We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
When using signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 the signature cannot be verified.
signature_algorithm=SignatureMethod.SHA256_RSA_MGF1
If I remove signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 the signature can be validated fine.
import os from lxml import etree from signxml import XMLSigner, XMLVerifier, InvalidCertificate, SignatureMethod, DigestAlgorithm, CanonicalizationMethod current_path = os.path.dirname(os.path.abspath(__file__)) ca_cert_file = os.path.join(current_path, "public_cert.pem") cert = open(ca_cert_file).read() key = open(os.path.join(current_path, "private_key.pem")).read() data_to_sign = '<Test />' root = etree.fromstring(data_to_sign) signer = XMLSigner(signature_algorithm=SignatureMethod.SHA256_RSA_MGF1, digest_algorithm=DigestAlgorithm.SHA256, c14n_algorithm=CanonicalizationMethod.EXCLUSIVE_XML_CANONICALIZATION_1_0 ) signed_root = signer.sign(root, key=key, cert=cert) try: verified_data = XMLVerifier().verify(signed_root, ca_pem_file=ca_cert_file) except InvalidCertificate as e: print(e) else: print('verified signature')
Error message:
Traceback (most recent call last): File "/home/k/.local/lib/python3.11/site-packages/signxml/verifier.py", line 398, in verify openssl_verify(signing_cert, raw_signature, signed_info_c14n, digest_alg_name) File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3162, in verify _raise_current_error() File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue raise exception_type(errors) OpenSSL.crypto.Error: [('rsa routines', '', 'invalid padding'), ('rsa routines', '', 'padding check failed'), ('Provider routines', '', 'RSA lib')] During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/mnt/hgfs/k-share/python/python.py", line 15, in <module> verified_data = XMLVerifier().verify(signed_root, ca_pem_file=ca_cert_file) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/k/.local/lib/python3.11/site-packages/signxml/verifier.py", line 404, in verify raise InvalidSignature(f"Signature verification failed: {reason}") signxml.exceptions.InvalidSignature: Signature verification failed: invalid padding
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
When using
signature_algorithm=SignatureMethod.SHA256_RSA_MGF1
the signature cannot be verified.If I remove
signature_algorithm=SignatureMethod.SHA256_RSA_MGF1
the signature can be validated fine.Error message:
The text was updated successfully, but these errors were encountered: