[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xml-security-dev
Subject:    Re: Verifying RSA
From:       Berin Lautenbach <berin () wingsofhermes ! org>
Date:       2005-08-17 10:23:12
Message-ID: 43031010.2040103 () wingsofhermes ! org
[Download RAW message or body]

Where did you get the base64 encoded public key from?  If it's not in 
the correct format, it won't get loaded properly by the library.

One possible thing to try would be to embed it into the appropriate 
KeyInfo structure within the XML and then just use the checksig tool to 
see how it verifies.  IF that works, then it's an issue with your code 
below (which actually looks OK on a quick skim).  If not, then it might 
be the key format.

Cheers,
	Berin

Matthias Niggemeier wrote:

> Thanks for the hints. With setcce, i cannot verify against the public key.
> xmlsec works, but i cannot tell the lib which public key to use, since
> i only have the exponent and modulus in base64, but xmlsec wants pem/der-files.
> Any idea how to get them from the exponent/modulus pair?
> 
> Regards
> 
> Matthias 
> 
> 
>>-----Original Message-----
>>From: Milan Tomic [mailto:milan@setcce.org] 
>>Sent: Wednesday, August 17, 2005 10:48 AM
>>To: security-dev@xml.apache.org
>>Subject: RE: Verifying RSA
>>
>>
>>You can try to validate signature with those toolkits:
>>
>>1. Download trial:
>>
>>http://www.setcce.si/eng/index45c.php
>>
>>2. Download XMLSec binaries:
>>
>>http://www.aleksey.com/xmlsec/download.html
>>
>>3. Download Apache XSEC java lib. There are samples how to validate
>>signed doc.
>>
>>Best regards,
>>Milan
>>
>>
>>
>>>-----Original Message-----
>>>From: Matthias Niggemeier [mailto:M@thias.de] 
>>>Sent: Wednesday, August 17, 2005 10:36 AM
>>>To: security-dev@xml.apache.org
>>>Subject: RE: Verifying RSA
>>>
>>>
>>>Milan,
>>>thats a bit problematic since i have only "real" data for 
>>>testing, so i don't think that my customer would be amused if 
>>>i post the file here. Is there any program available which is 
>>>able to verify a dsig? I googled around and found none :-(
>>>
>>>Should the code work? (as far as it is possible to say 
>>>without debugger) 
>>>
>>>Kind regards
>>>
>>>Matthias
>>>
>>>
>>>>-----Original Message-----
>>>>From: Milan Tomic [mailto:milan@setcce.org]
>>>>Sent: Wednesday, August 17, 2005 9:31 AM
>>>>To: security-dev@xml.apache.org
>>>>Subject: RE: Verifying RSA
>>>>
>>>>
>>>>Could you post your XML file here for analisys?
>>>>
>>>>Have you tried to verify signature with some other library 
>>>
>>>like Apache 
>>>
>>>>XSEC Java library?
>>>>
>>>>Best regards,
>>>>Milan
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: Matthias Niggemeier [mailto:M@thias.de]
>>>>>Sent: Wednesday, August 17, 2005 9:19 AM
>>>>>To: security-dev@xml.apache.org
>>>>>Subject: Verifying RSA
>>>>>
>>>>>
>>>>>Hi there,
>>>>>I have a problem verifying a signed xml doc. My doc looks 
>>>
>>>like this:
>>>
>>>>>... xml snipped ...
>>>>></Product>
>>>>><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>>>><SignedInfo>
>>>>><CanonicalizationMethod
>>>>>Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 
>>>>>/> <SignatureMethod 
>>>>>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
>>>>><Reference URI=""> <Transforms> <Transform 
>>>>>Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signatu
>>>>>re" /> </Transforms> <DigestMethod 
>>>>>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
>>>>><DigestValue>abcde</DigestValue> </Reference> </SignedInfo> 
>>>>><SignatureValue>abcdefg</SignatureValue>
>>>>></Signature>
>>>>>
>>>>>When I try to verify, I get an error
>>>>>
>>>>>Reference URI="" failed to verify
>>>>>
>>>>>What is wrong? The sender of the xml doc persists that the
>>>>>signature is valid. My code to verify:
>>>>>
>>>>>bool LoadValidateRSA(tstring sURI)
>>>>>{
>>>>>    xercesc::DOMDocument *doc = NULL;   
>>>>>    XSECProvider prov;
>>>>>    DSIGSignature* sig = NULL;
>>>>>    XERCES_CPP_NAMESPACE::DOMBuilder* builder = NULL;
>>>>>	WinCAPICryptoKeyRSA* pRSA = NULL;
>>>>>	WinCAPICryptoProvider WCProv;
>>>>>
>>>>>	builder =
>>>>>GetImplementationLS()->createDOMBuilder(xercesc::DOMImplementa
>>>>>tionLS::MODE_SYNCHRONOUS,0);
>>>>>      
>>
>>builder->setFeature(xercesc::XMLUni::fgDOMNamespaces, true);
>>
>>>>>      doc = builder->parseURI(X(sURI));
>>>>>
>>>>>	pRSA = (WinCAPICryptoKeyRSA*)WCProv.keyRSA();
>>>>>	sig = prov.newSignatureFromDOM(doc); 
>>>>>	char cModulus[] = "sAGXf2IjqajW1F7m"; // snipped
>>>>>	char cExponent[] = "ABCD";
>>>>>	
>>>>>	pRSA->loadPublicExponentBase64BigNums(cExponent,
>>>>>(unsigned int) strlen(cExponent));
>>>>>	pRSA->loadPublicModulusBase64BigNums(cModulus, 
>>>>>(unsigned int) strlen(cModulus));
>>>>>	
>>>>>	sig->load();
>>>>>	sig->setSigningKey(pRSA);
>>>>>	bVerifyOK = sig->verify();
>>>>>}
>>>>>
>>>>>I looked at the samples, but they didn't help me further
>>>>
>>>>than this :-(
>>>>
>>>>>Regards
>>>>>
>>>>>Matthias
>>>>>
>>>>
> 
> 
> 
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic