santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Stern <adrian.st...@screenfood.com>
Subject RE: headers to include for example code
Date Wed, 29 May 2013 12:01:42 GMT
Hi Scott

Do you by any chance now how to use these tools? I just can't get anything to work.

My doing so far:
1. Creating an rsa key pair with openssl:
openssl genrsa -out key.pem 2088
openssl rsa -in key.pem -pubout > key.pub

2. Add modulus and exponent:
openssl rsa -modulus -pubin <key.pub
openssl rsa -pubin -inform PEM -text -noout <key.pub

3. Signig my example:
Templatesign -r key.pem  pass123 test.lic > signed.lic

4. Check for changes:
Digest and SignedValue differ!
Exponent and modulus not - as expected

5. Check signature:
checksig signed.lic || echo $?
Signature failed verification
Validation of <SignedInfo> failed
[1]+  Exit 1                  checksig signed.lic
1


So everything seems to work fine but I still can't verify the signature. If you have some
working example lying around I would appreciate if you could send it to me.

I Know the <Signature> structure has to be there already when signing and I get some
errors about it if I leave it out, but I am actually not sure about it anyway.

Sometimes I got this message:
Message: DSIGSignature::verify() - no verification key loaded and cannot determine from KeyInfoResolver
This is, when I don't add (or remove) the KeyInfo Tag.


Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern

______________

Adrian Stern
Software Developer

-----Original Message-----
From: Cantor, Scott [mailto:cantor.2@osu.edu]
Sent: 28 May 2013 16:21
To: dev@santuario.apache.org
Subject: Re: headers to include for example code

On 5/28/13 10:13 AM, "Adrian Stern" <adrian.stern@screenfood.com> wrote:

>I've got the example to work. The ssl cert one that is.
>Now I have to rewrite it so it's using the whole RSA stuff.

This isn't an SSL-related project, so I don't know what that means.

>So this project is not currently under development? Would it be wise to
>move to another?

It's maintained, and will be until such time as I have the opportunity to replace it or rewrite
it for Shibboleth, at which time the only supported feaures will be the features needed for
SAML signatures and encryption.

I add new features and algorithms occasionally, on the basis of what my project needs. I have
absolutely no investment in the code beyond my own project, but will fix bugs if they're reported.

I don't know if that means it's under development or not. There are no other C++ XML signature
and encryption libraries. There's one in C. As far as I know, there is nothing else of any
significance out there unless you're Windows only.

-- Scott


Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren
Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in error) please notify the
sender immediately and destroy this e-mail including the attachments. Any unauthorized copying,
disclosure or distribution of the material in this e-mail is strictly forbidden.

Mime
View raw message