Re: Additional namespace element in CanonicalizationMethod element

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: yves (yves_at_discussions.microsoft.com)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 06:05:02 -0800

Hi Dilip,

My Axis/WSS4J web service fails with the error message 'The signature
verification failed'.

Additional info: The verification of the digest values in the Reference
elements is always (on both vclients) okay. Only the verification of the
signature value fails.

Yves

"Dilip Krishnan" wrote:

> Hello yves,
> Fails with what error message?
>
> HTH
> Regards,
> Dilip Krishnan
> MCAD, MCSD.net
> dkrishnan at geniant dot com
> http://www.geniant.com
>
> > All,
> >
> > We run a Java-based (Axis with WSS4J) webservice and we have both Java
> > and ..NET (C#) clients. While encryption is no problem for all
> > client-server combinations we have problems with signature validation
> > from C# requests. The strange thing is that we have a MS-box with the
> > C#-client which requests can be successfuly validated by the Java end
> > point and on the other (with the same exe-File) box it doesn't work.
> > After seeing that I tried to find the difference between these two C#
> > clients. The only difference I could find is in the request is in the
> > CanonicalizationMethod-element (prefix and namespace (re-)definition;
> > is already defined as default namespace in the Signature-element):
> >
> > this one works:
> > .....<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />....
> > this one fails:
> > .....<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
> > <SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />....
> > I'm absolutely not sure if this is causing the problem but at least
> > this is a difference between the two boxes/clients that should not
> > occur. Following the versions we use (on both c#-clients):
> >
> > - .NET 1.1 SP1
> > - WSE SP2
> > - WinXP SP2
> > Any ideas? Thanks
> > Yves
>
>
>

Relevant Pages

  • Re: Public-key CD-KEY protocol (comments welcomed)
    ... The truncation makes verification impossible without ... Anything short of the full PK signature cannot be verified. ... > a) If this is the first connection: ... > client, that records it. ...
    (sci.crypt)
  • Re: Decimal fieldss precision is too small to accept the numeric you attempted to add
    ... I don't know the Scale and Precision of your Decimal fields, ... case something is actually overflowing (as the error message suggests). ... both of those, still fails. ...
    (microsoft.public.access.queries)
  • Re: Digital signatures
    ... (A signature can be marked as non-exportable, ... document as John Doe and you trust it without any other verification ... Import and sign that key on your keyring. ... not checked out in any other way, then you'll get the big fat WARNING ...
    (Fedora)
  • Re: how can we restrict what certificate WSE will use?
    ... you mentioned 'since his private key is not valid so, the signature of his ... in a request signed with his valid private key, and since his public key is ... > As for the question on the X509 certificate verification in .net ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Unparsable Record
    ... I tried simply importing 1 column - deleting all the rest. ... Method 'ExecuteTempImexSpec' of object '_WizHook' failed error message. ... If that fails, delete 11 more columns so only the first 11 ... importing the first column - skipping all the other columns, ...
    (microsoft.public.access.externaldata)