logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>
-->

Re: Verifying signature with embedded x509 cert: msg#00002

Subject: Re: Verifying signature with embedded x509 cert
No joy. It refuses to load the key. The irony is that I can use the xmlsec utility and pass it the name of the temp file I create with the key and it will load and verify. It just won't do it in my program. Here's the errors I'm seeing:

func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio and d2i_PUBKEY_bio:error=4:crypto library function failed:
func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:

The signature will verify with the xmlsec utility if I pass it the cert, just not from my program. My next step is to reduce things to the bare essentials and try again

On Dec 4, 2007 2:03 AM, Aleksey Sanin <aleksey@xxxxxxxxxxx> wrote:
xmlSecOpenSSLAppKeyLoadMemory() ???

Aleksey

Jim Nutt wrote:
> Ok, I'm pulling my hair out on this one. I'm trying to verify an xml
> signature based on the x509 certificate embedded in the keyinfo and I
> can not get it to work. If I verify using the same pem file I used for
> signing, it verifies ok, so I know the signature is valid. The problem
> is getting it to validate without going to the original pem file. I've
> tried the straight forward method of letting xmlSecDSigVerify load the
> key, but it can't find the key in signature. I've even tried writing the
> base64 data to a file (bracketed with -----BEGIN CERTIFICATE----- and
> -----END CERTIFICATE-----) and then loading that file as the
> certificate. It refuses to read the file. And yes, I know the file is a
> valid pem file because openssl x509 -in filename -text reads it just fine.
>
> Any suggestions would be greatly appreciated, as I'm on a time crunch on
> this (now... wasn't when I started... *sigh*)
>
> --
> Jim Nutt
> http://jim.nuttz.org <http://jim.nuttz.org>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec@xxxxxxxxxxx
> http://www.aleksey.com/mailman/listinfo/xmlsec



--
Jim Nutt
http://jim.nuttz.org 
_______________________________________________
xmlsec mailing list
xmlsec@xxxxxxxxxxx
http://www.aleksey.com/mailman/listinfo/xmlsec
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Verifying signature with embedded x509 cert, Aleksey Sanin
Next by Date:  Re: Verifying signature with embedded x509 cert, Jim Nutt
Previous by Thread:  Re: Verifying signature with embedded x509 cert, Aleksey Sanin
Next by Thread:  Re: Verifying signature with embedded x509 cert, Aleksey Sanin
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
mail.spam.rbl.s...    php.seagull.gen...    culture.religio...    qnx.openqnx.dev...    gnome.love/2006...    bug-tracking.re...    user-groups.lin...    yellowdog.gener...    handhelds.ipaq....    kde.announce/20...    java.mx4j.devel...    xfree86.expert/...    recreation.cars...    text.xml.expat....    web.zope.zope3/...    version-control...    db.carob.cvs/20...    freebsd.perform...    ecos.cvs/2003-0...    linux.hotplug.d...    systemtap/2006-...    os.freebsd.secu...   
Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo