Uploaded image for project: 'XML Security Tool - Java'
  1. XML Security Tool - Java
  2. XSTJ-51

xmlsectool.sh creates (ecdsa) signature with empty KeyValue

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 2.0.0
    • Component/s: Signing
    • Labels:
      None

      Description

      Signing with ecdsa certificate (in keystore) creates signature with empty KeyValue:
      <ds:SignatureValue>...signature_here...
      </ds:SignatureValue>
      <ds:KeyInfo>
      <ds:KeyValue> <!-- this -->
      </ds:KeyValue> <!-- this -->
      <ds:X509Data>
      <ds:X509Certificate>...
      ...

      Command used for signing:
      xmlsectool.sh --sign --inFile idp-nosig.xml --referenceIdAttributeName ID \
      --digest sha-384 --keystore keystore.jks --keyPassword changeit --keystoreType jks \
      --key uef_metadata --outFile signed-sh.xml

      (keystore created with:

      1. openssl ecparam -name secp384r1 -genkey -out private-key.pem
      2. openssl req -new -x509 -key private-key.pem -out server.pem -days 3650
      3. openssl pkcs12 -export -in server.pem -inkey private-key.pem -out server.p12 \
        -name uef_metadata
      4. keytool -importkeystore -deststorepass changeit -destkeypass changeit \
        -destkeystore keystore.jks -srckeystore server.p12 -srcstoretype PKCS12 \
        -srcstorepass 1234 -srcalias uef_metadata -destalias uef_metadata
        )

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ian@iay.org.uk Ian Young
              Reporter:
              jhuuskon@idp.protectnetwork.org jhuuskon@idp.protectnetwork.org
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 49 minutes
                  4h 49m