[xmlsec] Key Manager with multiple key

Mon, 10 Mar 2008 09:29:27 -0700 

Hi,

I am using libxmlsec1 1.2.9-5 and libssl0.9.7.
I am using the simple key manager as provided by xmlsec.

May I ask whether the default manager class supports loading of multiple keys?
I failed to verify a signed document after loading a list of keys (mix
of correct and false PU keys).
Meanwhile, if I load only the correct key, signature verifies correctly.

Any help will be much appreciated. Thanks!

Br, Pern Hui


Program adopted from the example
=====================

        key = xmlSecCryptoAppKeyLoad(keyfile, xmlSecKeyDataFormatPem,
NULL, NULL, NULL);
        if(xmlSecKeySetName(key, BAD_CAST keyfile) < 0) {
            fprintf(stderr,"Error: failed to set key name for key from
\"%s\"\n", keyfile);
            xmlSecKeyDestroy(key);
            return(-1);
        }
                
        if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
                fprintf(stderr,"Error: failed to add key from \"%s\" to keys
manager\n", keyfile);
            xmlSecKeyDestroy(key);
            return(-1);
        }


Signature verification fails when i load 2 keys into the manager
=====================================

__loaded key "public/[EMAIL PROTECTED]"
__loaded key "public/[EMAIL PROTECTED]"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/[EMAIL 
PROTECTED];err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
do not match:signature do not match


Verification succeeds if i load only alice's key into the manager
====================================

__loaded key "public/[EMAIL PROTECTED]"
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=FI/ST=Helsinki/L=Helsinki/O=test/OU=Student/CN=Alice/[EMAIL 
PROTECTED];err=20;msg=unable
to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
__signature OK
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to