Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

XML digital signatures in Perl

Tags:

xml

perl

digital-signature

I'm trying to digitally sign XML in Perl using the Crypt::OpenSSL::RSA module. I'm loading a private key from a file. The private key was generated from a keystore using Java.

Below is my Perl code:

my $private = 'my_priv.key';
my $private_key = read_file( $private );
print "my private key text is\n", $private_key;

Output, not putting the entire key here, just the few first lines :-)

> -----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKAuqJ1ZkxHZStfSt0CdEsaSYuLO
> 6zDiTpt60asVLWpLe2bf...



my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($private_key);
print "my private key is\n",$rsa_priv->get_private_key_string();

Output:

> -----BEGIN RSA PRIVATE KEY-----
> MIICXAIBAAKBgQCgLqidWZMR2UrX0rdAnRLGkmLizusw4k6betGrFS1qS3tm3+97
> wMvFXCx0Od8eb

The results of $private_key and $rsa_priv->get_private_key_string() are different. Is it supposed to behave like that?

Has anyone been able to sign XML using Crypt::OpenSSL::RSA?

edit:

i'm using java code to extract the private key, code is as below `KeyStore ks = KeyStore.getInstance("JKS");

keypass = sPass.toCharArray();

FileInputStream fis = new FileInputStream(store);
ks.load(fis, sPass.toCharArray());
fis.close();

String eol = System.getProperty("line.separator");

Key k = ks.getKey(alias, keypass);

System.out.println("....Generating the Private Key.....");
String encKey = new BASE64Encoder().encode(k.getEncoded());
System.out.println("Encoded Key: " + encKey);
BufferedWriter myKey = null;
myKey = new BufferedWriter(new FileWriter(alias + "_priv.key"));
myKey.write("-----BEGIN PRIVATE KEY-----" + eol);
myKey.write(encKey + eol);
myKey.write("-----END PRIVATE KEY-----");
myKey.close();
System.out.println("....Private Key Generated.....");`

using both java and perl because the xmls i'm trying to sign are in perl (it's a whole big system) and the keystore is in java.

First time digitally signing anything and my digitally signed xml is not authenticating at all to the recipient system

like image 243
qateey Avatar asked Nov 13 '22 02:11

qateey

1 Answers

The results of $private_key; and $rsa_priv->get_private_key_string(); are different, is this supposed to behave like that?

Yes, the input is a X509 key, the output is an RSA key. openssl rsa -in my_priv.key gives the same result.

If you have no idea about this stuff, you are better off with a high-level library.

  • XML-Sig
  • Net-SAML2
like image 55
daxim Avatar answered Feb 03 '23 19:02

daxim
Sign in to Comment

Related questions

getting grandchildren from xml in java
What's the best way to generate Microsoft OOXML (docx) from a rails app? [duplicate]
http POST error
Extracting Info from Plain Text and Writing to XML Using DOM
Alternatives for DOM API on Android?
XmlAdapter and XmlIDREF in moxy jaxb
Serializing XML from Browser DOM doesn't create an XML declaration
XML declaration not playing nice with PHP
HL7 Continuity of Care Document (CCD) Development using SQL Programming
HTML in desktop application load a page with an iframe
Confuse What should be my Xpath Expression?
Generate XML mapping of a recursive directory search
How to access <item> from <string-array> resource in an android XML?
Marshal a java.util.Map<String,String>
document is not under source control and nib shows as xml text
XMLParser is eating my whitespace
Where to store XML files in Rails
Changing XML data source of Crystal Report
How do I resolve HTTP Error 404.8?
how to find out if an attribute exists or not in XSL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!