Re: [xmlsec] Problem with ver 0.0.11

Sun, 08 Dec 2002 18:30:24 -0800

This is not a surprise for me at all. You are signing *everything* in the document
includingthe <dsig:Signature> node subtree. Which means that you never get
it verified:
- when you are signing the <dsig:SignatureValue> is not yet calculated
(i.e. empty)
- when you are verifying the <dsig:SignatureValue> has a non-empty value
and, of course, the digest is *different*

Probably, you want to add an enveloped transform

...
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; />
</Transforms>

To exclude <dsig:Signature> subtree.

Aleksey


kltsai wrote:

Hi aleksey and igor:

I am sorry to make such a big mistake. In fact, I downloaded
v0.0.10 from Mr. Igor's site. But I still have some problem with he
example:

<?xml version="1.0"?>
<IFX>
<Data1 Id="anchor1">
<Name>May</Name>
</Data1>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="[EMAIL PROTECTED]">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; />
<Reference URI="#xpointer(/)">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyValue/>
</KeyInfo>
</Signature></IFX>


And it causes the following message:
C:\temp\xmlsec-0.0.11\TestApp\Debug>testapp verify kltsai6.xml
(c:\temp\xmlsec-0.0.11\src\xmldsig.c:1493): error 51: invalid reference :
= Status:
== Signatures ok: 0
== Signatures fail: 1
== SignedInfo Ref ok: 0
== SignedInfo Ref fail: 1
== Manifest Ref ok: 0
== Manifest Ref fail: 0
FAIL
Error: operation failed

I debug into the sourse code, and find it means verification stage gets
different digestvalue from DigestValue node. It doesn't stand for xmlSec
does not recognize reference node. I am still trying to find out the
problem. Does anyone have any idea about my problem? Thanks in
advance~~~


kltsai


_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to