0

I am trying to sign an XML, I can successfully do this with RSA, but can't seem to sign it with ECDSA or DSA. For this example, I am trying ECDSA. Any help will be appreciated.

The error I am getting:

func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=291:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "raw.xml"

The command I am running in Ubuntu 22.04 (xmlsec1 1.2.33 (openssl))

xmlsec1 --sign --output request-signed.xml --privkey-pem secp384r1.pem raw.xml

Key and x509 certificate generation command:

openssl ecparam -name secp256r1 -genkey -noout -out secp384r1.pem
openssl req -new -key secp384r1.pem -x509 -nodes -days 365 -out cert.pem

The raw.xml

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ebs="http://ebs.health.ontario.ca/" xmlns:idp="http://idp.ebs.health.ontario.ca/"
xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://hcv.health.ontario.ca/">
<SOAP-ENV:Header>
    <wsse:Security mustUnderstand="true">
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n<SignatureMethod
                    Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />\n<Reference
                    URI="#id-61b15061-d275-40bf-9ca0-ecc684158a3b">\n<Transforms>\n<Transform
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n</Transforms>
            \n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />\n<DigestValue />
            \n</Reference>\n<Reference URI="#id-68662a30-bb75-4261-a255-5fea0515ae44">\n<Transforms>
            \n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n</Transforms>\n<DigestMethod
                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />\n<DigestValue />\n</Reference>
            \n<Reference URI="#id-49d3b458-cf41-483b-9d55-8b4692078014">\n<Transforms>\n<Transform
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n</Transforms>
            \n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />\n<DigestValue />
            \n</Reference>\n<Reference URI="#id-2ac9f68c-e1b5-4e04-bf08-9950e4d1ca8f">\n<Transforms>
            \n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n</Transforms>\n<DigestMethod
                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />\n<DigestValue />\n</Reference>
            \n<Reference URI="#id-e6adeae4-ef18-4c22-ba7e-f7b17d7ab24c">\n<Transforms>\n<Transform
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />\n</Transforms>
            \n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />\n<DigestValue />
            \n</Reference>\n</SignedInfo>\n<SignatureValue />\n<KeyInfo>\n<X509Data>
                    <X509IssuerSerial />
                    <X509Certificate />
                </X509Data>\n</KeyInfo>\n</Signature>
        <wsu:Timestamp wsu:Id="id-68662a30-bb75-4261-a255-5fea0515ae44">
            <wsu:Created>2023-01-11T14:44:05.335752+00:00</wsu:Created>
            <wsu:Expires>2023-01-11T14:45:35.335752+00:00</wsu:Expires>
        </wsu:Timestamp>
        <wsse:UsernameToken wsu:Id="id-e6adeae4-ef18-4c22-ba7e-f7b17d7ab24c">
            <wsse:Username>confsu+435@gmail.com</wsse:Username>
            <wsse:Password>Password2!</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
    <ebs:EBS wsu:Id="id-49d3b458-cf41-483b-9d55-8b4692078014">
        <SoftwareConformanceKey>2ec86c34-fdd2-435d-b5e3-dcb306855096</SoftwareConformanceKey>
        <AuditId>63840137-4c16-43f2-bae9-82710391240b</AuditId>
    </ebs:EBS>
    <idp:IDP wsu:Id="id-2ac9f68c-e1b5-4e04-bf08-9950e4d1ca8f">
        <ServiceUserMUID>622100</ServiceUserMUID>
    </idp:IDP>
</SOAP-ENV:Header>
<ns0:Body wsu:Id="id-61b15061-d275-40bf-9ca0-ecc684158a3b">
    <ns1:validate>
        <requests>
            <hcvRequest>
                <healthNumber>9287170261</healthNumber>
                <versionCode>DK</versionCode>
            </hcvRequest>
        </requests>
        <locale>en</locale>
    </ns1:validate>
</ns0:Body>
</SOAP-ENV:Envelope>
Overklog
  • 109
  • 3
  • 10

0 Answers0