hi Markus sorry to bother you again, I ve got one last question
I can see in the xmldsig norm that the signature of a file is applied only to the content of the <signedinfo> tag So, given the <authsignature> tag is not included in the signed part of the file, logically I could change the <authsignature> tag in <signature> without corrupting my signed file could nt I?? I tested that on my signed xml file, and the verify test failed. But since I m doing a kind of reverse ingeneering, I m not sure weither this failed verification is due to the tad change I did, or either is due to the key I used... thanks again! Seb > -----Message d'origine----- > De : Markus Lindner [mailto:[EMAIL PROTECTED] > Envoyé : mercredi 19 septembre 2007 18:34 > À : Sébastien Brossard > Cc : [EMAIL PROTECTED]; xmlsec@aleksey.com > Objet : RE: [xmlsec] Error: failed to find default node with > name='Signature' > > > hello sebastian, > > I got the same problem some years ago, they have to change to Signature, > otherwise it is no XML-Dsig anymore! (my problem was that the node was > defined <ds:Signature> which did not work). I think they want their XML to > use an industry-standard, don't they? > Otherwise you have to change xmlsec (or any other library which could be > used, in java, in .net) to include AuthSignature, which is silly. > > greetings > > > On Wed, September 19, 2007 6:14 pm, Sébastien Brossard wrote: > > Thanks Markus for your swift answer. > > > > > > The problem is I can't change this dam' "AuthSignature"... > > the XML file I have to verify comes from a german software with > who my own > > soft have to exchange data... so I can't change the schema element! > > > > aïe aïe... am I really stucked as I feared?? > > > > > >> -----Message d'origine----- > >> De : Markus Lindner [mailto:[EMAIL PROTECTED] > >> Envoyé : mercredi 19 septembre 2007 17:48 > >> À : Sébastien Brossard > >> Cc : xmlsec@aleksey.com > >> Objet : Re: [xmlsec] Error: failed to find default node with > >> name='Signature' > >> > >> > >> hello, > >> > >> change the schema-element from AuthSignature to Signature. I think it > >> the only way to go. see also http://www.w3.org/2000/09/xmldsig on > >> XML-Dsig. > >> > >> > >> greetings > >> > >> On Wed, September 19, 2007 4:52 pm, Sébastien Brossard wrote: > >> > >>> Hi! > >>> > >>> > >>> > >>> I ve got a problem trying to verify the following XML file, using the > >>> command line xmlsec "xmlsec verify --ignore-manifests > >> --keys-file cle.xml > >> > >>> c:\temp\in.tmp" : > >>> > >>> > >>> > >>> <?xml version="1.0" encoding="UTF-8"?> > >>> <ebicsNoPubKeyDigestsRequest Revision="1" Version="H001" > >>> xsi:schemaLocation="http://www.ebics.org/H001 > >>> http://www.ebics.org/H001/ebics_keymgmt_request.xsd"; > >>> xmlns="http://www.ebics.org/H001"; > >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >>> <header authenticate="true"> > >>> <static> > >>> <HostID>EBICSFR</HostID> > >>> <Nonce>81EED1B73EB2018A2BF5534E70FB3E03</Nonce> > >>> <Timestamp>2007-09-04T13:27:24.078Z</Timestamp> > >>> <PartnerID>SEB</PartnerID> > >>> <UserID>USERID</UserID> > >>> <OrderDetails> > >>> <OrderType>HPB</OrderType> > >>> <OrderAttribute>DZHNN</OrderAttribute> > >>> </OrderDetails> > >>> <SecurityMedium>0400</SecurityMedium> > >>> </static> > >>> <mutable/> > >>> </header> > >>> <AuthSignature> > >>> <ds:SignedInfo> > >>> <ds:CanonicalizationMethod > >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > >>> <ds:SignatureMethod > >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > >>> <ds:Reference URI="#xpointer(//[EMAIL PROTECTED]'true'])"> > >>> <ds:Transforms> > >>> <ds:Transform > >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > >>> </ds:Transforms> > >>> <ds:DigestMethod > >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > >>> <ds:DigestValue>C5MeIHgIP6zcYdaIUZoccO0/Kog=</ds:DigestValue> > >>> </ds:Reference> > >>> </ds:SignedInfo> > >>> > >>> > >> <ds:SignatureValue>Hl1OgqOASmyiL/QYNE65UOky5Grx3ywDBafoWCg5PKNDpED8E0Pr > >> Ecf > >> > >>> KA > >>> > >>> > >> f32Yk2ZlLAkKaoS9IaQYT7CgGKWzQMh1jzcUmguTKuw0+o8LAo6oX7J8KUNsea1tKS4dDwL > >> 9+e > >> > >>> oO v9HptHdsJZVMTwnlfg3tzcz2sCDZy039+aBpX4=</ds:SignatureValue> > >>> </AuthSignature> > >>> <body/> > >>> </ebicsNoPubKeyDigestsRequest> > >>> > >>> > >>> > >>> > >>> The error is : "Error: failed to find default node with > >>> > >> name="Signature"" > >>> Have you got any idea about how to change the default node name from > >>> "Signature" to "AuthSignature"? > >>> This XML file I have to check is sent to me by a third-part > >>> > >> software, so I > >>> can't do anything about it, the "AuthSignature" thing is mandatory... > >>> > >>> > >>> It seems like I m in a dead end, but maybe there's a solution right > >>> in front of me that I could nt see?? I wish! > >>> > >>> Anyway, thanks in advance for your help. > >>> > >>> > >>> > >>> Best regards, > >>> > >>> > >>> > >>> Sébastien > >>> _______________________________________________ > >>> xmlsec mailing list xmlsec@aleksey.com > >>> http://www.aleksey.com/mailman/listinfo/xmlsec > >>> > >>> > >>> > >> > >> > >> > > > > > > > _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
