Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 56724 invoked from network); 21 Feb 2007 19:38:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Feb 2007 19:38:20 -0000 Received: (qmail 62202 invoked by uid 500); 21 Feb 2007 19:38:27 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 62189 invoked by uid 500); 21 Feb 2007 19:38:26 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 62178 invoked by uid 99); 21 Feb 2007 19:38:26 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 11:38:26 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jlcooke@certainkey.com designates 134.117.69.104 as permitted sender) Received: from [134.117.69.104] (HELO certainkey.com) (134.117.69.104) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 11:38:16 -0800 Received: from jlcooke by certainkey.com with local (Exim 4.50) id 1HJxHf-0002GP-1o for security-dev@xml.apache.org; Wed, 21 Feb 2007 14:37:47 -0500 Date: Wed, 21 Feb 2007 14:37:47 -0500 From: Jean-Luc Cooke To: security-dev@xml.apache.org Subject: Microsoft Office12 Postmark will not verify Message-ID: <20070221193747.GT9039@certainkey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i X-Virus-Checked: Checked by ClamAV on apache.org Hello team, I tried to verify the following XML file (not a root'd web cert, sorry): https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml Using the org.apache.xml.security.samples.signature.VerifySignature class that is found in src_samples directory and got this: java -cp .:../libs/xmlsec-1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar org.apache.xml.security.samples.signature.VerifySignature Word-plugin-signature.xml Try to verify file:Word-plugin-signature.xml Could find a X509Data element in the KeyInfo Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify INFO: Verification successful for URI "#idPackageObject" Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify INFO: Verification successful for URI "#idOfficeObject" Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify WARNING: Verification failed for URI "#idsigInvalidImage" Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify WARNING: Verification failed for URI "#idsigValidImage" The XML signature in file file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-plugin-signature.xml is invalid !!!!! (bad) Object= It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage" are failing. I have two questions: 1) How can I pragmatically find out why the signature failed verification? From what I can see the only way is to look at the log4j output. 2) Passing the XML file above into Aleksey's xmlsec1 app it passes. What's different? Thanks JLC