmlSecAllocModeDouble xmlSecAllocMode Does some one have any idea, what I can check or does someone else have this problem? thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Problem with xpointer
Of course ;o) -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Montag, 12. März 2007 16:39 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Problem with xpointer Did you setup ID attributes properly? http://www.aleksey.com/xmlsec/faq.html Aleksey Jürgen Heiss wrote: Hi everbody, does someone know why the transform always failse? When I use a xpointer URI I always get an error? dsig:Reference Id=etsi-data-reference-0-1172582018-20293312-702 Type=http://uri.etsi.org/01903/v1.1.1#SignedProperties; URI=#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('e tsi-data-object-0-1172582018-20293312-30582')/child::etsi:QualifyingPr operties/child::etsi:SignedProperties) dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValueOQXGzv7kDEF+1MF/MqC49V2bPeQ=/dsig:DigestValue /dsig:Reference Any ideas? Thanks -- -- ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Question about Card readers and token
Hi Aleksey, I have one more question about card readers and token. In the moment i use msCrypto to sign my XMl files. I simply set the dsig:keyName and the mscrypto takes the correct certificate. No matter if the certificate is on a chip card or an a token everything works fine. No I want to use OpenSSL as my crypto API, how can I use successfully with cards and token? Thanks in advance Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Support for ecdsa-sha1
Hi Alex, Does the xmlsec Library support the the 'ecdsa-sha1' Signature Algorithm? I'm using mscrypto but I didn't find a way the verify a xml File which was signed with the 'ecdsa-sha1' algorithm. Thanks in advance and best regards Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Support for ecdsa-sha1
Hi Alex, Hmm, can you please tell me what I need to implant such an algorithm? Thanks Jürgen -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 01. März 2007 01:56 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Support for ecdsa-sha1 No, it does not support it https://www.aleksey.com/xmlsec/xmlenc.html Aleksey Jürgen Heiss wrote: Hi Alex, Does the xmlsec Library support the the 'ecdsa-sha1' Signature Algorithm? I'm using mscrypto but I didn't find a way the verify a xml File which was signed with the 'ecdsa-sha1' algorithm. Thanks in advance and best regards Jürgen -- -- ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] problems by xmlSecKeysMngrFindKey
I forgot to tell that I'm using mscrypto. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jürgen HeissSent: Dienstag, 10. Oktober 2006 11:06To: xmlsec@aleksey.comSubject: [xmlsec] problems by xmlSecKeysMngrFindKey I try to Find a Key but it always returns Null. xmlSecKeysMngrPtr mngr = xmlSecKeysMngrCreate(); xmlSecCryptoAppDefaultKeysMngrInit(mngr); /* locate and load key you want to use */ xmlSecKeyInfoCtxPtr keyInfoCtx = xmlSecKeyInfoCtxCreate(mngr); xmlSecKeyPtr key = xmlSecKeysMngrFindKey(mngr, (xmlChar *)"dummy", keyInfoCtx); I my computer exists a certificate with the name CN=dummy. any ideas what went wrong? ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] problems by xmlSecKeysMngrFindKey
Hi Wouter, Yes I use this three Init Functions. I don't get any error, "just" the result is always NULL. The parm (name) in the FindKey Functionis the friendly name of the cert, or should it be something else. From: Wouter Ketting [mailto:[EMAIL PROTECTED] Sent: Dienstag, 10. Oktober 2006 11:38To: Jürgen HeissCc: xmlsec@aleksey.comSubject: Re: [xmlsec] problems by xmlSecKeysMngrFindKey As far as I know it is the same mechanism as used internally... Did you initialize xmlsec lib properly (probably a redundant question, but you never know):xmlSecInit();xmlSecCryptoAppInit(NULL);xmlSecCryptoInit(); Also, do you get any error messages anywhere? Or the key is simply not found?Wouter On 10/10/06, Jürgen Heiss [EMAIL PROTECTED] wrote: I forgot to tell that I'm using mscrypto. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jürgen HeissSent: Dienstag, 10. Oktober 2006 11:06To: xmlsec@aleksey.comSubject: [xmlsec] problems by xmlSecKeysMngrFindKey I try to Find a Key but it always returns Null. xmlSecKeysMngrPtr mngr = xmlSecKeysMngrCreate(); xmlSecCryptoAppDefaultKeysMngrInit(mngr); /* locate and load key you want to use */ xmlSecKeyInfoCtxPtr keyInfoCtx = xmlSecKeyInfoCtxCreate(mngr); xmlSecKeyPtr key = xmlSecKeysMngrFindKey(mngr, (xmlChar *)"dummy", keyInfoCtx); I my computer exists a certificate with the name CN=dummy. any ideas what went wrong?___xmlsec mailing listxmlsec@aleksey.comhttp://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Pin Caching
Hi, I'm using a ReinerSct Card Reader to sign my files. This Card reader use PinCaching. This means if I want to sign 3 files I only need totype in the PinCount and the PIN one time on the CardReader. do { if(xmlSecDSigCtxInitialize(dsigCtx, gKeysMngr) 0) {fprintf(stderr, "Error: dsig context initialization failed\n");return(-1);} if(xmlSecAppPrepareDSigCtx(dsigCtx) 0) {fprintf(stderr, "Error: dsig context preparation failed\n");goto done;} /* parse template and select start node */data = "" xmlSecNodeSignature, xmlSecDSigNs);if(data == NULL) {fprintf(stderr, "Error: failed to load template \"%s\"\n", filename);goto done;} /* sign */start_time = clock();if(xmlSecDSigCtxSign(dsigCtx, data-startNode) 0) {fprintf(stderr,"Error: signature failed \n");goto done;} ... ... } But every time when I call xmlSecDSigCtxSign I have to tell the Pin again to the card reader. I think this is because xmlSecDSigCtxSign Opens the MsCrypto Sign the file and close MsCrypto again. Does anyone have some ideas? Thanks ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] (no subject)
How can I turn off Keyname lookups? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 06. September 2006 17:32 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] (no subject) Most likely, xmlsec finds the key in the KeyManager by the key name. You can disable KeyName lookups though. Aleksey Jürgen Heiss wrote: Hi, this is a signed file, which has a Keyvalue tag. When I try to verify this file the datalist is empty. But the certificate exists in the signed file how can i access the certificate? Any ideas? key = dsigCtx.signKey; size = xmlSecPtrListGetSize(key-dataList); sdata = (*((dsigCtx).signKey)).dataList; tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key-dataList, pos); x509 = xmlSecMSCryptoKeyDataX509GetCert(tmp,pos); ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] (no subject)
Can you give me please a short example? Thanks Jürgen -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 07. September 2006 09:24 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] (no subject) Search xmlsec command line utility sources for enabledKeyData Aleksey Jürgen Heiss wrote: Well we discussed but never you told me how I can disable Keyname lookup ;o) -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 07. September 2006 09:02 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] (no subject) How can I turn off Keyname lookups? We already discussed this few months ago http://www.aleksey.com/pipermail/xmlsec/2006/003403.html Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] (no subject)
Hi, this is a signed file, which has a Keyvalue tag. When I try to verify this file the datalist is empty. But the certificate exists in the signed file how can i access the certificate? Any ideas? key = dsigCtx.signKey;size = xmlSecPtrListGetSize(key-dataList);sdata = (*((dsigCtx).signKey)).dataList; tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key-dataList, pos);x509 = xmlSecMSCryptoKeyDataX509GetCert(tmp,pos); ?xml version=1.0 encoding=UTF-8? eb:Invoice eb:Cancellation=false eb:GeneratingSystem=MESONIC WINLine 8.4 (Build 1112) xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; xmlns:eb=http://www.ebinterface.at/schema/2p0/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd;ds:Signature xmlns:ds=http://www.w3.org/2000/09/xmldsig#;ds:SignedInfods:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#/ds:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ds:Reference URI=ds:Transformsds:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ds:Transform Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#//ds:Transformsds:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ds:DigestValueh9SEnrXYucR7MbDm/8Y6eozke+4=/ds:DigestValue/ds:Reference/ds:SignedInfods:SignatureValuekDMo0A6QWH+x69kRFhcaLXD/FYG2zwBTz1kSJpFtiAMaSiyY5E5TpWQXkhju0SajVl1ho+hn jGGyaL3RR+lYNT+56fpWn0IjmQX4nTXXsBzCuD6PNDMajcfLM47fjL8rN1Xjq+xlmXYeH0lx 7boQKwEaWUuP4XYMG0YdSiz54zU=/ds:SignatureValueds:KeyInfods:KeyNamePublic key of certificate/ds:KeyNameds:KeyValueds:RSAKeyValueds:ModuluswFhWwYRl32Bop5lAO1A/QtlqfB3keVfC5VjF2F78BNuQI5IURQOnQoqDt5upCPr0yCzMNWU2 iwNY6iBrg+XQeqz5IjctP1gDv5LgRnFi2aqABOPOkGQV6CG1M/IfN0w4BxMcCifkYkNdDip6 BLKWD7lSxXgCBxJyZ66ZCFbj1w0=/ds:Modulusds:ExponentAQAB/ds:Exponent/ds:RSAKeyValue/ds:KeyValueds:X509Datads:X509CertificateMIIFezCCBGOgAwIBAgICA5MwDQYJKoZIhvcNAQEFBQAwgcwxCzAJBgNVBAYTAkFUMRAwDgYD VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExOjA4BgNVBAoTMUFSR0UgREFURU4gLSBB dXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3RlY3Rpb24xJTAjBgNVBAsTHEEtQ0VSVCBD ZXJ0aWZpY2F0aW9uIFNlcnZpY2UxGDAWBgNVBAMTD0EtQ0VSVCBBRFZBTkNFRDEdMBsGCSqG SIb3DQEJARYOaW5mb0BhLWNlcnQuYXQwHhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MDAwMDAw WjCBqjELMAkGA1UEBhMCQVQxEjAQBgNVBAcTCU1hdWVyYmFjaDEtMCsGA1UEChMkVGVzdDog TUVTT05JQyBEYXRlbnZlcmFyYmVpdHVuZyBHbWJIMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEf MB0GA1UEAxMWSnVlcmdlbiBIZWlzcywgIChUZXN0KTEhMB8GCSqGSIb3DQEJARYSamhlaXNz QG1lc29uaWMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAWFbBhGXfYGinmUA7 UD9C2Wp8HeR5V8LlWMXYXvwE25AjkhRFA6dCioO3m6kI+vTILMw1ZTaLA1jqIGuD5dB6rPki Ny0/WAO/kuBGcWLZqoAE486QZBXoIbUz8h83TDgHExwKJ+RiQ10OKnoEspYPuVLFeAIHEnJn rpkIVuPXDQIDAQABo4ICCTCCAgUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUfdYGf3dEJcco a1DrTQ0D9VbMIOcwHwYDVR0jBBgwFoAUN38+PplxYMok1JETedB0KbSoJNgwHQYDVR0RBBYw FIESamhlaXNzQG1lc29uaWMuY29tMC8GA1UdEgQoMCaBDmluZm9AYS1jZXJ0LmF0hhRodHRw Oi8vd3d3LmEtY2VydC5hdDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LmEtY2VydC5h dC9zdGF0aWMvYWR2YW5jZWQuY3JsMA4GA1UdDwEB/wQEAwIE8DAxBggrBgEFBQcBAQQlMCMw IQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmEtY2VydC5hdDARBglghkgBhvhCAQEEBAMCBPAw UQYDVR0gBEowSDBGBggqKAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2Vy dC5hdC9jZXJ0aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3 dy5hLWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwNAYJYIZIAYb4QgENBCcWJUEt Q0VSVCBBRFZBTkNFRCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UwDgYHKigAGAQBAAQDAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQANGWHWLZHDXGJeISXmONePjdLKBay4jOiUzrN+xBeCwX5nwoAz Ogs/F75x1vDE2NTbQ2LLjlXJlTXwTDlZEt05GhHc7Ic6uX99pSrc2iWTyGP+XxnjV4CPB9y0 nOLOHrVcIdrTzfGgEtOSBVm3cO6FCwdFJKhRjf+vW9C7vkFhqFQoO/9lM2YILvFyvoi1jnZG rjEFEbx/Gi9dMZbic/agIThnyCBs4PieIN5bEo0AaOrRC0Lj0/QNrXHh/S85pYsKb1EICz/r pRHwpDZ1kxORCeW9Z13yCadInNdgYtdHLXJi1W50Jl6CFJF89BJDMiXdujw/yFRWk2wEmHn3 NBtn/ds:X509Certificate/ds:X509Data/ds:KeyInfo/ds:Signatureeb:InvoiceNumberFA-2354/eb:InvoiceNumbereb:InvoiceDate2006-07-25/eb:InvoiceDateeb:Deliveryeb:Date2006-07-25/eb:Dateeb:Addresseb:SalutationFirma/eb:Salutationeb:NameAnnas Sportwelt/eb:Nameeb:StreetLinzer Str. 12/eb:Streeteb:TownAltheim/eb:Towneb:ZIP4950/eb:ZIPeb:Country#214;sterreich/eb:Countryeb:ContactHerr Sebastian/eb:Contact/eb:Address/eb:Deliveryeb:Billereb:VATIdentificationNumberATU74589652/eb:VATIdentificationNumbereb:InvoiceRecipientsBillerID230ANNA/eb:InvoiceRecipientsBillerIDeb:Addresseb:NameFun amp; Workout/eb:Nameeb:StreetHerzog Friedrich Pl./eb:Streeteb:TownMauerbach/eb:Towneb:ZIP3001/eb:ZIPeb:CountryA/eb:Countryeb:Phone+43 1 970 30/eb:Phoneeb:Email[EMAIL PROTECTED]/eb:Emaileb:ContactHerr Walter/eb:Contacteb:AddressExtensionSport amp; Fitness/eb:AddressExtension/eb:Address/eb:Billereb:InvoiceRecipienteb:VATIdentificationNumberATU44026601/eb:VATIdentificationNumbereb:BillersInvoiceRecipientID230A001/eb:BillersInvoiceRecipientIDeb:Addresseb:SalutationFirma/eb:Salutationeb:NameAnnas Sportwelt/eb:Nameeb:StreetLinzer Str.
[xmlsec] need help get cert in memory
node = xmlSecFindNode(xmlDocGetRootElement(doc), "X509Certificate", xmlSecDSigNs);strcpy(certbase64, node-children-content); // so if I save certbase64 to a file like xxx.cer it will be a valid certifcate. Me question is now how can I get acces into the xmlsec on this certficate. like x509 = xmlSecMSCryptoKeyDataX509GetCert(tmp,pos); Is there a way to load the cert from file ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Problems to verify with openssl
If its like this, why its works under mscrypto? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 05. September 2006 16:29 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Problems to verify with openssl func=xmlSecOpenSSLX509StoreVerify:file=..\src\openssl\x509vfy.c:line=351:obj=x50 9-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate There is no trusted certificate to verify the certificate in the signature file. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Help by signing
Hi, I sign an xml template like. xmlsec --sign --crypto mscrypto --pkcs12 c:\cert.p12 --pwd sectret c:\template.xml This works fine ;o) but how can I sign an XMl file if I don't have the certifiacte as file? I mean if the Certifiacte is in the windows registry or if the cert file is on a token or Card? Any Ideas? ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Need urgend help -- sign with mscrypto
Hi, I tried really everthing, but I can't sing this XML-File. The file will be signed but the Keyvalue Tags ARE EMPTY! I use the commandline tool: xmlsec --sign --crypto mscrypt template.xml Please give me a helping hand Thnkas jürgen Dummy.pfx Description: Dummy.pfx ?xml version=1.0 encoding=ISO-8859-1? eb:Invoice xmlns:eb=http://www.ebinterface.at/schema/2p0/; xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd; eb:Cancellation=false eb:GeneratingSystem=MESONIC WINLine 8.4 (Build 1112) dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI= dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValue/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValue/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:KeyValue /dsig:KeyValue dsig:X509Data /dsig:X509Data /dsig:KeyInfo /dsig:Signature eb:InvoiceNumberFA-2336/eb:InvoiceNumber eb:InvoiceDate2006-05-03/eb:InvoiceDate eb:Delivery eb:Date2006-05-03/eb:Date eb:Address eb:SalutationFirma/eb:Salutation eb:NameAnnas Sportwelt/eb:Name eb:StreetLinzer Str. 12/eb:Street eb:TownAltheim/eb:Town eb:ZIP4950/eb:ZIP eb:CountryÖsterreich/eb:Country eb:ContactHerr Sebastian/eb:Contact /eb:Address /eb:Delivery eb:Biller eb:VATIdentificationNumberATU74589652/eb:VATIdentificationNumber eb:InvoiceRecipientsBillerID230ANNA/eb:InvoiceRecipientsBillerID eb:Address eb:NameFun amp; Workout/eb:Name eb:StreetHerzog Friedrich Pl./eb:Street eb:TownMauerbach/eb:Town eb:ZIP3001/eb:ZIP eb:CountryA/eb:Country eb:Phone+43 1 970 30/eb:Phone eb:Email[EMAIL PROTECTED]/eb:Email eb:ContactHerr Walter/eb:Contact eb:AddressExtensionSport amp; Fitness/eb:AddressExtension /eb:Address /eb:Biller eb:InvoiceRecipient eb:VATIdentificationNumberATU44026601/eb:VATIdentificationNumber eb:BillersInvoiceRecipientID230A001/eb:BillersInvoiceRecipientID eb:Address eb:SalutationFirma/eb:Salutation eb:NameAnnas Sportwelt/eb:Name eb:StreetLinzer Str. 12/eb:Street eb:TownAltheim/eb:Town eb:ZIP4950/eb:ZIP eb:CountryÖsterreich/eb:Country eb:ContactHerr Sebastian/eb:Contact /eb:Address /eb:InvoiceRecipient eb:Details eb:ItemList eb:ListType=structured eb:ListLineItem eb:ListElement eb:Usage=Number eb:Type=IdentifierType10001/eb:ListElement eb:ListElement eb:Usage=Description eb:Type=StringTypeRennrad 26 /eb:ListElement eb:ListElement eb:Usage=CustomersArticleNumber eb:Type=IdentifierType10001/eb:ListElement eb:ListElement eb:Usage=Quantity eb:Type=DecimalType eb:Unit=Units1.00/eb:ListElement eb:ListElement eb:Usage=Weight eb:Type=DecimalType15.60/eb:ListElement eb:ListElement eb:Usage=ReductionRate eb:Type=DecimalType-7.85/eb:ListElement eb:ListElement eb:Usage=TaxRate eb:Type=DecimalType20.00/eb:ListElement eb:ListElement eb:Usage=UnitPrice eb:Type=AmountType eb:Unit=EUR381.51/eb:ListElement eb:ListElement eb:Usage=Amount eb:Type=AmountType eb:Unit=EUR351.56/eb:ListElement /eb:ListLineItem eb:ListLineItem eb:ListElement eb:Usage=Number eb:Type=IdentifierType90/eb:ListElement eb:ListElement eb:Usage=Description eb:Type=StringTypeVersandkosten/eb:ListElement eb:ListElement eb:Usage=CustomersArticleNumber eb:Type=IdentifierType90/eb:ListElement eb:ListElement eb:Usage=Quantity eb:Type=DecimalType eb:Unit=Units1.00/eb:ListElement eb:ListElement eb:Usage=Weight eb:Type=DecimalType0.00/eb:ListElement eb:ListElement eb:Usage=ReductionRate eb:Type=DecimalType-5.00/eb:ListElement eb:ListElement eb:Usage=TaxRate eb:Type=DecimalType20.00/eb:ListElement eb:ListElement eb:Usage=UnitPrice eb:Type=AmountType eb:Unit=EUR0.00/eb:ListElement eb:ListElement eb:Usage=Amount eb:Type=AmountType eb:Unit=EUR0.00/eb:ListElement /eb:ListLineItem eb:ListLineItem eb:ListElement eb:Usage=Number eb:Type=IdentifierType99/eb:ListElement eb:ListElement eb:Usage=Description eb:Type=StringTypeVersicherung/eb:ListElement eb:ListElement eb:Usage=CustomersArticleNumber eb:Type=IdentifierType99/eb:ListElement eb:ListElement eb:Usage=Quantity eb:Type=DecimalType eb:Unit=Units1.00/eb:ListElement eb:ListElement eb:Usage=Weight eb:Type=DecimalType0.00/eb:ListElement eb:ListElement eb:Usage=ReductionRate eb:Type=DecimalType-5.00/eb:ListElement eb:ListElement eb:Usage=TaxRate eb:Type=DecimalType20.00/eb:ListElement eb:ListElement
RE: [xmlsec] KeyValue by MsCrypto
Hi Aleksey, I tried the following template [...] dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:KeyValue /dsig:KeyValue dsig:X509Data [...] signed dsig:SignatureValueWxW5734Emf4kpGQWFNOCA9x0djPw6VNYK3NRTALozYrHcVmLqFjnec/a6L5qBZv6 bkW4HF5f34chLREq7DhehES0FETV3t7tXft9GrSMx1SN0WDu53o1UB1yC1XbQz2H E6dRq9bqDO2b+/S+G4pOPkAajChkiAdh3vhVSjOCMdM=/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:KeyValue /dsig:KeyValue dsig:X509Data I used the commandline tool to sign. xmlsec --sign --crypto mscrypto --output template.xml output.xml -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Freitag, 25. August 2006 16:59 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] KeyValue by MsCrypto So, I believe that openssl can not verify it because the KeyValue is empty... Thus, the question is: why mscrypto does not want to write public key info into the document?. Do you have any errors on the output? Can you try to use the following template (just key value node w/o any content), please? dsig:KeyValue/dsig:KeyValue Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] KeyValue by MsCrypto
I sign like you using --pkcs12 I my pkcs12 File. But still it doen't work ;o( -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Montag, 28. August 2006 08:56 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] KeyValue by MsCrypto No, I didn't get any error! Here are the tmeplate and the signed file. Maybe I do something wrong. I can sign the file with mscrypto and I get KeyValue using the following command xmlsec.exe --sign --pkcs12 xmlsec/keys/rsakey.p12 --pwd secret template.xml The only idea I have is that for some reasons mscrypto does not give the key value for the key stored on a token. Though, it is strange since this is a public key... Where do you get the key from? Aleksey ?xml version=1.0 encoding=ISO-8859-1? eb:Invoice xmlns:eb=http://www.ebinterface.at/schema/2p0/; xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd; eb:Cancellation=false eb:GeneratingSystem=MESONIC WINLine 8.4 (Build 1112) dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI= dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValuet9CYi0oPzfZXuVzKKKx/wSaAwj4=/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValueWxW5734Emf4kpGQWFNOCA9x0djPw6VNYK3NRTALozYrHcVmLqFjnec/a6L5qBZv6 bkW4HF5f34chLREq7DhehES0FETV3t7tXft9GrSMx1SN0WDu53o1UB1yC1XbQz2H E6dRq9bqDO2b+/S+G4pOPkAajChkiAdh3vhVSjOCMdM=/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:KeyValue /dsig:KeyValue dsig:X509Data X509Certificate xmlns=http://www.w3.org/2000/09/xmldsig#;MIIFezCCBGOgAwIBAgICA5MwDQYJKoZIhvcNAQEFBQAwgcwxCzAJBgNVBAYTAkFU MRAwDgYDVQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExOjA4BgNVBAoTMUFS R0UgREFURU4gLSBBdXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3RlY3Rpb24x JTAjBgNVBAsTHEEtQ0VSVCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UxGDAWBgNVBAMT D0EtQ0VSVCBBRFZBTkNFRDEdMBsGCSqGSIb3DQEJARYOaW5mb0BhLWNlcnQuYXQw HhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MDAwMDAwWjCBqjELMAkGA1UEBhMCQVQx EjAQBgNVBAcTCU1hdWVyYmFjaDEtMCsGA1UEChMkVGVzdDogTUVTT05JQyBEYXRl bnZlcmFyYmVpdHVuZyBHbWJIMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEfMB0GA1UE AxMWSnVlcmdlbiBIZWlzcywgIChUZXN0KTEhMB8GCSqGSIb3DQEJARYSamhlaXNz QG1lc29uaWMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAWFbBhGXf YGinmUA7UD9C2Wp8HeR5V8LlWMXYXvwE25AjkhRFA6dCioO3m6kI+vTILMw1ZTaL A1jqIGuD5dB6rPkiNy0/WAO/kuBGcWLZqoAE486QZBXoIbUz8h83TDgHExwKJ+Ri Q10OKnoEspYPuVLFeAIHEnJnrpkIVuPXDQIDAQABo4ICCTCCAgUwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUfdYGf3dEJccoa1DrTQ0D9VbMIOcwHwYDVR0jBBgwFoAU N38+PplxYMok1JETedB0KbSoJNgwHQYDVR0RBBYwFIESamhlaXNzQG1lc29uaWMu Y29tMC8GA1UdEgQoMCaBDmluZm9AYS1jZXJ0LmF0hhRodHRwOi8vd3d3LmEtY2Vy dC5hdDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LmEtY2VydC5hdC9zdGF0 aWMvYWR2YW5jZWQuY3JsMA4GA1UdDwEB/wQEAwIE8DAxBggrBgEFBQcBAQQlMCMw IQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmEtY2VydC5hdDARBglghkgBhvhCAQEE BAMCBPAwUQYDVR0gBEowSDBGBggqKAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRw Oi8vd3d3LmEtY2VydC5hdC9jZXJ0aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgB hvhCAQgELhYsaHR0cDovL3d3dy5hLWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5 Lmh0bWwwNAYJYIZIAYb4QgENBCcWJUEtQ0VSVCBBRFZBTkNFRCBDZXJ0aWZpY2F0 aW9uIFNlcnZpY2UwDgYHKigAGAQBAAQDAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAN GWHWLZHDXGJeISXmONePjdLKBay4jOiUzrN+xBeCwX5nwoAzOgs/F75x1vDE2NTb Q2LLjlXJlTXwTDlZEt05GhHc7Ic6uX99pSrc2iWTyGP+XxnjV4CPB9y0nOLOHrVc IdrTzfGgEtOSBVm3cO6FCwdFJKhRjf+vW9C7vkFhqFQoO/9lM2YILvFyvoi1jnZG rjEFEbx/Gi9dMZbic/agIThnyCBs4PieIN5bEo0AaOrRC0Lj0/QNrXHh/S85pYsK b1EICz/rpRHwpDZ1kxORCeW9Z13yCadInNdgYtdHLXJi1W50Jl6CFJF89BJDMiXd ujw/yFRWk2wEmHn3NBtn/X509Certificate /dsig:X509Data /dsig:KeyInfo /dsig:Signature eb:InvoiceNumberFA-2336/eb:InvoiceNumber eb:InvoiceDate2006-05-03/eb:InvoiceDate eb:Delivery eb:Date2006-05-03/eb:Date eb:Address eb:SalutationFirma/eb:Salutation eb:NameAnnas Sportwelt/eb:Name eb:StreetLinzer Str. 12/eb:Street eb:TownAltheim/eb:Town eb:ZIP4950/eb:ZIP eb:CountryÖsterreich/eb:Country eb:ContactHerr Sebastian/eb:Contact /eb:Address /eb:Delivery eb:Biller eb:VATIdentificationNumberATU74589652/eb:VATIdentificationNumber eb:InvoiceRecipientsBillerID230ANNA/eb:InvoiceRecipientsBillerID eb:Address eb:NameFun amp; Workout/eb:Name eb:StreetHerzog Friedrich Pl./eb:Street eb:TownMauerbach/eb:Town eb:ZIP3001/eb:ZIP eb:CountryA/eb:Country eb:Phone+43 1 970 30/eb:Phone eb:Email[EMAIL PROTECTED]/eb:Email eb:ContactHerr Walter/eb:Contact eb:AddressExtensionSport amp; Fitness/eb:AddressExtension /eb:Address /eb:Biller eb:InvoiceRecipient
RE: [xmlsec] Trouble by verification
Is there a way to get the certificate using the commandline tool? -Original Message- From: Jürgen Heiss Sent: Freitag, 25. August 2006 08:48 To: 'Aleksey Sanin' Cc: xmlsec@aleksey.com Subject: RE: [xmlsec] Trouble by verification Hi Aleksey, Well with the commandline tool it works fine ;o) But can you tell me please how I can get the x509 Cert now? Before I use xmlSecKeyDataPtr tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key-dataList, pos); PCCERT_CONTEXT x509 = xmlSecMSCryptoKeyDataX509GetCert(tmp,pos); But how I can use this if key-dataList == NULL? Is there an other way the get the x509 cert? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. August 2006 17:20 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification For simplest case, yes. But you might want to take a look at the help http://www.aleksey.com/xmlsec/xmlsec-man.html Aleksey Jürgen Heiss wrote: How is the command for the command line tool? Xmlsec --verify filename -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. August 2006 17:17 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification Note that at this point hindsight.signKey-dataList == NULL ! Well, it might be OK because your key has a name and a value only. There is nothing to put in the dataList. Please, try to verify your signature with xmlsec command line tool! Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] KeyValue by MsCrypto
I sign my File by using an template. I till now works fine with mscrypto. But when I try to verify the files with openSSL. I got an Error. After debugging I found out that the problems are some missing tags. dsig:KeyValue dsig:RSAKeyValue dsig:Modulus/dsig:Modulus dsig:Exponent/dsig:Exponent /dsig:RSAKeyValue /dsig:KeyValue With this tags the verification in openssl work too. But still I have the problem that I don't know how to fill this tags! When I try to sign this with the command line tool (openssl) I got an error. error D:\XMLSec\libxmlsec-1.2.8.win32\binxmlsec --sign --crypto openssl --output d:\x mlsigner\out\ssl.xml d:\xmlsigner\in\new.xml func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKe ysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown: subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi gCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file d:\xmlsigner\in\new.xml When I sign with mscrypto it works but the tag(KeyValue) are empty. The File I want to sign ?xml version=1.0 encoding=ISO-8859-1? eb:Invoice xmlns:eb=http://www.ebinterface.at/schema/2p0/; xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://www.ebinterface.at/schema/2p0/ http://www.ebinterface.at/schema/2p0/Invoice.xsd; eb:Cancellation=false eb:GeneratingSystem=MESONIC WINLine 8.4 (Build 1112) dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI= dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValue/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValue/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameSomeBody/dsig:KeyName dsig:KeyValue dsig:RSAKeyValue dsig:Modulus/dsig:Modulus dsig:Exponent/dsig:Exponent /dsig:RSAKeyValue /dsig:KeyValue dsig:X509Data /dsig:X509Data /dsig:KeyInfo /dsig:Signature .. Thanks for any help. ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Trouble by verification
Please note that I use the binarys ;o( node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); /* sign */ start_time = clock(); if(xmlSecDSigCtxInitialize(dsigCtx, gKeysMngr) 0) return -1; if(xmlSecDSigCtxVerify(dsigCtx, node) 0) { xmlSecDSigCtxFinalize(dsigCtx); if(data != NULL) xmlSecAppXmlDataDestroy(data); return V_NOSIGNATUR; } Note that at this point dsigCtx.signKey-dataList == NULL ! -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 23. August 2006 17:35 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification There should be an error reported. Can you put a breakpoint in the xmlSecError() function? Can you try to verify the file using xmlsec command line tool? Aleksey Jürgen Heiss wrote: Its not directly an error msg ;o( The problem is that I get an dsig.signKey but the datalist from the signkey is empty! If I remove the blue lines it works! Any idea? ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Trouble by verification
How is the command for the command line tool? Xmlsec --verify filename -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. August 2006 17:17 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification Note that at this point hindsight.signKey-dataList == NULL ! Well, it might be OK because your key has a name and a value only. There is nothing to put in the dataList. Please, try to verify your signature with xmlsec command line tool! Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Trouble by verification
Its not directly an error msg ;o( The problem is that I get an dsig.signKey but the datalist from the signkey is empty! If I remove the blue lines it works! Any idea? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 23. August 2006 17:02 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Trouble by verification When I try to verify this file I got an error msg. What does the error message say? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] RE: Need urgent help for verify
Hi, Is there a way to load a PCCERT_CONTEXT into the KeyManager? For example something like. xmlSecPtrListAdd( PCCERT_CONTEXT,)? Thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] RE: Need urgent help for verify
By the way. I can verify the xml file now if I load the root certificate before verify. xmlSecCryptoAppKeysMngrCertLoad (keyMngr, rootcert ). Is there also a way to load the root cert into the keymanager if the root cert is already in one PCCERT_CONTEXT struct? Thanks for any help Jürgen -Original Message- From: Jürgen Heiss Sent: Freitag, 02. Juni 2006 11:26 To: 'xmlsec@aleksey.com' Subject: RE: [xmlsec] RE: Need urgent help for verify Hi, Is there a way to load a PCCERT_CONTEXT into the KeyManager? For example something like. xmlSecPtrListAdd( PCCERT_CONTEXT,)? Thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] RE: Need urgent help for verify
Hi everybody, Well you are right, its really the Keyname. So if I remove the Keyname it works. But of course the document isn't anymore valid. Is there a way always to ignore the keyname and use the the certificate by verify a signed document? What is the xmlSecDSigCtx::keyInfoReadCtx-enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx-enabledKeyData For? How must I use them? Thanks I advance. Jürgen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: Mittwoch, 31. Mai 2006 22:20 To: [EMAIL PROTECTED]; xmlsec@aleksey.com Subject: Re: [xmlsec] RE: Need urgent help for verify Yes xmlSecDSigCtx::keyInfoReadCtx-enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx-enabledKeyData Aleksey [EMAIL PROTECTED] wrote: Yes you are right !!! I forgot about that. You mean the --enabled-key-data list in the command line utility ? Where is this in the API ? in the Ctx ? - Original Message From: Aleksey Sanin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Jürgen Heiss [EMAIL PROTECTED]; xmlsec@aleksey.com Sent: Wednesday, May 31, 2006 2:31:14 PM Subject: Re: [xmlsec] RE: Need urgent help for verify Does it not make sense to check X509Certificate first ? Or must we consciously remove KeyName to avoid problems in the mscrypto world where the chances of actually having the public verification certificate in the verifiers mscrypto store is remote at best ? I think, that either signer or verifier should decide if KeyName makes sense for him/her or not. In xmlsec, there is a way to disable KeyName usage for verification, for example. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] RE: Need urgent help for verify
Ups I think I don't understand something. I call the function if(xmlSecDSigCtxVerify(dsigCtx, data-startNode) 0) And how it look this function look in the KeyName and try to get the certificate from the registry. But of course the certificate isn't registered. So, what if have to do the load the certificate which is In the signed XML-doucument. How I can tell the function xmlSecDSigCtxVerify to get the certificate from the signed xml File and to don't try to look in the registry because there it will be not? So how I can handle this that I always load the certificate with which the document was signed. Thanks Jürgen -Original Message- From: Edward Shallow [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 01. Juni 2006 12:30 To: Jürgen Heiss; 'Aleksey Sanin'; xmlsec@aleksey.com Subject: RE: [xmlsec] RE: Need urgent help for verify What do you mean the document is no longer valid ? If it verifies the References covered by the signature are valid. If the DN in the certificate refers to the same certifiacte as the friendly name in the KeyName, the KeyName is redundant. This is what I am doing. I am removing the Keyname for the verify and then putting it back in for consistency. Alternatively you can tell xmlsec which key sources to consult using the enabledKeyData list. I find this a pain and prefer to check the keys in each location myself. If you have created the signature yourself and are subsequently verifying it, you know they are the same. They should rarely differ. In fact I cannot think of an instance where the contents of X509Certificate should get overridden by KeyName in a Verify. Even when including issuer certificates, they end up as more than one X509Certificate. I buy that if X509Certifiate is not there one can consult KeyName, but rarely if ever the reverse. But that is just my opinion. I would like to see an order to the certificate search. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jürgen Heiss Sent: June 1, 2006 2:40 AM To: Aleksey Sanin; [EMAIL PROTECTED]; xmlsec@aleksey.com Subject: RE: [xmlsec] RE: Need urgent help for verify Hi everybody, Well you are right, its really the Keyname. So if I remove the Keyname it works. But of course the document isn't anymore valid. Is there a way always to ignore the keyname and use the the certificate by verify a signed document? What is the xmlSecDSigCtx::keyInfoReadCtx-enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx-enabledKeyData For? How must I use them? Thanks I advance. Jürgen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: Mittwoch, 31. Mai 2006 22:20 To: [EMAIL PROTECTED]; xmlsec@aleksey.com Subject: Re: [xmlsec] RE: Need urgent help for verify Yes xmlSecDSigCtx::keyInfoReadCtx-enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx-enabledKeyData Aleksey [EMAIL PROTECTED] wrote: Yes you are right !!! I forgot about that. You mean the --enabled-key-data list in the command line utility ? Where is this in the API ? in the Ctx ? - Original Message From: Aleksey Sanin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Jürgen Heiss [EMAIL PROTECTED]; xmlsec@aleksey.com Sent: Wednesday, May 31, 2006 2:31:14 PM Subject: Re: [xmlsec] RE: Need urgent help for verify Does it not make sense to check X509Certificate first ? Or must we consciously remove KeyName to avoid problems in the mscrypto world where the chances of actually having the public verification certificate in the verifiers mscrypto store is remote at best ? I think, that either signer or verifier should decide if KeyName makes sense for him/her or not. In xmlsec, there is a way to disable KeyName usage for verification, for example. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Need urgent help for verify
Hi, I use the following code to verify a signed file. The problem is now, the xmlSecDSigCtxVerify crahses if the certificate isn't installed on my machine!?! How can I check this file? Can I excract the certificate and load it into a xmlSecKeysMngrPtr? thanks for any help. some code if(xmlSecDSigCtxInitialize(dsigCtx, gKeysMngr) 0) return (V_INTERNAL); if(xmlSecAppPrepareDSigCtx(dsigCtx) 0) {xmlSecDSigCtxFinalize(dsigCtx);return V_INTERNAL;} /* parse template and select start node */data = "" xmlSecNodeSignature, xmlSecDSigNs);if(data == NULL) {xmlSecDSigCtxFinalize(dsigCtx);if(data != NULL) xmlSecAppXmlDataDestroy(data);return V_INTERNAL;} /* sign */start_time = clock();if(xmlSecDSigCtxVerify(dsigCtx, data-startNode) 0) ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] RE: Need urgent help for verify
Does really now one have any idea? Hi, I use the following code to verify a signed file. The problem is now, the xmlSecDSigCtxVerify crahses if the certificate isn't installed on my machine!?! How can I check this file? Can I excract the certificate and load it into a xmlSecKeysMngrPtr? thanks for any help. some code if(xmlSecDSigCtxInitialize(dsigCtx, gKeysMngr) 0) return (V_INTERNAL); if(xmlSecAppPrepareDSigCtx(dsigCtx) 0) {xmlSecDSigCtxFinalize(dsigCtx);return V_INTERNAL;} /* parse template and select start node */data = "" xmlSecNodeSignature, xmlSecDSigNs);if(data == NULL) {xmlSecDSigCtxFinalize(dsigCtx);if(data != NULL) xmlSecAppXmlDataDestroy(data);return V_INTERNAL;} /* sign */start_time = clock();if(xmlSecDSigCtxVerify(dsigCtx, data-startNode) 0) ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Question about Revokeliste
Hi Alexsey, I'm using MsCrypto Api. But I still have problems to load the crl ;o( -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 23. Mai 2006 03:41 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Question about Revokeliste Aleksey Sanin wrote: ... For xmlsec-openssl you will need to load CRLs into the KeyManager... And I just found that there is no function to do this :( I'll add one tonight, it is trivial. I've added new xmlSecOpenSSLX509StoreAdoptCrl() function to load CRLs for xmlsec-openssl key manager. Please let me know if you need something else. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Question about Revokeliste
Hi, Can someone please tell my how the check I certificate with the revolke Liste? How I have to load the Revoke List and how to check? Is there maybe an example? thanks ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] How to get Certificate from signed xml file
Hi Aleksey, Well now I got my Certificate from signed xml ;o) Using the following code. key = dsigCtx.signKey; size = xmlSecPtrListGetSize(key-dataList); sdata = (*((dsigCtx).signKey)).dataList; for(pos = 0; pos size; ++pos) { tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key-dataList, pos); if((tmp != NULL) (tmp-id == sdata-id)) return(xmlSecPtrListSet(key-dataList, data, pos)); } But I still don't find a way the export this certificate to my local machine for example c:\mycert.cer. Thanks for any help -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Dienstag, 02. Mai 2006 17:45 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] How to get Certificate from signed xml file Well i find my certificate, but how to export now? I believe you found the key, not certificate. Look at KeyData objects in this key. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] How to get Certificate from signed xml file
Hi, How I can get the certificate from a signed xml file and save this vertificate as a file on my local machine? Thanks for any help ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] How to verify
Hi everybody, I sign a xml file, but how somebody can check this signature now if I give him this file? The signatur looks like this. [] dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI= dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValueKNp1ir+3R4HXMHr9PCHje7DYqY0=/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValueG613XWM8mu88tgQm8EMXDOgiU7sBASKGeyUMkbEfEwTqq0VY937eB/aZXHYyhvQw ld8IoTIBUN8vn6J/cyr6BW1GcHYkml9pyTnslrRVQB2jLroyJyEiTjaYiV4O1vRc gUSZRiUd/MNs97R5yn5XdJrT9F0l8K1hObXcz7z1gMg=/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:X509Data X509Certificate xmlns=http://www.w3.org/2000/09/xmldsig#;MIIFezCCBGOgAwIBAgICA5MwDQYJKoZIhvcNAQEFBQAwgcwxCzAJBgNVBAYTAkFU MRAwDgYDVQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExOjA4BgNVBAoTMUFS R0UgREFURU4gLSBBdXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3RlY3Rpb24x JTAjBgNVBAsTHEEtQ0VSVCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UxGDAWBgNVBAMT D0EtQ0VSVCBBRFZBTkNFRDEdMBsGCSqGSIb3DQEJARYOaW5mb0BhLWNlcnQuYXQw HhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MDAwMDAwWjCBqjELMAkGA1UEBhMCQVQx EjAQBgNVBAcTCU1hdWVyYmFjaDEtMCsGA1UEChMkVGVzdDogTUVTT05JQyBEYXRl bnZlcmFyYmVpdHVuZyBHbWJIMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEfMB0GA1UE AxMWSnVlcmdlbiBIZWlzcywgIChUZXN0KTEhMB8GCSqGSIb3DQEJARYSamhlaXNz QG1lc29uaWMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAWFbBhGXf YGinmUA7UD9C2Wp8HeR5V8LlWMXYXvwE25AjkhRFA6dCioO3m6kI+vTILMw1ZTaL A1jqIGuD5dB6rPkiNy0/WAO/kuBGcWLZqoAE486QZBXoIbUz8h83TDgHExwKJ+Ri Q10OKnoEspYPuVLFeAIHEnJnrpkIVuPXDQIDAQABo4ICCTCCAgUwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUfdYGf3dEJccoa1DrTQ0D9VbMIOcwHwYDVR0jBBgwFoAU N38+PplxYMok1JETedB0KbSoJNgwHQYDVR0RBBYwFIESamhlaXNzQG1lc29uaWMu Y29tMC8GA1UdEgQoMCaBDmluZm9AYS1jZXJ0LmF0hhRodHRwOi8vd3d3LmEtY2Vy dC5hdDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LmEtY2VydC5hdC9zdGF0 aWMvYWR2YW5jZWQuY3JsMA4GA1UdDwEB/wQEAwIE8DAxBggrBgEFBQcBAQQlMCMw IQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmEtY2VydC5hdDARBglghkgBhvhCAQEE BAMCBPAwUQYDVR0gBEowSDBGBggqKAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRw Oi8vd3d3LmEtY2VydC5hdC9jZXJ0aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgB hvhCAQgELhYsaHR0cDovL3d3dy5hLWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5 Lmh0bWwwNAYJYIZIAYb4QgENBCcWJUEtQ0VSVCBBRFZBTkNFRCBDZXJ0aWZpY2F0 aW9uIFNlcnZpY2UwDgYHKigAGAQBAAQDAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAN GWHWLZHDXGJeISXmONePjdLKBay4jOiUzrN+xBeCwX5nwoAzOgs/F75x1vDE2NTb Q2LLjlXJlTXwTDlZEt05GhHc7Ic6uX99pSrc2iWTyGP+XxnjV4CPB9y0nOLOHrVc IdrTzfGgEtOSBVm3cO6FCwdFJKhRjf+vW9C7vkFhqFQoO/9lM2YILvFyvoi1jnZG rjEFEbx/Gi9dMZbic/agIThnyCBs4PieIN5bEo0AaOrRC0Lj0/QNrXHh/S85pYsK b1EICz/rpRHwpDZ1kxORCeW9Z13yCadInNdgYtdHLXJi1W50Jl6CFJF89BJDMiXd ujw/yFRWk2wEmHn3NBtn/X509Certificate X509SubjectName xmlns=http://www.w3.org/2000/09/xmldsig#;[EMAIL PROTECTED], CN=Juergen Heiss, (Test), OU=Development, O=Test: MESONIC Datenverarbeitung GmbH, L=Mauerbach, C=AT/X509SubjectName X509IssuerSerial xmlns=http://www.w3.org/2000/09/xmldsig#; X509IssuerName[EMAIL PROTECTED], CN=A-CERT ADVANCED, OU=A-CERT Certification Service, O=ARGE DATEN - Austrian Society for Data Protection, L=Vienna, S=Austria, C=AT/X509IssuerName X509SerialNumber915/X509SerialNumber /X509IssuerSerial /dsig:X509Data /dsig:KeyInfo /dsig:Signature [] Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] How to verify
Here is a signed XML file, can you try to verify this? Thanks -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 20. April 2006 16:56 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] How to verify I sign a xml file, but how somebody can check this signature now if I give him this file? The signatur looks like this. Hm... I am not sure I understand your question. Aleksey ?xml version=1.0 encoding=ISO-8859-1? ?xml-stylesheet type=text/xsl href=MESOinvoice.xslt? Invoice xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:noNamespaceSchemaLocation=Invoice.xsd GeneratingSystem=MESONIC WINLine 8.4 (Build 1109) SchemaVersion=1.0 dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI= dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValueKNp1ir+3R4HXMHr9PCHje7DYqY0=/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValueG613XWM8mu88tgQm8EMXDOgiU7sBASKGeyUMkbEfEwTqq0VY937eB/aZXHYyhvQw ld8IoTIBUN8vn6J/cyr6BW1GcHYkml9pyTnslrRVQB2jLroyJyEiTjaYiV4O1vRc gUSZRiUd/MNs97R5yn5XdJrT9F0l8K1hObXcz7z1gMg=/dsig:SignatureValue dsig:KeyInfo dsig:KeyNameJuergen Heiss, (Test)/dsig:KeyName dsig:X509Data X509Certificate xmlns=http://www.w3.org/2000/09/xmldsig#;MIIFezCCBGOgAwIBAgICA5MwDQYJKoZIhvcNAQEFBQAwgcwxCzAJBgNVBAYTAkFU MRAwDgYDVQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExOjA4BgNVBAoTMUFS R0UgREFURU4gLSBBdXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3RlY3Rpb24x JTAjBgNVBAsTHEEtQ0VSVCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UxGDAWBgNVBAMT D0EtQ0VSVCBBRFZBTkNFRDEdMBsGCSqGSIb3DQEJARYOaW5mb0BhLWNlcnQuYXQw HhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MDAwMDAwWjCBqjELMAkGA1UEBhMCQVQx EjAQBgNVBAcTCU1hdWVyYmFjaDEtMCsGA1UEChMkVGVzdDogTUVTT05JQyBEYXRl bnZlcmFyYmVpdHVuZyBHbWJIMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEfMB0GA1UE AxMWSnVlcmdlbiBIZWlzcywgIChUZXN0KTEhMB8GCSqGSIb3DQEJARYSamhlaXNz QG1lc29uaWMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAWFbBhGXf YGinmUA7UD9C2Wp8HeR5V8LlWMXYXvwE25AjkhRFA6dCioO3m6kI+vTILMw1ZTaL A1jqIGuD5dB6rPkiNy0/WAO/kuBGcWLZqoAE486QZBXoIbUz8h83TDgHExwKJ+Ri Q10OKnoEspYPuVLFeAIHEnJnrpkIVuPXDQIDAQABo4ICCTCCAgUwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUfdYGf3dEJccoa1DrTQ0D9VbMIOcwHwYDVR0jBBgwFoAU N38+PplxYMok1JETedB0KbSoJNgwHQYDVR0RBBYwFIESamhlaXNzQG1lc29uaWMu Y29tMC8GA1UdEgQoMCaBDmluZm9AYS1jZXJ0LmF0hhRodHRwOi8vd3d3LmEtY2Vy dC5hdDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LmEtY2VydC5hdC9zdGF0 aWMvYWR2YW5jZWQuY3JsMA4GA1UdDwEB/wQEAwIE8DAxBggrBgEFBQcBAQQlMCMw IQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmEtY2VydC5hdDARBglghkgBhvhCAQEE BAMCBPAwUQYDVR0gBEowSDBGBggqKAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRw Oi8vd3d3LmEtY2VydC5hdC9jZXJ0aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgB hvhCAQgELhYsaHR0cDovL3d3dy5hLWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5 Lmh0bWwwNAYJYIZIAYb4QgENBCcWJUEtQ0VSVCBBRFZBTkNFRCBDZXJ0aWZpY2F0 aW9uIFNlcnZpY2UwDgYHKigAGAQBAAQDAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAN GWHWLZHDXGJeISXmONePjdLKBay4jOiUzrN+xBeCwX5nwoAzOgs/F75x1vDE2NTb Q2LLjlXJlTXwTDlZEt05GhHc7Ic6uX99pSrc2iWTyGP+XxnjV4CPB9y0nOLOHrVc IdrTzfGgEtOSBVm3cO6FCwdFJKhRjf+vW9C7vkFhqFQoO/9lM2YILvFyvoi1jnZG rjEFEbx/Gi9dMZbic/agIThnyCBs4PieIN5bEo0AaOrRC0Lj0/QNrXHh/S85pYsK b1EICz/rpRHwpDZ1kxORCeW9Z13yCadInNdgYtdHLXJi1W50Jl6CFJF89BJDMiXd ujw/yFRWk2wEmHn3NBtn/X509Certificate X509SubjectName xmlns=http://www.w3.org/2000/09/xmldsig#;[EMAIL PROTECTED], CN=Juergen Heiss, (Test), OU=Development, O=Test: MESONIC Datenverarbeitung GmbH, L=Mauerbach, C=AT/X509SubjectName X509IssuerSerial xmlns=http://www.w3.org/2000/09/xmldsig#; X509IssuerName[EMAIL PROTECTED], CN=A-CERT ADVANCED, OU=A-CERT Certification Service, O=ARGE DATEN - Austrian Society for Data Protection, L=Vienna, S=Austria, C=AT/X509IssuerName X509SerialNumber915/X509SerialNumber /X509IssuerSerial /dsig:X509Data /dsig:KeyInfo /dsig:Signature InvoiceNumberFA-2335/InvoiceNumber InvoiceDate2006-04-12/InvoiceDate Delivery Date2006-04-12/Date Address SalutationFirma/Salutation NameAnnas Sportwelt/Name StreetLinzer Str. 12/Street TownAltheim/Town ZIP4950/ZIP CountryÖsterreich/Country ContactHerr Sebastian/Contact /Address /Delivery Biller Address NameLorentschitsch GmbH/Name TownSalzburg/Town ZIP5020/ZIP CountryA/Country Phone+43 1 970 30/Phone Email[EMAIL PROTECTED]/Email ContactHerr Walter/Contact /Address /Biller InvoiceRecipient BillersInvoiceRecipientID230A001/BillersInvoiceRecipientID Address SalutationFirma/Salutation NameAnnas Sportwelt/Name StreetLinzer Str. 12/Street TownAltheim/Town ZIP4950/ZIP CountryÖsterreich/Country ContactHerr Sebastian/Contact /Address /InvoiceRecipient Details ItemList ListType=structured
[xmlsec] RE: Sign more the one document
Hi Alexsey, How can I make a template with refereces to three files? For examples d:\invoice1.xml, d:\invoice2.xml;d:\invoice 3.xml? Thanks in advance Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Help by References
Sorry this was an posting mistake from my side ;o( It look like this. ?xml version=1.0 encoding=UTF-8? dsig:Signature xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ dsig:Reference URI=file:///D:/invoice.xml dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/ /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ dsig:DigestValue/dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValue /dsig:SignatureValue dsig:KeyInfo dsig:KeyName/dsig:KeyName dsig:X509Data dsig:X509Certificate/dsig:X509Certificatedsig:X509SubjectName/dsig:X509SubjectNamedsig:X509IssuerSerial/dsig:X509IssuerSerial /dsig:X509Data /dsig:KeyInfo /dsig:Signature And I get the following errors when I use the command line tool. D:\XMLSec\libxmlsec-1.2.8.win32\binxmlsec sign --crypto mscrypto D:\XMLSec\libxmlsec-1.2.8.win32\bin\rechnung.xml func=xmlSecTransformEnvelopedExecute:file=..\src\enveloped.c:line=108:obj=enveloped-signature:subj=unknown:error=34:same document is required for transform : ;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2371:obj=enveloped-signature:subj=xmlSecTransformExecute:error=1:xmlsec library function f ailed: ;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecParserPushBin:file=..\src\parser.c:line=222:obj=xml-parser:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: ;last error=0 (0x );last error msg=The operation completed successfully. func=xmlSecTransformPump:file=..\src\transforms.c:line=1634:obj=xml-parser:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: ;last error= 0 (0x);last error msg=The operation completed successfully. func=xmlSecTransformCtxUriExecute:file=..\src\transforms.c:line=1160:obj=unknown:subj=xmlSecTransformPump:error=1:xmlsec library function failed:uri=file:/ //D:/invoice.xml;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1280:obj=unknown:subj=xmlSecTransformCtxUriExecute:error=1:xmlsec library function failed: ;la st error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: ; last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function f ailed:node=Reference;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function f ailed: ;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last erro r=0 (0x);last error msg=The operation completed successfully. Error: signature failed Error: failed to sign file D:\XMLSec\libxmlsec-1.2.8.win32\bin\rechnung.xml Any Ideas? Thanks for any help Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Sign more the one document
Hi everbody, I signed a document with xmlSec using an aladdin token. With the help from Ed this works fine. I used the command line tool. Xmlsec sign --crypt mscrpto --output d:\signed.xml d:\template.xml So now my question, is there a way to sign directly more files. For example invoice1 , invoice2, invoice3? Thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Question about card readers
Hi Aleksey, Is there a way to use XMLSec with Chip Card Readers? thanks in advance Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] KeysManager
Hi, I wrote a small programm which create a KeyManager and loads PEM Keys from File. Now I whant to save the Keymanger, is this possible? Thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Static Libraries
Hi, Is there someone who compiled the xmlsec library already as static? I need a static version, but I can't build one ;o( PLEASE HELP Thanks Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] How to get keys
Hi, I tried to create a keypair. I works fine, but how can I write thiskeypair to a file now? Is there dome function for this. short Code xmlSecKeyPtr key = xmlSecKeyGenerate(xmlSecKeyDataRsaId, 512, xmlSecKeyDataTypePermanent);int res = xmlSecKeyIsValid(key);xmlSecKeyDataPtr keydata = xmlSecKeyGetValue (key);res = xmlSecKeyDataGenerate( key-value, 512, xmlSecKeyDataTypeTrusted ); ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Compile xmlsec static
Hi Aleksey, so I compiled the lib2xml by myself. After I tried to compile the xmlsec library once (static) But I still got 3 error, can you please tell me what went wrong? Thanks, Jürgen Generating Code... link.exe /nologo /LIBPATH:binaries /LIBPATH:D:\xmlsec1-1.2.9\lib /OPT:NOWIN98 /OUT:binaries\xmlseca.exe libxmlsec_a.lib libxmlsec-openssl_a.lib libxml2_a.lib libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib apps_a.int\crypto.obj apps_a.int\cmdline.obj apps_a.int\xmlsec.objlibxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv referenced in function _xmlIconvWrapperlibxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv_close referenced in function _xmlCharEncCloseFunclibxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv_open referenced in function _xmlFindCharEncodingHandlerbinaries\xmlseca.exe : fatal error LNK1120: 3 unresolved externalsNMAKE : fatal error U1077: 'link.exe' : return code '0x460'Stop. D:\xmlsec1-1.2.9\win32 ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Question about keypairs
Well this is what I try to do, but I seem to doesn't work ;o( keyPair = xmlSecKeyGenerate(xmlSecKeyDataRsaId, 1024, xmlSecKeyDataTypePrivate); -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 02. Februar 2006 16:43 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Question about keypairs Not sure I understand your question exactly... but probably you should look at the crypt library (openssl, nss, mscrypto, ...) for the functionality you need. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Question about keypairs
Hi, I tryed to compile the xmlsec static, it compiles fine, but when I try to link I get the following errors: Do you have some ideas, our can I download the static library from somewhere? Thanks in advance, Jürgen Linking errors Microsoft (R) Program Maintenance Utility Version 7.10.3077 Copyright (C) Microsoft Corporation. All rights reserved. link.exe /nologo /LIBPATH:binaries /LIBPATH:D:\xmlsec1-1.2.9\lib /OPT:NOWIN98 /OUT:binaries\xmlseca.exe libxmlsec_a.lib libxmlsec-openssl_a.li b libxml2_a.lib libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib apps_a.int\crypto.obj apps_a.int\cmdline.obj apps_a.int\xmlsec.obj libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzopen referenced in function _xmlGzfileOpen_real libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzdopen referenced in function _xmlGzfileOpen_real libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzread referenced in function _xmlGzfileRead libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzwrite referenced in function _xmlGzfileWrite libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzclose referenced in function _xmlGzfileClose libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _deflateEnd referenced in function _xmlFreeZMemBuff libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _crc32 referenced in function _xmlCreateZMemBuff libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _deflateInit2_ referenced in function _xmlCreateZMemBuff libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _deflate referenced in function _xmlZMemBuffAppend libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzrewind referenced in function ___xmlParserInputBufferCreateFilename libxml2_a.lib(nanohttp.obj) : error LNK2019: unresolved external symbol _inflateEnd referenced in function _xmlNanoHTTPFreeCtxt libxml2_a.lib(nanohttp.obj) : error LNK2019: unresolved external symbol _inflateInit2_ referenced in function _xmlNanoHTTPScanAnswer libxml2_a.lib(nanohttp.obj) : error LNK2019: unresolved external symbol _inflate referenced in function _xmlNanoHTTPRead libxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv referenced in function _xmlIconvWrapper libxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv_close referenced in function _xmlCharEncCloseFunc libxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv_open referenced in function _xmlFindCharEncodingHandler binaries\xmlseca.exe : fatal error LNK1120: 16 unresolved externals NMAKE : fatal error U1077: 'link.exe' : return code '0x460' Stop. D:\xmlsec1-1.2.9\win32 ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Question about keypairs
Hi again, Well if I build a non-static version everything works fine, this happen just if I try to build static version. The library iconv_a.lib I link, but its still doesn't work. -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Freitag, 03. Februar 2006 08:40 To: Jürgen Heiss Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Question about keypairs libxml2_a.lib(xmlIO.obj) : error LNK2019: unresolved external symbol _gzopen referenced in function _xmlGzfileOpen_real ... You need to link with libgz libxml2_a.lib(encoding.obj) : error LNK2019: unresolved external symbol _libiconv referenced in function _xmlIconvWrapper ... You need to link with libiconv Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Verify XML-File
Hi, I signed a XML-File with a dummy certificate (using the name Mr. Max. Dummy). The file was signed without any problem. So, the problem is now that I don't know how to get the information about the the certificate signer when I verify the xml File. Is there a way to get the Certificate information, about who was signing the sml document? Thanks in advance Jürgen ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec