santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthias Niggemeier"...@thias.de>
Subject RE: Verifying RSA
Date Wed, 17 Aug 2005 08:36:01 GMT
Milan,
thats a bit problematic since i have only "real" data for testing,
so i don't think that my customer would be amused if i post the file here.
Is there any program available which is able to verify a dsig? I googled
around and found none :-(

Should the code work? (as far as it is possible to say without debugger) 

Kind regards

Matthias

> -----Original Message-----
> From: Milan Tomic [mailto:milan@setcce.org] 
> Sent: Wednesday, August 17, 2005 9:31 AM
> To: security-dev@xml.apache.org
> Subject: RE: Verifying RSA
> 
> 
> Could you post your XML file here for analisys?
> 
> Have you tried to verify signature with some other library like Apache
> XSEC Java library?
> 
> Best regards,
> Milan
> 
> 
> > -----Original Message-----
> > From: Matthias Niggemeier [mailto:M@thias.de] 
> > Sent: Wednesday, August 17, 2005 9:19 AM
> > To: security-dev@xml.apache.org
> > Subject: Verifying RSA
> > 
> > 
> > Hi there,
> > I have a problem verifying a signed xml doc. My doc looks like this:
> > 
> > ... xml snipped ...
> > </Product>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod 
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 
> > /> <SignatureMethod 
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
> > <Reference URI=""> <Transforms> <Transform 
> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu
> > re" /> </Transforms> <DigestMethod 
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
> > <DigestValue>abcde</DigestValue> </Reference> </SignedInfo>

> > <SignatureValue>abcdefg</SignatureValue>
> > </Signature>
> > 
> > When I try to verify, I get an error
> > 
> > Reference URI="" failed to verify
> > 
> > What is wrong? The sender of the xml doc persists that the 
> > signature is valid. My code to verify:
> > 
> > bool LoadValidateRSA(tstring sURI)
> > {
> >     xercesc::DOMDocument *doc = NULL;   
> >     XSECProvider prov;
> >     DSIGSignature* sig = NULL;
> >     XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL;
> > 	WinCAPICryptoKeyRSA* pRSA = NULL;
> > 	WinCAPICryptoProvider WCProv;
> > 
> > 	builder = 
> > GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa
> > tionLS::MODE_SYNCHRONOUS,0);
> >       builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true);
> >       doc = builder->parseURI(X(sURI));
> > 
> > 	pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA();
> > 	sig = prov.newSignatureFromDOM(doc); 
> > 	char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped
> > 	char cExponent[] = "ABCD";
> > 	
> > 	pRSA->loadPublicExponentBase64BigNums(cExponent, 
> > (unsigned int) strlen(cExponent));
> > 	pRSA->loadPublicModulusBase64BigNums(cModulus, 
> > (unsigned int) strlen(cModulus));
> > 	
> > 	sig->load();
> > 	sig->setSigningKey(pRSA);
> > 	bVerifyOK = sig->verify();
> > }
> > 
> > I looked at the samples, but they didn't help me further 
> than this :-(
> > 
> > Regards
> > 
> > Matthias
> > 
> 


Mime
View raw message