how to verify message
205 views
Skip to first unread message
agente_mor
Feb 25, 2013, 7:02:38 PM2/25/13
to xmlse...@googlegroups.com
Hi !!!!
I created a message and signed it with XML signature,
In
the first part, I include a string encrypted with private key, and
certificate (public key), which will be used by receiver for
authenticating (finally!! :)).
then I use the library to complete the rest of the XML signature
Is there an example for verifying these messages? or how could I verify it myself using functions of the library?
thanks
Mario
agente_mor
Feb 26, 2013, 10:27:06 AM2/26/13
to xmlse...@googlegroups.com
I use the xmlsec-verify.phpt file to verify my signature, I am getting:
--TEST-- Basic Verify --FILE-- SIGN_TEST: Failure!!!!!!!! --EXPECTF-- SIGN_TEST: Signature validated!
In more detail, what do you think this output was sent?
could be the two lines:
$objXMLSecDSig->idKeys = array('wsu:Id');
$objXMLSecDSig->idNS = array('wsu'=>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
I dont see what are they for
Thanks for your valuable help
mario
--TEST-- Basic Verify --FILE-- SIGN_TEST: Failure!!!!!!!! --EXPECTF-- SIGN_TEST: Signature validated!
In more detail, what do you think this output was sent?
could be the two lines:
$objXMLSecDSig->idKeys = array('wsu:Id');
$objXMLSecDSig->idNS = array('wsu'=>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
I dont see what are they for
Thanks for your valuable help
mario
agente_mor
Feb 26, 2013, 11:04:54 AM2/26/13
to xmlse...@googlegroups.com
I dont have the .res file to verify in:
$sign_output = file_get_contents('./firmas/sign-basic-test.xml');
$sign_output_def = file_get_contents('./firmas/sign-basic-test.res');
if ($sign_output != $sign_output_def) {
echo "NOT THE SAME";
}
echo "DONE";
How could I generate my own file .res?
thanks
mario
$sign_output = file_get_contents('./firmas/sign-basic-test.xml');
$sign_output_def = file_get_contents('./firmas/sign-basic-test.res');
if ($sign_output != $sign_output_def) {
echo "NOT THE SAME";
}
echo "DONE";
How could I generate my own file .res?
thanks
mario
agente_mor
Feb 26, 2013, 12:36:41 PM2/26/13
to xmlse...@googlegroups.com
Basically the diference between my code and the example is the line:
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', array('http://www.w3.org/TR/1999/REC-xpath-19991116' => array("query" => "ancestor-or-self::*[local-name()='SolicitudRegistro']"))),array("force_uri"=>true));
how do you validate when you have this?
and the fact that my "basic-doc" has two elements with base64_encoded inf, the certificate and the string encrypted with the private key (Reto).
would imply a special verification?
thanks
mario
Rob Richards
Mar 30, 2013, 4:53:31 AM3/30/13
to xmlse...@googlegroups.com
For some reason I didn't get your messages over these days so really late reply here.
As far as generating the .res in the test suite. Those were generated using the the test code and just verified using a variety of xml sec tools to insure it was correct, so no magic there.
Not sure if I am following this last question. The validation is completely driven off of the the references you used to generate the signature. The fact that keys are base64 encoded have no bearing on the signature itself as those are really just encodings the keys are transported with. Typically the key sections themselves have attributes indicating this so that they are properly decoded when being used.
Rob
Reply all
Reply to author
Forward
0 new messages