Verify signature: bad for enveloped, ok for enveloping and detached.

[def abc <an...@yahoo.fr>]

Hi again...
And now I'm trying to validate my signatures. I've
built three signatures: a enveloped one, a detached
one and an enveloping one. All on the same document. 
They all have the same SignatureValue, that's a good
starting point :-)
The detached and the enveloping signature verify okay,
but the enveloped one fails !
I found a few threads on this topic in the
mailing-list but couldn't find my case. 

Any idea ?
Regards,
Axelle.


FileInputStream fis = new
FileInputStream(outputURI.getPath());
Document doc = db.parse(fis);
fis.close();
		
NodeList dsNodeList =
doc.getElementsByTagName("ds:Signature");
if (dsNodeList.getLength() == 0)
 throw new IOException("No signature in file");
		
Element dsElement = (Element) dsNodeList.item(0);
				
XMLSignature signature = new XMLSignature(dsElement,
outputURI.toString());
return signature.checkSignatureValue(pubkey);



	

	
		
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Re: Verify signature: bad for enveloped, ok for enveloping and detached.

[def abc <an...@yahoo.fr>]

 --- Raul Benito <ra...@gmail.com> a
écrit : 
> Does you add enveloped-signature-transformation?
> It is need to enveloped signatures. If not it will
> fail.

Not sure to understand...
My signed XML does have a transformation (c14n) -- see
below.
Do you mean I should apply a transformation to the
signed document for verification ?

Regards,
-- Axelle.

<policy xmlns="http://xxx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xxx/DSP ./DSP.xsd">
 <dsi_policy>
 [...]
 </dsi_policy>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference
URI="file:/G:/prog/xml-security-1_2_0/misc.xml">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>HbVbteOlAwHiVZYotc1E7wWswyo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
CRCr/II7oFTYANIz3NMqpUgnMLMvyU9rwpZNOBk5+Sp9k+kXyMJNU/7WehvTmhtu6mTTXplUpmyw
[...]
</ds:SignatureValue>
</ds:Signature></policy>



	

	
		
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Re: Verify signature: bad for enveloped, ok for enveloping and detached.

[Raul Benito <ra...@gmail.com>]

Does you add enveloped-signature-transformation?
It is need to enveloped signatures. If not it will fail.

Regards,

Raul
http://r-bg.com


On Wed, 2 Feb 2005 10:29:57 +0100 (CET), def abc <an...@yahoo.fr> wrote:
> Hi again...
> And now I'm trying to validate my signatures. I've
> built three signatures: a enveloped one, a detached
> one and an enveloping one. All on the same document.
> They all have the same SignatureValue, that's a good
> starting point :-)
> The detached and the enveloping signature verify okay,
> but the enveloped one fails !
> I found a few threads on this topic in the
> mailing-list but couldn't find my case.
> 
> Any idea ?
> Regards,
> Axelle.
> 
> FileInputStream fis = new
> FileInputStream(outputURI.getPath());
> Document doc = db.parse(fis);
> fis.close();
> 
> NodeList dsNodeList =
> doc.getElementsByTagName("ds:Signature");
> if (dsNodeList.getLength() == 0)
>  throw new IOException("No signature in file");
> 
> Element dsElement = (Element) dsNodeList.item(0);
> 
> XMLSignature signature = new XMLSignature(dsElement,
> outputURI.toString());
> return signature.checkSignatureValue(pubkey);
> 
> Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
> Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
>