[EGB] Re: [xmlsec] [Q.] verification fail (can not find KeyInfo)

2003-01-10 Thread EGB:[EMAIL PROTECTED] (Blusjune Jung / Daum.net) 

A. Sanin  As far as I can understand the spec, 
A. Sanin  
A. Sanin  dsig:RetrievalMethod 
A. Sanin  Type=http://www.w3.org/2000/09/xmldsig#RSAKeyValue; .../ 
A. Sanin  should point to dsig:RSAKeyValue/ element.In your XML it points to 
A. Sanin  dsig:KeyInfo/ 
A. Sanin  element which seems wrong to me. I would agree that the XML DSig is not 
A. Sanin  fully clear 
A. Sanin  here but I believe there was a disussion in XML DSig working group 
A. Sanin  mailing list about this. 
A. Sanin  However, I might be wrong and it'll be great to get second opinion on 
A. Sanin  this. Rich? 
A. Sanin  
A. Sanin  Aleksey 

Hi~
Sorry for late reply to your mail. ^^;;


Let me talk about the above topic:

According to the XML-Signature Syntax and Processing document
of which version is W3C Recommendation 12 February 2002, 
we can see the following statement in section 4.4.3:

4.4.3 The RetrievalMethod Element 
A RetrievalMethod element within KeyInfo is used
to convey a reference to KeyInfo information that is stored at another 
location.


So, I think that statement means the very target RetrievalMethod/
actually points can be KeyInfo/ element.

The ``Type'' attribute value itself in dsig:RetrievalMethod
Type=http://www.w3.org/2000/09/xmldsig#RSAKeyValue; .../ is to indicate
RSAKeyValue/ element, but I think that is just to determine and notify
the type of sub(child) element in KeyInfo/, and (may) not to directly point
the RSAKeyValue element. (just was my thought. ^^)

What do you think about my opinion?


Have a nice weekend!  :)



P.S.

Currently, I've got solved my problmatic situation by the quick-and-dirty way.   :)
(Here's the output of diff(1) against the modified source (keyinfo.c))

$ diff -u keyinfo.c.original keyinfo.c
--- keyinfo.c.original  Wed Jan  8 15:45:58 2003
+++ keyinfo.c   Wed Jan  8 15:45:44 2003
@@ -551,7 +551,12 @@
keyName = NULL;
}
} else {
+   xmlNodePtr keyInfoNode = cur;
+
cur = xmlSecGetNextElementNode(cur-next);
+   if (cur == (xmlNodePtr)0) {
+   cur = xmlSecFindChild(keyInfoNode, BAD_CAST KeyValue, 
+xmlSecDSigNs);
+   }
}
 }
 if(keyName != NULL) {






--
To be a rock, and not to roll. 
EGB ::= EternalGoldenBGE
BGE ::= Blusjune'sGotEGB

-x-x-[?]EGB:STONEROSES@MATRIX[!]-x-x- 
| blusjune@EGBSD | ^_^ | stoneroses | 
$ NAME=\
$ Blusjune Jung [EMAIL PROTECTED]
$ PGPKEYID=0x33067610 
-x-x-x Eternal Golden Blusjune x-x-x-
___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] [Q.] verification fail (can not find KeyInfo)

2003-01-07 Thread Aleksey Sanin 
As far as I can understand the spec,

dsig:RetrievalMethod 
Type=http://www.w3.org/2000/09/xmldsig#RSAKeyValue; .../

should point to dsig:RSAKeyValue/ element. In your XML it points to 
dsig:KeyInfo/
element which seems wrong to me. I would agree that the XML DSig is not 
fully clear
here but I believe there was a disussion in XML DSig working group 
mailing list about this.
However, I might be wrong and it'll be great to get second opinion on 
this. Rich?

Aleksey

EGB:STONEROSES@MATRIX (Blusjune Jung / Daum.net) wrote:

Hi, aleksey ~   :)

At first, really thank you for your good ``xmlsec'' library!!!

I have one curious question.. ^^
Would you explain the reason of the following result?

By use of xml.apache.org XML library,
my partner (in my XML team) has created XML-signed message
which uses RetrievalMethod to get the public key to verify.

I've got that message and tried to verify it,
but the result of operation is fail.

What's my or my partner's mistake?
How can I solve this problem?
Thank you for your reading!  ^^



The following is XML-signed message (to be verified):
=




___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] [Q.] verification fail (can not find KeyInfo)

2003-01-07 Thread Rich Salz 
dsig:RetrievalMethod 
Type=http://www.w3.org/2000/09/xmldsig#RSAKeyValue; .../

I totally agree with you; this means that it is expecting to see a 
dsig:RSAKeyValue element.  That last paragraph of sec 4.4.3 make that, 
err, uhm, clear: an element or document with that element as the root

	/r$

___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] [Q.] verification fail (can not find KeyInfo)

2003-01-07 Thread Aleksey Sanin 
Thanks for confirmation!

Aleksey.

Rich Salz wrote:


dsig:RetrievalMethod 
Type=http://www.w3.org/2000/09/xmldsig#RSAKeyValue; .../


I totally agree with you; this means that it is expecting to see a 
dsig:RSAKeyValue element.  That last paragraph of sec 4.4.3 make 
that, err, uhm, clear: an element or document with that element as 
the root

/r$

___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec



___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec