You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Adrian Stern <ad...@screenfood.com> on 2013/05/28 14:37:28 UTC
headers to include for example code
Hello
I've just subscribet and i don't know if this message reaches anyone.
I am trying to get the "A simple validation example" to work at: http://santuario.apache.org/cprogramming.html
But i just cannot figure out which headers to include and where they are. How do C++ programmers figure out this stuff anyway?
Im on Archlinux and I've installed the Package from AUR providing version 1.7.0.
Also I'am using qtcreator and I'm sure I will have to add the libs with LIBS += eventually.
Could you provide me with a complete example and/or point me to the appropriate documentation?
Many Thanks,
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
RE: headers to include for example code
Posted by Adrian Stern <ad...@screenfood.com>.
Still not sure if this reaches anyone but i found that the package I installed does not provide the samples folder. SVN helps here. Thanks.
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
From: Adrian Stern [mailto:adrian.stern@screenfood.com]
Sent: 28 May 2013 14:37
To: dev@santuario.apache.org
Subject: headers to include for example code
Hello
I've just subscribet and i don't know if this message reaches anyone.
I am trying to get the "A simple validation example" to work at: http://santuario.apache.org/cprogramming.html
But i just cannot figure out which headers to include and where they are. How do C++ programmers figure out this stuff anyway?
Im on Archlinux and I've installed the Package from AUR providing version 1.7.0.
Also I'am using qtcreator and I'm sure I will have to add the libs with LIBS += eventually.
Could you provide me with a complete example and/or point me to the appropriate documentation?
Many Thanks,
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
RE: headers to include for example code
Posted by Adrian Stern <ad...@screenfood.com>.
>This isn't an SSL-related project, so I don't know what that means.
I mean the example I got to work uses an OpenSSLCryptoX905 CA. And what I need is for it to work with my simple public key. As far as I know is my xml signed after W3C xml dsig.
> As far as I know, there is nothing else of any significance out there unless you're Windows only.
Yea. There is Crypt++ which seems to provide this feature at a very low level but except of that I didn't find much useful. It's actually too bad since this feature isn't so exotic in my opinion.
Well I will stick with your project. Worst case, I will just fork it :-)
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
______________
Adrian Stern
Software Developer
-----Original Message-----
From: Cantor, Scott [mailto:cantor.2@osu.edu]
Sent: 28 May 2013 16:21
To: dev@santuario.apache.org
Subject: Re: headers to include for example code
On 5/28/13 10:13 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>I've got the example to work. The ssl cert one that is.
>Now I have to rewrite it so it's using the whole RSA stuff.
This isn't an SSL-related project, so I don't know what that means.
>So this project is not currently under development? Would it be wise to
>move to another?
It's maintained, and will be until such time as I have the opportunity to replace it or rewrite it for Shibboleth, at which time the only supported feaures will be the features needed for SAML signatures and encryption.
I add new features and algorithms occasionally, on the basis of what my project needs. I have absolutely no investment in the code beyond my own project, but will fix bugs if they're reported.
I don't know if that means it's under development or not. There are no other C++ XML signature and encryption libraries. There's one in C. As far as I know, there is nothing else of any significance out there unless you're Windows only.
-- Scott
Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: headers to include for example code
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 5/29/13 8:01 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>Do you by any chance now how to use these tools? I just can't get
>anything to work.
I have never used templatesign, no.
>My doing so far:
>1. Creating an rsa key pair with openssl:
>openssl genrsa -out key.pem 2088
>openssl rsa -in key.pem -pubout > key.pub
>
>2. Add modulus and exponent:
>openssl rsa -modulus -pubin <key.pub
>openssl rsa -pubin -inform PEM -text -noout <key.pub
The last time I had to try and generate a bare key in XML, I was pretty
much unsuccessful using openssl to do it. So I suspect that may be your
problem.
The bare key format is totally ridiculous and of no practical usability.
The latest spec includes a DEREncodedKeyValue option, or you're just
better off using a self-signed certificate.
>Sometimes I got this message:
>Message: DSIGSignature::verify() - no verification key loaded and cannot
>determine from KeyInfoResolver
>This is, when I don't add (or remove) the KeyInfo Tag.
checksig has options to supply the key on the command line, I think. I
think you're probably messing up the KeyInfo.
-- Scott
RE: headers to include for example code
Posted by Adrian Stern <ad...@screenfood.com>.
Hi Scott
Do you by any chance now how to use these tools? I just can't get anything to work.
My doing so far:
1. Creating an rsa key pair with openssl:
openssl genrsa -out key.pem 2088
openssl rsa -in key.pem -pubout > key.pub
2. Add modulus and exponent:
openssl rsa -modulus -pubin <key.pub
openssl rsa -pubin -inform PEM -text -noout <key.pub
3. Signig my example:
Templatesign -r key.pem pass123 test.lic > signed.lic
4. Check for changes:
Digest and SignedValue differ!
Exponent and modulus not - as expected
5. Check signature:
checksig signed.lic || echo $?
Signature failed verification
Validation of <SignedInfo> failed
[1]+ Exit 1 checksig signed.lic
1
So everything seems to work fine but I still can't verify the signature. If you have some working example lying around I would appreciate if you could send it to me.
I Know the <Signature> structure has to be there already when signing and I get some errors about it if I leave it out, but I am actually not sure about it anyway.
Sometimes I got this message:
Message: DSIGSignature::verify() - no verification key loaded and cannot determine from KeyInfoResolver
This is, when I don't add (or remove) the KeyInfo Tag.
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
______________
Adrian Stern
Software Developer
-----Original Message-----
From: Cantor, Scott [mailto:cantor.2@osu.edu]
Sent: 28 May 2013 16:21
To: dev@santuario.apache.org
Subject: Re: headers to include for example code
On 5/28/13 10:13 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>I've got the example to work. The ssl cert one that is.
>Now I have to rewrite it so it's using the whole RSA stuff.
This isn't an SSL-related project, so I don't know what that means.
>So this project is not currently under development? Would it be wise to
>move to another?
It's maintained, and will be until such time as I have the opportunity to replace it or rewrite it for Shibboleth, at which time the only supported feaures will be the features needed for SAML signatures and encryption.
I add new features and algorithms occasionally, on the basis of what my project needs. I have absolutely no investment in the code beyond my own project, but will fix bugs if they're reported.
I don't know if that means it's under development or not. There are no other C++ XML signature and encryption libraries. There's one in C. As far as I know, there is nothing else of any significance out there unless you're Windows only.
-- Scott
Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: headers to include for example code
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 5/28/13 10:13 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>I've got the example to work. The ssl cert one that is.
>Now I have to rewrite it so it's using the whole RSA stuff.
This isn't an SSL-related project, so I don't know what that means.
>So this project is not currently under development? Would it be wise to
>move to another?
It's maintained, and will be until such time as I have the opportunity to
replace it or rewrite it for Shibboleth, at which time the only supported
feaures will be the features needed for SAML signatures and encryption.
I add new features and algorithms occasionally, on the basis of what my
project needs. I have absolutely no investment in the code beyond my own
project, but will fix bugs if they're reported.
I don't know if that means it's under development or not. There are no
other C++ XML signature and encryption libraries. There's one in C. As far
as I know, there is nothing else of any significance out there unless
you're Windows only.
-- Scott
RE: headers to include for example code
Posted by Adrian Stern <ad...@screenfood.com>.
I've got the example to work. The ssl cert one that is.
Now I have to rewrite it so it's using the whole RSA stuff.
So this project is not currently under development? Would it be wise to move to another?
The tipp with the helper tools could be worth a try. If the code does not enlighten me, then I could just invoke them and use the exit code instead.
Thanks
Freundliche Grüsse / Best Regards / Meilleures salutations
Adrian Stern
-----Original Message-----
From: Cantor, Scott [mailto:cantor.2@osu.edu]
Sent: 28 May 2013 16:00
To: dev@santuario.apache.org
Subject: Re: headers to include for example code
On 5/28/13 8:37 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>I am trying to get the ³A simple validation example² to work at:
>http://santuario.apache.org/cprogramming.html
>But i just cannot figure out which headers to include and where they are.
>How do C++ programmers figure out this stuff anyway?
By reading the source code, unfortunately, and knowing a great deal about the subject matter. I inherited the code base and I maintain it on behalf of my project, but documenting it is just not going to happen, not by me anyway. Sorry.
If you have an API question, I can answer it (mostly, there are exceptions in parts I don't use), but "how do I do X" is just far beyond what I can provide help with.
The samples do help, a little, though I find that the utilities like checksig, siginf, etc. help more.
-- Scott
Diese E-Mail und ihre Anhänge enthalten vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail inklusive Anhänge. Das unerlaubte Kopieren sowie die unbefugte Weitergabe der Inhalte dieser Mail ist nicht gestattet.
This e-mail and any attachments may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail including the attachments. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: headers to include for example code
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 5/28/13 8:37 AM, "Adrian Stern" <ad...@screenfood.com> wrote:
>I am trying to get the ³A simple validation example² to work at:
>http://santuario.apache.org/cprogramming.html
>But i just cannot figure out which headers to include and where they are.
>How do C++ programmers figure out this stuff anyway?
By reading the source code, unfortunately, and knowing a great deal about
the subject matter. I inherited the code base and I maintain it on behalf
of my project, but documenting it is just not going to happen, not by me
anyway. Sorry.
If you have an API question, I can answer it (mostly, there are exceptions
in parts I don't use), but "how do I do X" is just far beyond what I can
provide help with.
The samples do help, a little, though I find that the utilities like
checksig, siginf, etc. help more.
-- Scott