Re: CheckSignature Output?

From: kcronin (nospam@devnull8.com)
Date: 04/23/03 

From: "kcronin" <nospam@devnull8.com>
Date: Wed, 23 Apr 2003 07:37:14 -0400

Signed message file attached. I used a textwriter to write the file and did
use the preservieWhitespace=true. In the WS Security suite, i verified
using the VerifyGUI tool -( java dsig.VerifyGUI < data.xml ).

Thanks for taking a look.

If I could make a product suggestion, it would be that more data be given on
the reason for the CheckSignature failure. Signature, Encyrption and key
management will be increasingly used by development teams and having to deal
with a boolean output for a complex process is very frustrating!

"Ivan Medvedev [MS]" <ivanmed@online.microsoft.com> wrote in message
news:#mEGt$QCDHA.1692@TK2MSFTNGP12.phx.gbl...
> Unfortunately there is no easy way to figure out why exactly the SignedXml
> signature check failed. It is strange however that the Security Suite
> verifies the signature and .net classes do not. If you could send/post the
> signature I could take a look and try to figure out why the results
differ.
> Thanks,
> --Ivan
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "kcronin" <nospam@devnull8.com> wrote in message
> news:#rrdGuMCDHA.1604@TK2MSFTNGP10.phx.gbl...
> > We have a SOAP message (from an Axis server) that is signed with a X.509
> > certificate. WSE doesn't recognize the signature sections (not using
> > WS-Security headers perhaps) so we are trying to check by loading up the
> XML
> > document and using CheckSignature.
> >
> > CheckSignature is returning false but no other data. Does anyone know
if
> > other data is available on the validation process? I feel like we're
> > groping around in the dark as to the cause. BTW: I cross checked the
XML
> > against the IBM Security Suite verifier and it thinks the document
> signature
> > is valid.
> >
> > Any help would be most appreciated.
> >
> > kwc
> >
> >
>
>

begin 666 data.xml
M/#]X;6P@=F5R<VEO;CTB,2XP(C\^"CQS;V%P.D5N=F5L;W!E('-O87 Z86-T
M;W(](G-O;64M=7)I(B!S;V%P.FUU<W15;F1E<G-T86YD/2(Q(B!X;6QN<SI3
M3T%0+5-%0STB:'1T<#HO+W-C:&5M87,N>&UL<V]A<"YO<F<O<V]A<"]S96-U
M<FET>2\R,# P+3$R(B!X;6QN<SIS;V%P/2)H='1P.B\O<V-H96UA<RYX;6QS
M;V%P+F]R9R]S;V%P+V5N=F5L;W!E+R(@>&UL;G,Z>'-D/2)H='1P.B\O=W=W
M+G<S+F]R9R\R,# Q+UA-3%-C:&5M82(@>&UL;G,Z>'-I/2)H='1P.B\O=W=W
M+G<S+F]R9R\R,# Q+UA-3%-C:&5M82UI;G-T86YC92(^"B \<V]A<#I(96%D
M97(^"B @"B @"CQ33T%0+5-%0SI3:6=N871U<F4^/&1S.E-I9VYA='5R92!X
M;6QN<SID<STB:'1T<#HO+W=W=RYW,RYO<F<O,C P,"\P.2]X;6QD<VEG(R(^
M"CQD<SI3:6=N961);F9O/@H\9',Z0V%N;VYI8V%L:7IA=&EO;DUE=&AO9"!!
M;&=O<FET:&T](FAT=' Z+R]W=W<N=S,N;W)G+U12+S(P,#$O4D5#+7AM;"UC
M,31N+3(P,#$P,S$U(B O/@H\9',Z4VEG;F%T=7)E365T:&]D($%L9V]R:71H
M;3TB:'1T<#HO+W=W=RYW,RYO<F<O,C P,"\P.2]X;6QD<VEG(W)S82US:&$Q
M(B O/@H\+V1S.E-I9VYE9$EN9F\^"CQD<SI3:6=N871U<F5686QU93X*:C5W
M-$9N0T]5,7AE1&UX+SAE-V$U641926$K9S5O>#!/:G1",TEX-#=C8EE)<GHK
M-$UF1U!40V9:2$LY6')#8SAM-GE'8U-22F1580IS-FEJ1'1!>G=%4'-52$\O
M;C)H2$Q&:&Q.>&A);&YL=4DW=&5W:UDX;%)2;&@K1V%"8E)B,"MD-'!Q2G9L
M;DY/,#-U>6IM5VY31%)("C-::E1H,%A/3CE*=DY'1S-U6%D]"CPO9',Z4VEG
M;F%T=7)E5F%L=64^"CQD<SI+97E);F9O/@H\9',Z6#4P.41A=&$^"CQD<SI8
M-3 Y0V5R=&EF:6-A=&4^"DU)24)L1$-"+W%!1$%G14%!9U$K:F9F3TU!,$=#
M4W%'4TEB,T1114)"455!34$X>$1404Q"9TY60D%-5$)&4FQC,U%W2&AC3DU$
M37<*3D1!,$UJ17E->DDR5VAC3DU$47=.1$%Z36I%>4UZ23)7:D%035$P=T-W
M641645%$17=255I83C!-24=F34$P1T-3<4=326(S1%%%0@I!455!031'3D%$
M0T)I44M"9U%#*V5B;$Y54S%4<VMR=CA-<#%/,U5#>61E9&M/3E,U<'5.,DMV
M2713:'=R-"M8.4AB8GAE05%E9%IZ"D-/5V$W>2LP.3!*9TAW5C9,45-)4'AP
M83E266=E.&Y82&1H+T).2$5&2#9#0DHX9U1Y=FY&9WI'3GAH=VU(86I(-5%)
M;G)B5D)25W4*,75P969/<FAV;R]K,7!Q4S%D;$-2;&5J<%%'05E22$IH<V8X
M:%%)1$%104)-03!'0U-Q1U-)8C-$445"0E%504$T1T)!2G=*1#0Y> IH5GIR
M<6,W65%7-CAQ4W0V,TPO2E1'9E$P*VEA>E=D66YX4D1.;U5+3S5K.$%/24=6
M54I96$(W1'!H;B]F9TIS2%HQ,F5I2D%.2FY3"G%U,2]24%5C=W-S:#<S3&A2
M;U(S.&=L,2MO4S!O36%-06]:=%A$=E)F4$<O04MD:3--8TMK5EEW*W O>5IS
M43=%=#9B42M-;51.56T*=%AQ3F-78VTV1%<X"CPO9',Z6#4P.4-E<G1I9FEC
M871E/@H\+V1S.E@U,#E$871A/@H\9',Z2V5Y5F%L=64^"CQD<SI24T%+97E6
M86QU93X*/&1S.DUO9'5L=7,^"G9N;3545D5T53=*2S<O1$MD5'0Q07-N6&Y:
M1&I5=6%B:F1I<GE,56]C2RM0;"]2,C(X6&=%2&Y78W=J;&UU.'9T4&1#64(X
M1F5I,$4*:40X85=V55=)2'9*,7@S669W5%)X0E(K9V=39DE%.'(U>%E->&IC
M66-*:#)O>"M50THV,C%1559R=&)Q6&YZ<31B-E U3F%A:W186@I1:UI8;S95
M0F='15)Y66)(+TE5/0H\+V1S.DUO9'5L=7,^"CQD<SI%>'!O;F5N=#Y!44%"
M/"]D<SI%>'!O;F5N=#X*/"]D<SI24T%+97E686QU93X*/"]D<SI+97E686QU
M93X*/"]D<SI+97E);F9O/@H\+V1S.E-I9VYA='5R93X\+U-/05 M4T5#.E-I
M9VYA='5R93X@/"]S;V%P.DAE861E<CX*(#QS;V%P.D)O9'D^"B @/&)A;FM!
M8V-O=6YT3G5M8F5R('AM;&YS/2)H='1P.B\O=W=W+F9S=&,N;W)G+V-C;2\B
M/C$R,SPO8F%N:T%C8V]U;G1.=6UB97(^"B @/&-U<W1O;65R240@>&UL;G,]
M(FAT=' Z+R]W=W<N9G-T8RYO<F<O8V-M+R(^,3(S/"]C=7-T;VUE<DE$/@H@
=/"]S;V%P.D)O9'D^"CPO<V]A<#I%;G9E;&]P93X`
`
end

Relevant Pages

  • Re: CheckSignature Output?
    ... It is strange however that the Security Suite ... verifies the signature and .net classes do not. ... > CheckSignature is returning false but no other data. ...
    (microsoft.public.dotnet.security)
  • RSA verification problem
    ... I need to write a PHP script which verifies a RSA signature. ... The Public Key created using MS CryptoAPI is in Base64 format. ... // Get Modulus Bit Length ...
    (comp.security.misc)
  • Re: Security and Encryption Faq - Revision 22.6
    ... The signature on the FAQ 22.6 verifies. ... This is basic PGP stuff guys. ... If I can get a verifiable signature from two servers, ...
    (alt.privacy)
  • Re: [opensuse] [OT] My PGP Signature
    ... saying that my PGP signature is not verifying properly for ... it verifies fine on my local side. ... and it says there is a problem with the signature. ... gpg command line and output: ...
    (SuSE)
  • Re: Choosing key to verify someone elses sig?
    ... > - Given a signed document from Bob, you shouldn't assume that Bob was ... - Given a signature that verifies with Bob's key, ... Bob's public key, so the most we can verify is that some holder of Bob's ...
    (sci.crypt)