Hi Aleksey Sanin: I sign an XML signature with the following templete with the default dsakey.pem:(testApp sign --privkey dsakey.pem sample1.xml > kltsai6.xml)
========================================================================== <?xml version="1.0"?> <IFX> <Data1 Id="anchor1"> <Name>May</Name> </Data1> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="[EMAIL PROTECTED]"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> <Reference URI="#xpointer(/)"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <KeyValue/> </KeyInfo> </Signature></IFX> ========================================================================== And then I got the following result signature: ========================================================================== <?xml version="1.0"?> <IFX> <Data1 Id="anchor1"> <Name>May</Name> </Data1> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="[EMAIL PROTECTED]"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="#xpointer(/)"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>4x8bEd1KuMZOF4Yvyt9Eh3Y/9hs=</DigestValue> </Reference> </SignedInfo> <SignatureValue>jpbFT2G7aKr5WnZ3zoIXC8eAtwgn6lSqkDYgbuhdT8NguZb6tZKmxA==</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P> imW6KYBPYXAf6itSAuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/U X/rVXv8rbCRjvYFX3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2H Td2/zdTwVsvO+H9l3FahmVp/m2IHE4W27JYoF49qP10= </P> <Q> v/xzWqjRviekk2rMW3wpYspT9Us= </Q> <G> UIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwxy3naPPOCzzou fsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPKZFcjVsdmqg4M X6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EY= </G> <Y> On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjs= </Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature></IFX> ========================================================================== The signing procedure signed silently and successfully. However, the signature seemd wrong because I use "testApp verify kltsai6.xml", and it shows some errors: C:\temp\xmlsec-0.0.11\TestApp\Release>testapp verify kltsai6.xml (C:\temp\xmlsec-0.0.11\src\xmldsig.c:1493): error 51: invalid reference : ========================================================================== = Status: == Signatures ok: 0 == Signatures fail: 1 == SignedInfo Ref ok: 0 == SignedInfo Ref fail: 1 == Manifest Ref ok: 0 == Manifest Ref fail: 0 FAIL Error: operation failed ========================================================================== I realy had no idea, could anyone tell me what happened? Thanks a million~~ kltsai -- _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec