EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validating XMLDsig with ECDSA, and specifying the certificate

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 02/03/2015 06:36:15
by Anders Tornqvist (Standard support level)
Joined: 03/03/2014
Posts: 8


I'm currently creating a new method which implements the TElXMLVerifier to validate XMLDsig signatures. In this method, I wish to specify what certificate to validate the signature by - even though the entire certificate-chain is included in the XMLDsig KeyInfo.

I do this by populating the TElXMLVerifier KeyData with the signer certificate (which I fetch from Windows Certificate Store). This work well when the XMLDsig signature is calculated using RSA. However, sometime I also receive XMLDsig signatures calculated using ECDSA, but when I fetch and populate the TElXMLVerifier KeyData with the correlating certificate the TElXMLVerifier ValidateSignature return false, and the TElXMLVerifier KeyDataNeeded becomes true.

The crux of the matter is that, if I do not specify the signing certificate (by populating TElXMLVerifier KeyData), the TElXMLVerifier ValidateSignature method return true for ECDSA, and TElXMLVerifier KeyDataNeeded remain false. If I then compare the certificates', the one returned in TElXMLVerifier SignerCertificate and the one I fetched from the Certificate Store, they have the same thumb-print, that is to say, it's the same certificate.

How come ValidateSignature (for ECDSA) return false when I try to specify what certificate to validate by - even though it is the correct certificate?

Best regards
Posted: 02/03/2015 07:35:25
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for the detailed information.
I've moved the question to the helpdesk for investigation ( https://www.eldos.com/helpdesk/ ). You will see your (and only your) support tickets by following this URL. You will also get e-mail notifications about updates related to your support ticket.



Topic viewed 286 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!