santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthias Niggemeier"...@thias.de>
Subject RE: Verifying RSA
Date Wed, 17 Aug 2005 10:18:32 GMT
Milan,
thanks for your hints. My code is ok, the signature is broken
(they first sign then prettyprint :-) )
I used xmlsec command line to verify the file.

Greetings

Matthias 

PS (realizing your mailadress :-):
Is it possible to tell the setcce-tool which public key to use? 

> -----Original Message-----
> From: Matthias Niggemeier [mailto:M@thias.de] 
> Sent: Wednesday, August 17, 2005 11:07 AM
> To: security-dev@xml.apache.org
> Subject: RE: Verifying RSA
> 
> Thanks for the hints. With setcce, i cannot verify against 
> the public key.
> xmlsec works, but i cannot tell the lib which public key to use, since
> i only have the exponent and modulus in base64, but xmlsec 
> wants pem/der-files.
> Any idea how to get them from the exponent/modulus pair?
> 
> Regards
> 
> Matthias 
> 
> > -----Original Message-----
> > From: Milan Tomic [mailto:milan@setcce.org] 
> > Sent: Wednesday, August 17, 2005 10:48 AM
> > To: security-dev@xml.apache.org
> > Subject: RE: Verifying RSA
> > 
> > 
> > You can try to validate signature with those toolkits:
> > 
> > 1. Download trial:
> > 
> > http://www.setcce.si/eng/index45c.php
> > 
> > 2. Download XMLSec binaries:
> > 
> > http://www.aleksey.com/xmlsec/download.html
> > 
> > 3. Download Apache XSEC java lib. There are samples how to validate
> > signed doc.
> > 
> > Best regards,
> > Milan
> > 
> > 
> > > -----Original Message-----
> > > From: Matthias Niggemeier [mailto:M@thias.de] 
> > > Sent: Wednesday, August 17, 2005 10:36 AM
> > > To: security-dev@xml.apache.org
> > > Subject: RE: Verifying RSA
> > > 
> > > 
> > > Milan,
> > > thats a bit problematic since i have only "real" data for 
> > > testing, so i don't think that my customer would be amused if 
> > > i post the file here. Is there any program available which is 
> > > able to verify a dsig? I googled around and found none :-(
> > > 
> > > Should the code work? (as far as it is possible to say 
> > > without debugger) 
> > > 
> > > Kind regards
> > > 
> > > Matthias
> > > 
> > > > -----Original Message-----
> > > > From: Milan Tomic [mailto:milan@setcce.org]
> > > > Sent: Wednesday, August 17, 2005 9:31 AM
> > > > To: security-dev@xml.apache.org
> > > > Subject: RE: Verifying RSA
> > > > 
> > > > 
> > > > Could you post your XML file here for analisys?
> > > > 
> > > > Have you tried to verify signature with some other library 
> > > like Apache 
> > > > XSEC Java library?
> > > > 
> > > > Best regards,
> > > > Milan
> > > > 
> > > > 
> > > > > -----Original Message-----
> > > > > From: Matthias Niggemeier [mailto:M@thias.de]
> > > > > Sent: Wednesday, August 17, 2005 9:19 AM
> > > > > To: security-dev@xml.apache.org
> > > > > Subject: Verifying RSA
> > > > > 
> > > > > 
> > > > > Hi there,
> > > > > I have a problem verifying a signed xml doc. My doc looks 
> > > like this:
> > > > > 
> > > > > ... xml snipped ...
> > > > > </Product>
> > > > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > > > > <SignedInfo>
> > > > > <CanonicalizationMethod
> > > > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 
> > > > > /> <SignatureMethod 
> > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
> > > > > <Reference URI=""> <Transforms> <Transform 
> > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu
> > > > > re" /> </Transforms> <DigestMethod 
> > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
> > > > > <DigestValue>abcde</DigestValue> </Reference> </SignedInfo>

> > > > > <SignatureValue>abcdefg</SignatureValue>
> > > > > </Signature>
> > > > > 
> > > > > When I try to verify, I get an error
> > > > > 
> > > > > Reference URI="" failed to verify
> > > > > 
> > > > > What is wrong? The sender of the xml doc persists that the
> > > > > signature is valid. My code to verify:
> > > > > 
> > > > > bool LoadValidateRSA(tstring sURI)
> > > > > {
> > > > >     xercesc::DOMDocument *doc = NULL;   
> > > > >     XSECProvider prov;
> > > > >     DSIGSignature* sig = NULL;
> > > > >     XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL;
> > > > > 	WinCAPICryptoKeyRSA* pRSA = NULL;
> > > > > 	WinCAPICryptoProvider WCProv;
> > > > > 
> > > > > 	builder =
> > > > > GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa
> > > > > tionLS::MODE_SYNCHRONOUS,0);
> > > > >       
> > builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true);
> > > > >       doc = builder->parseURI(X(sURI));
> > > > > 
> > > > > 	pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA();
> > > > > 	sig = prov.newSignatureFromDOM(doc); 
> > > > > 	char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped
> > > > > 	char cExponent[] = "ABCD";
> > > > > 	
> > > > > 	pRSA->loadPublicExponentBase64BigNums(cExponent,
> > > > > (unsigned int) strlen(cExponent));
> > > > > 	pRSA->loadPublicModulusBase64BigNums(cModulus, 
> > > > > (unsigned int) strlen(cModulus));
> > > > > 	
> > > > > 	sig->load();
> > > > > 	sig->setSigningKey(pRSA);
> > > > > 	bVerifyOK = sig->verify();
> > > > > }
> > > > > 
> > > > > I looked at the samples, but they didn't help me further
> > > > than this :-(
> > > > > 
> > > > > Regards
> > > > > 
> > > > > Matthias
> > > > > 
> > > > 
> > > 
> > 
> 


Mime
View raw message