You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using this package to sign an XML message that is going to a Modirum MPI server - however we are getting a "bad signature" error and we can't figure out why - so any assistance would be appreciated.
Essentially the function sign_xml does the signing and then verification - and that's where the error comes in. According to the spec, it needs to be a detached signature, appearing after the last "message" and before the end of the XML tag.
We've compared the outputted code to spec docs and other working logs and can't see anything different, yet our verification fails both locally and on the MPI server. So any help would be grand!
We tried various things - including the different signing methods and no joy on any of them. We have re-verified the cert and the key and they are both fine and have been extracted from the same pfx file.
The text was updated successfully, but these errors were encountered:
It looks like you're altering the signed data after signing after inserting the signature into the data. You're also trying to splice XML documents together via string concatenation. Neither of these things will work, and they will both break the signature.
I suggest that you gain a clearer understanding of the three different available signature methods (enveloping, enveloped, and detached) and how to apply them in your case - ideally by taking an example provided by your integration partner and changing the SignXML parameters until you obtain the same shape of output.
We're using this package to sign an XML message that is going to a Modirum MPI server - however we are getting a "bad signature" error and we can't figure out why - so any assistance would be appreciated.
Here is the code:
Essentially the function sign_xml does the signing and then verification - and that's where the error comes in. According to the spec, it needs to be a detached signature, appearing after the last "message" and before the end of the XML tag.
We've compared the outputted code to spec docs and other working logs and can't see anything different, yet our verification fails both locally and on the MPI server. So any help would be grand!
We tried various things - including the different signing methods and no joy on any of them. We have re-verified the cert and the key and they are both fine and have been extracted from the same pfx file.
The text was updated successfully, but these errors were encountered: