You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Neil Bennett <nd...@dl.ac.uk> on 2005/01/26 14:08:58 UTC
Problem with verifying enveloped XML signatures
I am trying to verify an enveloped XML signature. If the signed document is
saved to a file and then read back in, there is no problem. The signature is
shown as valid.
However, as I am using enveloped signatures, I do not really want to save the
signature to a file. When I verify the signature, I just want to load in the
signed DOM Document from memory and verify it directly rather than having to
build a DOM Document from scratch and load in a signature file.
However, when I pass in my signed DOM Document, I always get an error stating
that the signature is invalid.
I have manually checked the XML signatures generated by the two methods and
they are identical (except for digest and signature values obviously).
My only guess is that the problem lies with the XMLSignature constructor. I am
using "new XMLSignature( signatureElement, baseURI )". Where I am loading in a
file, I just use the same baseURI as I used to generate the signature.
However, when I am reading the DOM Document directly, what parameter should I
pass in to the XMLSignature constructor, bearing in mind that there is no
signature file?
Any help would be much appreciated.
Neil
RE: Problem with verifying enveloped XML signatures
Posted by Cédric POTHIN <ce...@inovatel.sfr.com>.
Many Thks Raul
> -----Message d'origine-----
> De : Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Envoyé : mercredi 9 février 2005 10:59
> À : security-dev@xml.apache.org
> Objet : Re: Problem with verifying enveloped XML signatures
>
> You need to add enveloped transformation to your reference. This will
> fix your problem.
>
> Regards,
>
>
> On Wed, 26 Jan 2005 13:08:58 +0000 (UTC), Neil Bennett <nd...@dl.ac.uk>
> wrote:
> > I am trying to verify an enveloped XML signature. If the signed
> document is
> > saved to a file and then read back in, there is no problem. The
> signature is
> > shown as valid.
> >
> > However, as I am using enveloped signatures, I do not really want to
> save the
> > signature to a file. When I verify the signature, I just want to load
> in the
> > signed DOM Document from memory and verify it directly rather than
> having to
> > build a DOM Document from scratch and load in a signature file.
> >
> > However, when I pass in my signed DOM Document, I always get an error
> stating
> > that the signature is invalid.
> >
> > I have manually checked the XML signatures generated by the two methods
> and
> > they are identical (except for digest and signature values obviously).
> >
> > My only guess is that the problem lies with the XMLSignature
> constructor. I am
> > using "new XMLSignature( signatureElement, baseURI )". Where I am
> loading in a
> > file, I just use the same baseURI as I used to generate the signature.
> > However, when I am reading the DOM Document directly, what parameter
> should I
> > pass in to the XMLSignature constructor, bearing in mind that there is
> no
> > signature file?
> >
> > Any help would be much appreciated.
> > Neil
> >
> >
Re: Problem with verifying enveloped XML signatures
Posted by Raul Benito <ra...@gmail.com>.
You need to add enveloped transformation to your reference. This will
fix your problem.
Regards,
On Wed, 26 Jan 2005 13:08:58 +0000 (UTC), Neil Bennett <nd...@dl.ac.uk> wrote:
> I am trying to verify an enveloped XML signature. If the signed document is
> saved to a file and then read back in, there is no problem. The signature is
> shown as valid.
>
> However, as I am using enveloped signatures, I do not really want to save the
> signature to a file. When I verify the signature, I just want to load in the
> signed DOM Document from memory and verify it directly rather than having to
> build a DOM Document from scratch and load in a signature file.
>
> However, when I pass in my signed DOM Document, I always get an error stating
> that the signature is invalid.
>
> I have manually checked the XML signatures generated by the two methods and
> they are identical (except for digest and signature values obviously).
>
> My only guess is that the problem lies with the XMLSignature constructor. I am
> using "new XMLSignature( signatureElement, baseURI )". Where I am loading in a
> file, I just use the same baseURI as I used to generate the signature.
> However, when I am reading the DOM Document directly, what parameter should I
> pass in to the XMLSignature constructor, bearing in mind that there is no
> signature file?
>
> Any help would be much appreciated.
> Neil
>
>