[xmlsec] fix DSA-SHA256 signatures + test cases (bug #745493)
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] fix DSA-SHA256 signatures + test cases (bug #745493)
- Date: Thu, 5 Mar 2015 23:54:37 +0000 (UTC)
commit 78f720bead2c8e58c4ac40646f1343475ac52449
Author: Aleksey Sanin <aleksey aleksey com>
Date: Thu Mar 5 15:54:26 2015 -0800
fix DSA-SHA256 signatures + test cases (bug #745493)
docs/xmlsec-man.html | 292 +-------------------
man/xmlsec1-config.1 | 4 +-
man/xmlsec1.1 | 6 +-
src/openssl/signatures.c | 70 ++++-
.../enveloping-sha256-dsa2048-sha256.tmpl | 17 ++
.../enveloping-sha256-dsa2048-sha256.xml | 97 +++++++
.../enveloping-sha256-dsa3072-sha256.tmpl | 17 ++
.../enveloping-sha256-dsa3072-sha256.xml | 105 +++++++
tests/keys/README | 30 ++-
tests/keys/demoCA/index.txt | 2 +
tests/keys/demoCA/index.txt.old | 2 +
tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem | 128 +++++++++
tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem | 160 +++++++++++
tests/keys/demoCA/serial | 2 +-
tests/keys/demoCA/serial.old | 2 +-
tests/keys/dsa2048cert.der | Bin 0 -> 1693 bytes
tests/keys/dsa2048cert.pem | 128 +++++++++
tests/keys/dsa2048key.der | Bin 0 -> 858 bytes
tests/keys/dsa2048key.p12 | Bin 0 -> 4874 bytes
tests/keys/dsa2048key.p8-der | Bin 0 -> 661 bytes
tests/keys/dsa2048key.p8-pem | 16 +
tests/keys/dsa2048key.pem | 34 +++
tests/keys/dsa3072cert.der | Bin 0 -> 2078 bytes
tests/keys/dsa3072cert.pem | 160 +++++++++++
tests/keys/dsa3072key.der | Bin 0 -> 1243 bytes
tests/keys/dsa3072key.p12 | Bin 0 -> 5514 bytes
tests/keys/dsa3072key.p8-der | Bin 0 -> 917 bytes
tests/keys/dsa3072key.p8-pem | 22 ++
tests/keys/dsa3072key.pem | 48 ++++
tests/testDSig.sh | 18 ++
30 files changed, 1045 insertions(+), 315 deletions(-)
---
diff --git a/docs/xmlsec-man.html b/docs/xmlsec-man.html
index 31bb12e..e76b4f0 100644
--- a/docs/xmlsec-man.html
+++ b/docs/xmlsec-man.html
@@ -1,291 +1 @@
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Manpage of XMLSEC1</title>
-</head>
-<body><table witdh="100%" valign="top"><tr valign="top">
-<td valign="top" align="left" width="210">
-<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
-<ul>
-<li><a href="index.html">Home</a></li>
-<li><a href="download.html">Download</a></li>
-<li><a href="news.html">News</a></li>
-<li><a href="documentation.html">Documentation</a></li>
-<ul>
-<li><a href="faq.html">FAQ</a></li>
-<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
-<li><a href="api/xmlsec-reference.html">API reference</a></li>
-<li><a href="api/xmlsec-examples.html">Examples</a></li>
-</ul>
-<li><a href="xmldsig.html">XML Digital Signature</a></li>
-<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html";>Online Verifier</a></li></ul>
-<li><a href="xmlenc.html">XML Encryption</a></li>
-<li><a href="c14n.html">XML Canonicalization</a></li>
-<li><a href="bugs.html">Reporting Bugs</a></li>
-<li><a href="http://www.aleksey.com/pipermail/xmlsec";>Mailing list</a></li>
-<li><a href="related.html">Related</a></li>
-<li><a href="authors.html">Authors</a></li>
-</ul>
-<table width="100%">
-<tr>
-<td width="15"></td>
-<td><a href="http://xmlsoft.org/";><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
-</tr>
-<tr>
-<td width="15"></td>
-<td><a href="http://xmlsoft.org/XSLT";><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
-</tr>
-<tr>
-<td width="15"></td>
-<td><a href="http://www.openssl.org/";><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
-</tr>
-<!--Links - start--><!--Links - end-->
-</table>
-</td>
-<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
-<h1>XMLSEC1</h1>
-<br><br><a href="#index">Index</a><a href="http://localhost/cgi-bin/man/man2html";>Return to Main
Contents</a><hr>
-<a name="lbAB"> </a><h2>NAME</h2>
-<a name="lbAC"> </a><h2>SYNOPSIS</h2>
-<b>xmlsec</b><i><command> </i><i><options></i><i><files></i><a name="lbAD">
</a><h2>DESCRIPTION</h2>
-<dl compact>
-<dt><b>--help</b></dt>
-<dd> display this help information and exit </dd>
-<dt><b>--help-all</b></dt>
-<dd> display help information for all commands/options and exit </dd>
-<dt>
-<b>--help-</b><cmd></dt>
-<dd> display help information for command <cmd> and exit </dd>
-<dt><b>--version</b></dt>
-<dd> print version information and exit </dd>
-<dt><b>--keys</b></dt>
-<dd> keys XML file manipulation </dd>
-<dt><b>--sign</b></dt>
-<dd> sign data and output XML document </dd>
-<dt><b>--verify</b></dt>
-<dd> verify signed document </dd>
-<dt><b>--sign-tmpl</b></dt>
-<dd> create and sign dynamicaly generated signature template </dd>
-<dt><b>--encrypt</b></dt>
-<dd> encrypt data and output XML document </dd>
-<dt><b>--decrypt</b></dt>
-<dd> decrypt data from XML document </dd>
-</dl>
-<a name="lbAE"> </a><h2>OPTIONS</h2>
-<dl compact>
-<dt> <b>--ignore-manifests</b> <dt></dt>
-</dt>
-<dd> <dd>do not process <dsig:Manifest> elements </dd>
-</dd>
-<dt> <b>--store-references</b> <dt></dt>
-</dt>
-<dd> <dd>store and print the result of <dsig:Reference/> element processing just before calculating
digest </dd>
-</dd>
-<dt> <b>--store-signatures</b> <dt></dt>
-</dt>
-<dd> <dd>store and print the result of <dsig:Signature> processing just before calculating signature
</dd>
-</dd>
-<dt> <b>--enabled-reference-uris</b> <list> <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict
possible URI attribute values for the <dsig:Reference> element </dd>
-</dd>
-<dt> <b>--enable-visa3d-hack</b> <dt></dt>
-</dt>
-<dd> <dd>enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use
XPath/XPointer engine; this is a hack and I don't know what else might be broken in your application when you
use it (also check "--id-attr" option because you might need it) </dd>
-</dd>
-<dt> <b>--binary-data</b> <file> <dt></dt>
-</dt>
-<dd> <dd>binary <file> to encrypt </dd>
-</dd>
-<dt> <b>--xml-data</b> <file> <dt></dt>
-</dt>
-<dd> <dd>XML <file> to encrypt </dd>
-</dd>
-<dt> <b>--enabled-cipher-reference-uris</b> <list> <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict
possible URI attribute values for the <enc:CipherReference> element </dd>
-</dd>
-<dt> <b>--session-key</b> <keyKlass>-<keySize> <dt></dt>
-</dt>
-<dd> <dd>generate new session <keyKlass> key of <keySize> bits size (for example, "--session
des-192" generates a new 192 bits DES key for DES3 encryption) </dd>
-</dd>
-<dt> <b>--output</b> <filename> <dt></dt>
-</dt>
-<dd> <dd>write result document to file <filename> </dd>
-</dd>
-<dt> <b>--print-debug</b> <dt></dt>
-</dt>
-<dd> <dd>print debug information to stdout </dd>
-</dd>
-<dt> <b>--print-xml-debug</b> <dt></dt>
-</dt>
-<dd> <dd>print debug information to stdout in xml format </dd>
-</dd>
-<dt> <b>--dtd-file</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load the specified file as the DTD </dd>
-</dd>
-<dt> <b>--node-id</b> <id> <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the node with given <id> </dd>
-</dd>
-<dt> <b>--node-name</b> [<namespace-uri>:]<name> <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the first node with given <name> and <namespace> URI
</dd>
-</dd>
-<dt> <b>--node-xpath</b> <expr> <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the first node selected by the specified XPath expression </dd>
-</dd>
-<dt> <b>--id-attr[</b>:<attr-name>] [<node-namespace-uri>:]<node-name> <dt></dt>
-</dt>
-<dd> <dd>adds attributes <attr-name> (default value "id") from all nodes with<node-name> and
namespace <node-namespace-uri> to the list of known ID attributes; this is a hack and if you can use
DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don't know what else might be
broken in your application when you use this hack </dd>
-</dd>
-<dt> <b>--enabled-key-data</b> <list> <dt></dt>
-</dt>
-<dd> <dd>comma separated list of enabled key data (list of registered key data klasses is available with
"--list-key-data" command); by default, all registered key data are enabled </dd>
-</dd>
-<dt> <b>--enabled-retrieval-uris</b> <list> <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict
possible URI attribute values for the <dsig:RetrievalMethod> element. </dd>
-</dd>
-<dt> <b>--gen-key[</b>:<name>] <keyKlass>-<keySize> <dt></dt>
-</dt>
-<dd> <dd>generate new <keyKlass> key of <keySize> bits size, set the key name to <name>
and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and
sets it's name to "mykey") </dd>
-</dd>
-<dt> <b>--keys-file</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load keys from XML file </dd>
-</dd>
-<dt> <b>--privkey-pem[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PEM file and certificates that verify this key </dd>
-</dd>
-<dt> <b>--privkey-der[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from DER file and certificates that verify this key </dd>
-</dd>
-<dt> <b>--pkcs8-pem[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PKCS8 PEM file and PEM certificates that verify this key </dd>
-</dd>
-<dt> <b>--pkcs8-der[</b>:<name>] <file>[,<cafile>[,<cafile>[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PKCS8 DER file and DER certificates that verify this key </dd>
-</dd>
-<dt> <b>--pubkey-pem[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load public key from PEM file </dd>
-</dd>
-<dt> <b>--pubkey-der[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load public key from DER file </dd>
-</dd>
-<dt> <b>--aeskey[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load AES key from binary file <file> </dd>
-</dd>
-<dt> <b>--deskey[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load DES key from binary file <file> </dd>
-</dd>
-<dt> <b>--hmackey[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load HMAC key from binary file <file> </dd>
-</dd>
-<dt> <b>--pwd</b> <password> <dt></dt>
-</dt>
-<dd> <dd>the password to use for reading keys and certs </dd>
-</dd>
-<dt> <b>--pkcs12[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load load private key from pkcs12 file <file> </dd>
-</dd>
-<dt> <b>--pubkey-cert-pem[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load public key from PEM cert file </dd>
-</dd>
-<dt> <b>--pubkey-cert-der[</b>:<name>] <file> <dt></dt>
-</dt>
-<dd> <dd>load public key from DER cert file </dd>
-</dd>
-<dt> <b>--trusted-pem</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load trusted (root) certificate from PEM file <file> </dd>
-</dd>
-<dt> <b>--untrusted-pem</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load untrusted certificate from PEM file <file> </dd>
-</dd>
-<dt> <b>--trusted-der</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load trusted (root) certificate from DER file <file> </dd>
-</dd>
-<dt> <b>--untrusted-der</b> <file> <dt></dt>
-</dt>
-<dd> <dd>load untrusted certificate from DER file <file> </dd>
-</dd>
-<dt> <b>--verification-time</b> <time> <dt></dt>
-</dt>
-<dd> <dd>the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification </dd>
-</dd>
-<dt> <b>--depth</b> <number> <dt></dt>
-</dt>
-<dd> <dd>maximum certificates chain depth </dd>
-</dd>
-<dt> <b>--X509-skip-strict-checks</b> <dt></dt>
-</dt>
-<dd> <dd>skip strict checking of X509 data </dd>
-</dd>
-<dt> <b>--crypto</b> <name> <dt></dt>
-</dt>
-<dd> <dd>the name of the crypto engine to use from the following list: openssl, mscrypto, nss, gnutls,
gcrypt (if no crypto engine is specified then the default one is used) </dd>
-</dd>
-<dt> <b>--crypto-config</b> <path> <dt></dt>
-</dt>
-<dd> <dd>path to crypto engine configuration </dd>
-</dd>
-<dt> <b>--repeat</b> <number> <dt></dt>
-</dt>
-<dd> <dd>repeat the operation <number> times </dd>
-</dd>
-<dt> <b>--disable-error-msgs</b> <dt></dt>
-</dt>
-<dd> <dd>do not print xmlsec error messages </dd>
-</dd>
-<dt> <b>--print-crypto-error-msgs</b> <dt></dt>
-</dt>
-<dd> <dd>print errors stack at the end </dd>
-</dd>
-<dt> <b>--help</b> <dt></dt>
-</dt>
-<dd> <dd>print help information about the command </dd>
-</dd>
-</dl>
-<a name="lbAF"> </a><h2>AUTHOR</h2>
-<a href="mailto:aleksey aleksey com">aleksey aleksey com</a><a name="lbAG"> </a><h2>REPORTING BUGS</h2>
-<a href="http://www.aleksey.com/xmlsec/bugs.html";>http://www.aleksey.com/xmlsec/bugs.html</a><a name="lbAH">
</a><h2>COPYRIGHT</h2>
-<br><p> </p>
-<hr>
-<a name="index"> </a><h2>Index</h2>
-<dl>
-<dt><a href="#lbAB">NAME</a></dt>
-<dd> </dd>
-<dt><a href="#lbAC">SYNOPSIS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAD">DESCRIPTION</a></dt>
-<dd> </dd>
-<dt><a href="#lbAE">OPTIONS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAF">AUTHOR</a></dt>
-<dd> </dd>
-<dt><a href="#lbAG">REPORTING BUGS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAH">COPYRIGHT</a></dt>
-<dd> </dd>
-</dl>
-<hr>
-<a href="http://localhost/cgi-bin/man/man2html";>man2html</a><br>
-</td></tr></table></td>
-</tr></table></body>
-</html>
+ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Man page of
XMLSEC1</TITLE> </HEAD><BODY> <H1>XMLSEC1</H1> Section: User Commands (1)<BR>Updated: March 2015<BR><A
HREF="#index">Index</A> <A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR> <A
NAME="lbAB"> </A> <H2>NAME</H2> xmlsec1 - sign, verify, encrypt and decrypt XML documents <A
NAME="lbAC"> </A> <H2>SYNOPSIS</H2> <B>xmlsec</B> <I><command> </I>[<I><options></I>]
[<I><files></I>] <A NAME="lbAD"> </A> <H2>DESCRIPTION</H2> xmlsec is a command line tool for
signing, verifying, encrypting and decrypting XML documents. The allowed <command> values are: <DL
COMPACT> <DT><B>--help</B><DD> display this help information and exit <DT><B>--help-all</B><DD> display help
information for all commands/options and exit <DT><B>--help-</B><cmd><DD> display help information for
command <cmd> and exit <DT><B>--version</B><DD> print versio
n information and exit <DT><B>--keys</B><DD> keys XML file manipulation <DT><B>--sign</B><DD> sign data and
output XML document <DT><B>--verify</B><DD> verify signed document <DT><B>--sign-tmpl</B><DD> create and sign
dynamicaly generated signature template <DT><B>--encrypt</B><DD> encrypt data and output XML document
<DT><B>--decrypt</B><DD> decrypt data from XML document </DL> <A NAME="lbAE"> </A> <H2>OPTIONS</H2> <DL
COMPACT> <DT> <B>--ignore-manifests</B> <DT><DD> <DD>do not process <dsig:Manifest> elements <DT>
<B>--store-references</B> <DT><DD> <DD>store and print the result of <dsig:Reference/> element
processing just before calculating digest <DT> <B>--store-signatures</B> <DT><DD> <DD>store and print the
result of <dsig:Signature> processing just before calculating signature <DT>
<B>--enabled-reference-uris</B> <list> <DT><DD> <DD>comma separated list of of the following values:
"empty", "same-doc", "local"
,"remote" to restrict possible URI attribute values for the <dsig:Reference> element <DT>
<B>--enable-visa3d-hack</B> <DT><DD> <DD>enables Visa3D protocol specific hack for URI attributes processing
when we are trying not to use XPath/XPointer engine; this is a hack and I don't know what else might be
broken in your application when you use it (also check "--id-attr" option because you might need
it) <DT> <B>--binary-data</B> <file> <DT><DD> <DD>binary <file> to encrypt <DT> <B>--xml-data</B>
<file> <DT><DD> <DD>XML <file> to encrypt <DT> <B>--enabled-cipher-reference-uris</B>
<list> <DT><DD> <DD>comma separated list of of the following values: "empty",
"same-doc", "local","remote" to restrict possible URI attribute values for the
<enc:CipherReference> element <DT> <B>--session-key</B> <keyKlass>-<keySize> <DT><DD>
<DD>generate new session <keyKlass> key of
<keySize> bits size (for example, "--session des-192" generates a new 192 bits DES key for
DES3 encryption) <DT> <B>--output</B> <filename> <DT><DD> <DD>write result document to file
<filename> <DT> <B>--print-debug</B> <DT><DD> <DD>print debug information to stdout <DT>
<B>--print-xml-debug</B> <DT><DD> <DD>print debug information to stdout in xml format <DT> <B>--dtd-file</B>
<file> <DT><DD> <DD>load the specified file as the DTD <DT> <B>--node-id</B> <id> <DT><DD>
<DD>set the operation start point to the node with given <id> <DT> <B>--node-name</B>
[<namespace-uri>:]<name> <DT><DD> <DD>set the operation start point to the first node with given
<name> and <namespace> URI <DT> <B>--node-xpath</B> <expr> <DT><DD> <DD>set the operation
start point to the first node selected by the specified XPath expression <DT>
<B>--id-attr[</B>:<attr-name>] [<node-namespace-uri>:]<node-name> <DT><
DD> <DD>adds attributes <attr-name> (default value "id") from all nodes
with<node-name> and namespace <node-namespace-uri> to the list of known ID attributes; this is a
hack and if you can use DTD or schema to declare ID attributes instead (see "--dtd-file" option), I
don't know what else might be broken in your application when you use this hack <DT>
<B>--enabled-key-data</B> <list> <DT><DD> <DD>comma separated list of enabled key data (list of
registered key data klasses is available with "--list-key-data" command); by default, all
registered key data are enabled <DT> <B>--enabled-retrieval-uris</B> <list> <DT><DD> <DD>comma
separated list of of the following values: "empty", "same-doc",
"local","remote" to restrict possible URI attribute values for the
<dsig:RetrievalMethod> element. <DT> <B>--gen-key[</B>:<name>] <keyKlass>-<keySize>
<DT><DD> <DD>ge
nerate new <keyKlass> key of <keySize> bits size, set the key name to <name> and add the
result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and
sets it's name to "mykey") <DT> <B>--keys-file</B> <file> <DT><DD> <DD>load keys from XML
file <DT> <B>--privkey-pem[</B>:<name>] <file>[,<cafile>[,<cafile>[...]]] <DT><DD>
<DD>load private key from PEM file and certificates that verify this key <DT>
<B>--privkey-der[</B>:<name>] <file>[,<cafile>[,<cafile>[...]]] <DT><DD> <DD>load
private key from DER file and certificates that verify this key <DT> <B>--pkcs8-pem[</B>:<name>]
<file>[,<cafile>[,<cafile>[...]]] <DT><DD> <DD>load private key from PKCS8 PEM file and PEM
certificates that verify this key <DT> <B>--pkcs8-der[</B>:<name>]
<file>[,<cafile>[,<cafile>[...]]] <DT><DD> <DD>load private key from PKCS
8 DER file and DER certificates that verify this key <DT> <B>--pubkey-pem[</B>:<name>] <file>
<DT><DD> <DD>load public key from PEM file <DT> <B>--pubkey-der[</B>:<name>] <file> <DT><DD>
<DD>load public key from DER file <DT> <B>--aeskey[</B>:<name>] <file> <DT><DD> <DD>load AES key
from binary file <file> <DT> <B>--deskey[</B>:<name>] <file> <DT><DD> <DD>load DES key from
binary file <file> <DT> <B>--hmackey[</B>:<name>] <file> <DT><DD> <DD>load HMAC key from
binary file <file> <DT> <B>--pwd</B> <password> <DT><DD> <DD>the password to use for reading keys
and certs <DT> <B>--pkcs12[</B>:<name>] <file> <DT><DD> <DD>load load private key from pkcs12
file <file> <DT> <B>--pubkey-cert-pem[</B>:<name>] <file> <DT><DD> <DD>load public key from
PEM cert file <DT> <B>--pubkey-cert-der[</B>:<name>] <file> <DT><DD> <DD>load public key from DER
cert file <DT> <
B>--trusted-pem</B> <file> <DT><DD> <DD>load trusted (root) certificate from PEM file <file>
<DT> <B>--untrusted-pem</B> <file> <DT><DD> <DD>load untrusted certificate from PEM file <file>
<DT> <B>--trusted-der</B> <file> <DT><DD> <DD>load trusted (root) certificate from DER file
<file> <DT> <B>--untrusted-der</B> <file> <DT><DD> <DD>load untrusted certificate from DER file
<file> <DT> <B>--verification-time</B> <time> <DT><DD> <DD>the local time in "YYYY-MM-DD
HH:MM:SS" format used certificates verification <DT> <B>--depth</B> <number> <DT><DD> <DD>maximum
certificates chain depth <DT> <B>--X509-skip-strict-checks</B> <DT><DD> <DD>skip strict checking of X509 data
<DT> <B>--crypto</B> <name> <DT><DD> <DD>the name of the crypto engine to use from the following list:
openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is specified then the default one is used) <DT>
<B>--crypto-config</B> <p
ath> <DT><DD> <DD>path to crypto engine configuration <DT> <B>--repeat</B> <number> <DT><DD>
<DD>repeat the operation <number> times <DT> <B>--disable-error-msgs</B> <DT><DD> <DD>do not print
xmlsec error messages <DT> <B>--print-crypto-error-msgs</B> <DT><DD> <DD>print errors stack at the end <DT>
<B>--help</B> <DT><DD> <DD>print help information about the command </DL> <A NAME="lbAF"> </A>
<H2>AUTHOR</H2> Written by Aleksey Sanin <<A HREF="mailto:aleksey aleksey com">aleksey aleksey
com</A>>. <A NAME="lbAG"> </A> <H2>REPORTING BUGS</H2> Report bugs to <A
HREF="http://www.aleksey.com/xmlsec/bugs.html";>http://www.aleksey.com/xmlsec/bugs.html</A> <A
NAME="lbAH"> </A> <H2>COPYRIGHT</H2> Copyright © 2002-2003 Aleksey Sanin. <BR> This is free
software: see the source for copying information. <P> <HR> <A NAME="index"> </A><H2>Index</H2> <DL>
<DT><A HREF="#lbAB">NAME</A><DD> <DT><A HREF="#lbAC">SYNOPSIS</A><DD> <DT><A HREF="#lbAD"
DESCRIPTION</A><DD> <DT><A HREF="#lbAE">OPTIONS</A><DD> <DT><A HREF="#lbAF">AUTHOR</A><DD> <DT><A
HREF="#lbAG">REPORTING BUGS</A><DD> <DT><A HREF="#lbAH">COPYRIGHT</A><DD> </DL> <HR> This document was
created by <A HREF="/cgi-bin/man/man2html">man2html</A>, using the manual pages.<BR> Time: 00:23:42 GMT,
March 03, 2015 </BODY> </HTML>
\ No newline at end of file
diff --git a/man/xmlsec1-config.1 b/man/xmlsec1-config.1
index c6f7d68..609cd2d 100644
--- a/man/xmlsec1-config.1
+++ b/man/xmlsec1-config.1
@@ -1,5 +1,5 @@
-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36.
-.TH XMLSEC1-CONFIG "1" "May 2014" "xmlsec1-config 1.2.20" "User Commands"
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1.
+.TH XMLSEC1-CONFIG "1" "March 2015" "xmlsec1-config 1.2.20" "User Commands"
.SH NAME
xmlsec1-config \- detail installed version of xmlsec library
.SH SYNOPSIS
diff --git a/man/xmlsec1.1 b/man/xmlsec1.1
index f75bc4d..6c747a6 100644
--- a/man/xmlsec1.1
+++ b/man/xmlsec1.1
@@ -1,5 +1,5 @@
-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36.
-.TH XMLSEC1 "1" "May 2014" "xmlsec1 1.2.20 (openssl)" "User Commands"
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1.
+.TH XMLSEC1 "1" "March 2015" "xmlsec1 1.2.20 (openssl)" "User Commands"
.SH NAME
xmlsec1 \- sign, verify, encrypt and decrypt XML documents
.SH SYNOPSIS
@@ -264,6 +264,6 @@ Written by Aleksey Sanin <aleksey aleksey com>.
.SH "REPORTING BUGS"
Report bugs to http://www.aleksey.com/xmlsec/bugs.html
.SH COPYRIGHT
-Copyright \(co 2002-2003 Aleksey Sanin.
+Copyright \(co 2002\-2003 Aleksey Sanin.
.br
This is free software: see the source for copying information.
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 2fd3d35..2ccb690 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -24,7 +24,10 @@
#ifndef XMLSEC_NO_DSA
-#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE (20 * 2)
+/**
+ * See https://bugzilla.gnome.org/show_bug.cgi?id=745493 for discussion
+ */
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE (32 * 2)
#ifndef XMLSEC_NO_SHA1
static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void);
@@ -670,8 +673,8 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
* for dsa signature we use a fixed constant */
signSize = EVP_PKEY_size(ctx->pKey);
#ifndef XMLSEC_NO_DSA
- if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
- signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+ if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+ signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE;
}
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_ECDSA
@@ -760,33 +763,52 @@ xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dlen,
unsigned char *sig, unsigned int *siglen, void *dsa) {
DSA_SIG *s;
- int rSize, sSize;
+ int size, rSize, sSize;
+ /* signature size = r + s + 8 bytes, we just need r+s */
+ size = DSA_size(dsa);
+ if(size < 8) {
+ *siglen=0;
+ return(0);
+ }
+ size = (size - 8) / 2;
+ if(2 * size > XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ size, XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE);
+ return(0);
+ }
+
+ /* calculate signature */
s = DSA_do_sign(dgst, dlen, dsa);
if(s == NULL) {
*siglen=0;
return(0);
}
+ /* get signature components */
rSize = BN_num_bytes(s->r);
sSize = BN_num_bytes(s->s);
- if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
- (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
+ if((rSize > size) || (sSize > size)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size(r)=%d or size(s)=%d > %d",
- rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
+ rSize, sSize, size);
DSA_SIG_free(s);
return(0);
}
- memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
- BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
- BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
- *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+ memset(sig, 0, 2 * size);
+ BN_bn2bin(s->r, sig + size - rSize);
+ BN_bn2bin(s->s, sig + 2*size - sSize);
+ *siglen = 2 * size;
+ /* done */
DSA_SIG_free(s);
return(1);
}
@@ -797,26 +819,42 @@ xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED,
const unsigned char *sigbuf, unsigned int siglen,
void *dsa) {
DSA_SIG *s;
+ int size;
int ret = -1;
+ /* signature size = r + s + 8 bytes, we just need r+s */
+ size = DSA_size(dsa);
+ if(size < 8) {
+ return(0);
+ }
+ size = (size - 8) / 2;
+ if(2 * size > XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ size, XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE);
+ return(0);
+ }
+
s = DSA_SIG_new();
if (s == NULL) {
return(ret);
}
- if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
+ if(siglen != 2 * size) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"invalid length %d (%d expected)",
- siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
+ siglen, 2 * size);
goto done;
}
- s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
- s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
- XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
+ s->r = BN_bin2bn(sigbuf, size, NULL);
+ s->s = BN_bin2bn(sigbuf + size, size, NULL);
if((s->r == NULL) || (s->s == NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl
new file mode 100644
index 0000000..f0597b7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
+ <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml
new file mode 100644
index 0000000..9423da2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>WGF1z2lw2lwWQl4e9gNW6yZDZb2xyRBxfGUAt1ttirKSDGUvUgEYrgMrs170D9xU
+QqEiVsFVAQqBEBD82JL5Fg==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw
+NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj
+tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE
+9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv
+C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP
+ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB
+rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN
+TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl
+YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
+j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
+sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
+j0gv0PdxmuCsR/E=</X509Certificate>
+<X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw
+NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG
+9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K
+fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq
+dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov
+L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD
+VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
+eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
+BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
+jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
+mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
+<X509Certificate>MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl
new file mode 100644
index 0000000..f0597b7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
+ <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml
new file mode 100644
index 0000000..dc473dc
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>XJQVvHJwOVNPctX/VY4B6diavxIWSoZhQAluwforH7Jkb5BCChueuUQllNep616M
+Fs3A2JcCrr2MAwQ8Bq9Jdw==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw
+NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj
+tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE
+9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv
+C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP
+ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB
+rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN
+TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl
+YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
+j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
+sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
+j0gv0PdxmuCsR/E=</X509Certificate>
+<X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw
+NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG
+9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K
+fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq
+dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov
+L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD
+VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
+eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
+BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
+jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
+mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
+<X509Certificate>MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/keys/README b/tests/keys/README
index 1451502..2da3363 100644
--- a/tests/keys/README
+++ b/tests/keys/README
@@ -11,6 +11,8 @@ README
ca2cert.pem Second-level RSA cert for ca2key.pem
dsakey.pem DSA private key
dsacert.pem Third level DSA cert for dsakey.pem
+ dsa2048key.pem DSA private key (2048 bits)
+ dsa3072key.pem DSA private key (3072 bits)
rsakey.pem RSA private key
rsacert.pem Third level RSA cert for rsacert.pem
hmackey.bin HMAC key ('secret')
@@ -37,12 +39,24 @@ README
> openssl verify -CAfile cacert.pem ca2cert.pem
C. Generate and sign DSA key with second level CA
- > openssl dsaparam -out dsakey.pem -genkey 512
+ > openssl dsaparam -out dsakey.pem -genkey 1024
> openssl req -config ./openssl.cnf -new -key dsakey.pem -out dsareq.pem
> openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
-out dsacert.pem -infiles dsareq.pem
> openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsacert.pem
+ > openssl dsaparam -out dsa2048key.pem -genkey 2048
+ > openssl req -config ./openssl.cnf -new -key dsa2048key.pem -out dsa2048req.pem
+ > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+ -out dsa2048cert.pem -infiles dsa2048req.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsa2048cert.pem
+
+ > openssl dsaparam -out dsa3072key.pem -genkey 3072
+ > openssl req -config ./openssl.cnf -new -key dsa3072key.pem -out dsa3072req.pem
+ > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+ -out dsa3072cert.pem -infiles dsa3072req.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsa3072cert.pem
+
D. Generate and sign RSA key with second level CA
> openssl genrsa -out rsakey.pem
> openssl req -config ./openssl.cnf -new -key rsakey.pem -out rsareq.pem
@@ -74,11 +88,15 @@ README
> openssl rsa -inform PEM -outform DER -in expiredkey.pem -out expiredkey.der
DSA key:
> openssl dsa -inform PEM -outform DER -in dsakey.pem -out dsakey.der
+ > openssl dsa -inform PEM -outform DER -in dsa2048key.pem -out dsa2048key.der
+ > openssl dsa -inform PEM -outform DER -in dsa3072key.pem -out dsa3072key.der
- Convert PEM cert file to DER file
> openssl x509 -outform DER -in cacert.pem -out cacert.der
> openssl x509 -outform DER -in ca2cert.pem -out ca2cert.der
> openssl x509 -outform DER -in dsacert.pem -out dsacert.der
+ > openssl x509 -outform DER -in dsa2048cert.pem -out dsa2048cert.der
+ > openssl x509 -outform DER -in dsa3072cert.pem -out dsa3072cert.der
> openssl x509 -outform DER -in rsacert.pem -out rsacert.der
> openssl x509 -outform DER -in largersacert.pem -out largersacert.der
> openssl x509 -outform DER -in expiredcert.pem -out expiredcert.der
@@ -100,6 +118,10 @@ README
encrypted
> openssl pkcs8 -in dsakey.pem -inform pem -out dsakey.p8-pem -outform pem -topk8
> openssl pkcs8 -in dsakey.der -inform der -out dsakey.p8-der -outform der -topk8
+ > openssl pkcs8 -in dsa2048key.pem -inform pem -out dsa2048key.p8-pem -outform pem -topk8
+ > openssl pkcs8 -in dsa2048key.der -inform der -out dsa2048key.p8-der -outform der -topk8
+ > openssl pkcs8 -in dsa3072key.pem -inform pem -out dsa3072key.p8-pem -outform pem -topk8
+ > openssl pkcs8 -in dsa3072key.der -inform der -out dsa3072key.p8-der -outform der -topk8
> openssl pkcs8 -in rsakey.pem -inform pem -out rsakey.p8-pem -outform pem -topk8
> openssl pkcs8 -in rsakey.der -inform der -out rsakey.p8-der -outform der -topk8
> openssl pkcs8 -in largersakey.pem -inform pem -out largersakey.p8-pem \
@@ -114,6 +136,12 @@ README
> cat dsakey.pem dsacert.pem ca2cert.pem cacert.pem > alldsa.pem
> openssl pkcs12 -export -in alldsa.pem -name TestDsaKey -out dsakey.p12
+ > cat dsa2048key.pem dsa2048cert.pem ca2cert.pem cacert.pem > alldsa2048.pem
+ > openssl pkcs12 -export -in alldsa2048.pem -name TestDsa2048Key -out dsa2048key.p12
+
+ > cat dsa3072key.pem dsa3072cert.pem ca2cert.pem cacert.pem > alldsa3072.pem
+ > openssl pkcs12 -export -in alldsa3072.pem -name TestDsa3072Key -out dsa3072key.p12
+
> cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem
> openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey.p12
diff --git a/tests/keys/demoCA/index.txt b/tests/keys/demoCA/index.txt
index 4fa08b6..c8270ea 100644
--- a/tests/keys/demoCA/index.txt
+++ b/tests/keys/demoCA/index.txt
@@ -4,3 +4,5 @@ V 21140429175426Z AFA28BB933ADDAAE unknown /C=US/ST=California/O=XML
Security L
V 21140429175534Z AFA28BB933ADDAAF unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
V 21140429175706Z AFA28BB933ADDAB0 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
V 140524175816Z AFA28BB933ADDAB1 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec aleksey
com
+V 21150209225409Z AFA28BB933ADDAB2 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 2048 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
+V 21150209225453Z AFA28BB933ADDAB3 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 3072 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
diff --git a/tests/keys/demoCA/index.txt.old b/tests/keys/demoCA/index.txt.old
index 050ef06..ea799d2 100644
--- a/tests/keys/demoCA/index.txt.old
+++ b/tests/keys/demoCA/index.txt.old
@@ -3,3 +3,5 @@ V 21140429175238Z AFA28BB933ADDAAD unknown /C=US/ST=California/O=XML
Security L
V 21140429175426Z AFA28BB933ADDAAE unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
V 21140429175534Z AFA28BB933ADDAAF unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
V 21140429175706Z AFA28BB933ADDAB0 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+V 140524175816Z AFA28BB933ADDAB1 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec aleksey
com
+V 21150209225409Z AFA28BB933ADDAB2 unknown /C=US/ST=California/O=XML Security Library
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 2048 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec
aleksey com
diff --git a/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem
new file mode 100644
index 0000000..370106f
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem
@@ -0,0 +1,128 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12655831530416757426 (0xafa28bb933addab2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey
Sanin/emailAddress=xmlsec aleksey com
+ Validity
+ Not Before: Mar 5 22:54:09 2015 GMT
+ Not After : Feb 9 22:54:09 2115 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third
Level DSA 2048 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ pub:
+ 00:aa:1d:6f:f5:53:c2:bb:6b:64:bd:3b:05:14:de:
+ 4f:58:bf:17:35:cb:74:a1:c9:60:3c:8f:64:63:1f:
+ 05:2c:32:84:67:53:16:e5:a9:b6:51:f1:5e:14:5c:
+ e3:8e:de:3e:3e:ac:e1:cf:80:6f:54:9a:86:ef:9b:
+ cd:9a:2c:df:9d:64:d6:dd:b1:48:f2:a2:69:ba:8b:
+ 75:91:18:03:d9:e9:69:2b:65:bd:63:17:d7:90:48:
+ 29:b3:bb:74:2f:ba:79:00:82:7f:96:14:3e:26:e2:
+ ae:14:e4:b5:cc:c9:4b:1d:9f:02:2f:e0:d2:0a:fe:
+ aa:d2:58:b0:8d:20:e3:4c:73:48:08:c5:2a:06:6a:
+ 13:c4:59:b6:8f:4f:ac:3b:74:8f:07:87:53:64:dc:
+ b3:0d:a9:c5:c5:a9:a6:68:9f:1a:87:40:2e:36:9d:
+ 79:9e:43:d8:5c:6e:7f:e3:c6:6a:aa:ff:90:33:a6:
+ 00:c5:a6:60:00:39:72:25:f3:45:b0:d9:67:db:69:
+ bf:4d:f0:d3:e7:78:aa:30:fc:55:36:12:5d:52:25:
+ b2:e6:15:53:28:dd:c6:a5:2a:0d:91:cb:6a:ee:e0:
+ 9c:3b:5c:93:20:7f:10:b7:29:6e:5b:1a:dc:fc:d6:
+ 1b:38:cc:be:6e:e6:ff:cc:8b:c0:1f:3e:7b:44:37:
+ 57:32
+ P:
+ 00:de:1f:fa:4f:ad:29:09:d4:8a:62:1f:b2:eb:a4:
+ 6d:eb:f4:78:8d:4a:0b:5e:2b:2b:c5:3b:54:ed:a7:
+ 1b:72:37:96:67:44:5c:2a:d2:4c:ff:30:41:88:e3:
+ d2:77:e4:df:3b:17:b0:39:4c:d0:16:ce:97:b7:69:
+ 56:ae:b7:92:df:02:e9:5a:9f:6a:70:05:be:c5:b5:
+ 6b:ff:e3:81:26:a4:a1:06:7c:c4:9a:b3:dc:e6:5d:
+ 7a:b2:16:56:6f:b2:ec:cf:fc:a6:bc:08:2f:66:95:
+ 10:91:ff:10:93:14:ac:db:db:6c:ea:62:f0:ad:f7:
+ f8:fa:8f:fa:4d:ad:b0:eb:5f:f0:84:94:5a:17:1c:
+ 11:b5:fb:66:9b:03:95:17:90:1c:be:9a:5e:a3:04:
+ 47:05:2b:c3:12:fd:b5:d0:6f:53:d6:f5:ce:f3:fe:
+ 50:d6:ad:f4:85:1f:c1:82:20:7d:c1:62:43:71:6f:
+ 79:62:0c:36:59:1a:9f:7b:47:6b:97:ec:c9:7d:b2:
+ 05:06:8b:9c:8b:63:4e:a1:35:46:2b:0e:ec:52:c8:
+ eb:b9:03:01:cd:0f:09:ff:55:44:9d:5d:a8:87:da:
+ cb:47:5f:66:60:3d:f9:b7:26:65:0f:3b:a6:13:79:
+ 47:bb:3c:da:fc:5d:90:46:52:16:19:1d:71:59:c1:
+ c9:af
+ Q:
+ 00:c0:ec:2c:22:81:0b:ff:bb:27:c7:06:56:22:5b:
+ 30:4a:ae:ef:99:1e:c8:7d:98:7b:06:98:ca:41:97:
+ 7c:bc:7d
+ G:
+ 12:5d:71:1a:b6:f4:9b:22:cf:26:ab:eb:93:58:b7:
+ fa:34:e5:00:22:00:b9:89:31:14:62:bf:f0:d8:5f:
+ ac:ce:52:25:e6:d8:b5:cc:79:ee:97:bd:a3:ed:dd:
+ bf:0e:70:cd:50:b9:b0:42:76:32:95:f7:cd:92:c2:
+ d7:34:f6:b4:bf:5e:b0:5e:58:e1:49:8d:db:00:5b:
+ 14:7e:7b:d8:8a:7b:86:2c:86:52:56:d5:80:a2:77:
+ 9f:79:2d:55:d9:7c:0d:b0:aa:78:eb:3a:e1:b3:f9:
+ 60:39:38:af:82:3b:85:65:69:bb:19:ec:6a:dd:5e:
+ 7e:5b:ac:54:9e:f8:b3:31:48:96:37:e0:b7:16:c5:
+ 06:64:35:0c:af:7a:4f:76:cc:b4:40:9e:07:53:91:
+ 83:9a:8b:59:62:d1:71:de:67:17:a7:ce:fe:b6:56:
+ 76:cd:79:7a:cc:17:07:52:92:e9:22:bc:30:99:38:
+ b6:94:82:2e:cc:b3:4e:e7:a2:3b:2d:36:56:cc:12:
+ 48:03:4f:d5:36:ad:37:47:c6:4c:48:f5:b9:a9:49:
+ 1e:63:95:ae:e9:c6:e5:f7:e6:a8:0d:bd:7c:f8:8c:
+ d8:01:e8:f2:20:e5:ec:e7:26:59:b3:76:61:b9:55:
+ e3:f0:f8:f2:14:d9:f0:29:5e:91:e3:d4:95:71:13:
+ b2
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D2:E0:AF:FD:F9:47:36:6C:DC:0C:73:66:DA:CE:FF:1E:B3:81:8A:9A
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ serial:AF:A2:8B:B9:33:AD:DA:AD
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:de:fe:a7:fd:0d:17:ca:cd:7e:06:b0:3d:cd:69:11:c4:67:
+ 63:10:cd:4e:d3:6d:63:4c:9b:02:1d:39:da:5f:e3:2d:84:e1:
+ cf:fd:1f:ee:49:54:bb:85:57:4c:a6:18:f3:09:c4:f8:8c:e8:
+ 24:1e:99:cd:e8:2e:9f:cb:84:ab
+-----BEGIN CERTIFICATE-----
+MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem
new file mode 100644
index 0000000..d23189d
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem
@@ -0,0 +1,160 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12655831530416757427 (0xafa28bb933addab3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey
Sanin/emailAddress=xmlsec aleksey com
+ Validity
+ Not Before: Mar 5 22:54:53 2015 GMT
+ Not After : Feb 9 22:54:53 2115 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third
Level DSA 3072 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ pub:
+ 00:c9:8a:8e:a6:4e:08:f4:fe:68:37:5d:30:e8:ce:
+ e2:fa:bf:be:da:dd:c9:60:95:f5:3a:18:de:66:c6:
+ 7f:6b:87:d2:5d:44:87:bb:8f:34:09:9e:f5:3c:ab:
+ 44:e7:a8:59:e6:71:3a:f8:ae:67:63:4b:95:77:fb:
+ 55:c7:20:63:bf:35:40:2e:2f:7c:35:90:f5:b5:2a:
+ 64:dc:fc:7b:98:7a:b5:be:37:9a:66:ed:9c:97:ef:
+ 56:c1:5a:47:f1:d1:34:16:8c:e5:de:0e:7a:12:65:
+ 0d:4d:06:e8:fc:1a:41:db:70:6d:1f:20:22:50:1d:
+ dd:9f:d6:af:40:27:c7:45:30:4f:db:0a:4d:4c:8b:
+ f6:3f:8c:9f:4a:af:40:04:28:f4:30:9e:dd:12:66:
+ 17:61:a8:ea:7a:12:bd:13:22:d6:ec:1e:df:5b:ae:
+ e7:38:e4:69:ae:c9:91:a0:92:7f:b0:10:8e:c6:df:
+ 1e:c1:2f:8f:38:51:aa:65:36:8d:2c:17:8d:ed:5a:
+ 60:77:e5:91:1f:7f:15:8e:60:59:4b:2e:4a:17:4e:
+ 56:67:4a:75:d6:ef:3c:7c:a1:74:ce:21:b9:fd:2b:
+ 7d:c0:f4:d8:17:b8:3a:4c:83:b2:28:b9:48:74:15:
+ 85:76:75:58:ef:36:ac:24:f1:d6:6b:38:df:a9:02:
+ d5:7b:09:0b:cd:ea:9c:de:3e:0f:e8:04:9a:d4:95:
+ 5f:cd:3b:68:f4:06:e6:6f:97:d0:11:bf:62:58:92:
+ b6:6e:7c:5b:66:30:d0:5b:a1:fe:a3:f9:66:c5:9c:
+ 8a:9b:db:b5:c2:2e:5d:5a:ef:44:35:58:a0:af:13:
+ ca:83:dc:b8:99:1f:1f:fb:96:ca:dc:69:35:7c:29:
+ 91:7c:77:99:33:81:74:48:48:5b:39:36:46:05:c6:
+ bb:bf:2e:30:4f:ef:be:c5:2c:7d:b7:41:35:b6:81:
+ eb:4f:4b:dc:84:c5:4c:3d:92:d7:85:68:5e:32:39:
+ 40:79:2a:07:84:95:e6:65:4f:e4
+ P:
+ 00:e3:88:32:2a:76:4d:35:f3:33:d3:e1:50:2b:f3:
+ a9:62:4a:d2:9b:5f:da:5a:5c:cc:dc:1d:4c:58:5b:
+ 27:14:c3:41:d2:bf:b9:15:bc:bf:11:87:ab:01:ff:
+ a4:fc:f3:42:47:e8:fb:d7:d5:49:89:4f:cd:f8:4d:
+ 98:bd:88:62:e8:01:ca:a4:a2:db:e7:b2:16:2f:5b:
+ 5a:14:77:98:6e:bc:9f:f0:38:0c:55:5e:b3:a5:a2:
+ 41:8f:fe:92:64:3d:62:89:62:f2:7f:c7:32:80:dd:
+ 2d:d2:7f:5c:f4:df:18:67:c6:b8:19:ef:49:d1:7d:
+ 4a:f7:88:e1:b6:cb:5e:30:d2:1f:16:1b:f9:72:79:
+ 1a:83:07:5a:af:91:ac:54:5d:78:ea:46:01:82:e7:
+ dc:02:f4:0b:53:dc:71:13:e9:ed:a8:64:1e:6d:81:
+ 76:38:7a:41:0b:35:9b:5f:79:3b:01:cc:7a:c3:f5:
+ 6a:c0:98:e5:2b:87:d1:52:54:8e:81:76:6b:78:c9:
+ 6e:da:cf:7a:59:21:a8:d8:bc:59:51:81:23:ef:69:
+ 15:66:f9:d5:6a:7c:20:9a:e1:e8:b8:4e:5b:86:2a:
+ cb:f6:d2:90:ed:97:6f:60:a0:45:e0:a8:b4:51:a6:
+ 5a:2c:6e:db:3e:02:a7:14:1f:5b:92:30:d9:03:ee:
+ 69:fa:88:71:9c:5a:61:d3:68:12:ff:87:4d:07:da:
+ b0:17:92:d8:70:c1:3c:d6:b3:f6:75:ea:08:9d:5a:
+ 43:f8:09:b5:f7:8d:32:9e:90:48:38:ec:6f:51:51:
+ e4:cc:bf:4f:0d:ef:56:4f:d4:58:a3:6a:a2:b5:6f:
+ 59:7b:40:98:93:32:fa:26:57:1a:08:b4:0b:fc:5b:
+ 89:a1:5e:3e:c5:94:43:9d:56:47:34:12:28:09:74:
+ 27:48:04:6e:ce:76:45:dc:15:cf:14:6b:7a:fa:f5:
+ ce:4a:1d:07:58:61:5d:60:8a:4d:09:00:20:16:f4:
+ 31:b7:e3:1e:4c:c8:e8:8d:3e:0f
+ Q:
+ 00:c2:88:7b:78:1e:fc:98:82:4e:c4:b1:14:1c:60:
+ 35:be:9b:c8:3d:81:77:32:ea:a4:d0:f1:2f:f1:38:
+ b8:59:df
+ G:
+ 00:8b:7a:a1:1c:76:49:78:e5:33:00:c6:0a:72:85:
+ 5f:0b:dc:18:1f:c5:90:3a:e2:d0:d0:07:fa:4c:50:
+ 67:27:17:54:65:59:ef:fa:54:ec:31:66:b6:48:9f:
+ 2a:e9:74:0c:1e:07:d9:2e:b5:b8:ea:61:44:f6:41:
+ 6d:68:33:43:74:21:0f:40:d5:b9:ce:ce:4b:24:49:
+ a0:31:04:72:00:90:8f:67:a9:38:0b:79:01:96:97:
+ 38:be:cf:c5:94:3a:c3:e9:7f:5a:6e:39:11:54:f3:
+ c5:19:7f:b4:ba:15:17:00:84:e8:55:88:5e:63:b7:
+ 98:88:ad:80:39:81:05:6c:0a:1f:92:2e:92:be:92:
+ d9:e3:c7:3b:f3:f7:fd:6b:07:41:db:e0:1c:f0:e2:
+ 5c:64:c4:5a:ff:96:01:d6:42:d0:b3:f6:f0:99:04:
+ 06:ec:b0:f1:c7:2e:9c:46:ed:50:3a:27:82:36:29:
+ 7c:f6:5d:37:b2:32:fd:38:f6:b7:d6:52:fe:12:20:
+ 38:0b:b3:95:f0:72:13:3e:3d:69:2e:3c:52:c8:73:
+ f2:cb:39:8f:28:7a:60:f7:af:23:86:2a:0d:87:a1:
+ f1:85:15:bf:a8:6c:7f:b7:b6:db:15:b1:d4:fb:60:
+ d5:3b:6d:70:0a:35:3f:ae:27:06:e8:d0:04:fd:db:
+ 1f:46:58:36:e4:0b:77:3a:2c:9f:c1:e6:41:29:a4:
+ b6:02:11:ae:9b:45:63:32:7a:92:33:2e:af:19:0c:
+ f7:01:87:94:ab:f5:bf:7c:cc:cc:01:bc:83:00:29:
+ e9:0e:7a:71:55:ec:2b:25:a5:7c:41:7e:30:c1:8a:
+ ea:34:d7:26:8f:d9:43:f9:ac:16:11:92:43:fb:99:
+ 46:3c:70:7a:c6:bd:5e:3d:d0:de:16:7e:b5:67:10:
+ 5a:dd:3a:c9:ab:f6:ff:15:d4:3e:4a:39:ce:04:6e:
+ a2:64:4a:35:51:48:7d:93:da:84:12:22:11:3d:19:
+ c9:5a:23:e0:a8:63:f4:bb:c9:13
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 94:81:05:72:34:53:0F:51:FC:63:B8:DE:59:F8:AC:6A:BB:F1:46:72
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ serial:AF:A2:8B:B9:33:AD:DA:AD
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 0f:77:ba:95:c6:98:64:a0:d2:1c:81:a6:1b:bc:e8:a9:30:51:
+ 59:da:7a:1e:06:4e:dc:76:bf:50:b5:a8:13:c7:e0:00:21:fe:
+ 82:a9:cc:86:29:4e:7d:ed:ee:e0:2c:89:39:3b:8a:6e:de:6a:
+ 96:e5:b1:70:51:7b:39:11:a0:ae
+-----BEGIN CERTIFICATE-----
+MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/serial b/tests/keys/demoCA/serial
index 4c8059c..adf3394 100644
--- a/tests/keys/demoCA/serial
+++ b/tests/keys/demoCA/serial
@@ -1 +1 @@
-AFA28BB933ADDAB2
+AFA28BB933ADDAB4
diff --git a/tests/keys/demoCA/serial.old b/tests/keys/demoCA/serial.old
index a774cc1..b63ebda 100644
--- a/tests/keys/demoCA/serial.old
+++ b/tests/keys/demoCA/serial.old
@@ -1 +1 @@
-AFA28BB933ADDAB1
+AFA28BB933ADDAB3
diff --git a/tests/keys/dsa2048cert.der b/tests/keys/dsa2048cert.der
new file mode 100644
index 0000000..95617d6
Binary files /dev/null and b/tests/keys/dsa2048cert.der differ
diff --git a/tests/keys/dsa2048cert.pem b/tests/keys/dsa2048cert.pem
new file mode 100644
index 0000000..370106f
--- /dev/null
+++ b/tests/keys/dsa2048cert.pem
@@ -0,0 +1,128 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12655831530416757426 (0xafa28bb933addab2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey
Sanin/emailAddress=xmlsec aleksey com
+ Validity
+ Not Before: Mar 5 22:54:09 2015 GMT
+ Not After : Feb 9 22:54:09 2115 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third
Level DSA 2048 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ pub:
+ 00:aa:1d:6f:f5:53:c2:bb:6b:64:bd:3b:05:14:de:
+ 4f:58:bf:17:35:cb:74:a1:c9:60:3c:8f:64:63:1f:
+ 05:2c:32:84:67:53:16:e5:a9:b6:51:f1:5e:14:5c:
+ e3:8e:de:3e:3e:ac:e1:cf:80:6f:54:9a:86:ef:9b:
+ cd:9a:2c:df:9d:64:d6:dd:b1:48:f2:a2:69:ba:8b:
+ 75:91:18:03:d9:e9:69:2b:65:bd:63:17:d7:90:48:
+ 29:b3:bb:74:2f:ba:79:00:82:7f:96:14:3e:26:e2:
+ ae:14:e4:b5:cc:c9:4b:1d:9f:02:2f:e0:d2:0a:fe:
+ aa:d2:58:b0:8d:20:e3:4c:73:48:08:c5:2a:06:6a:
+ 13:c4:59:b6:8f:4f:ac:3b:74:8f:07:87:53:64:dc:
+ b3:0d:a9:c5:c5:a9:a6:68:9f:1a:87:40:2e:36:9d:
+ 79:9e:43:d8:5c:6e:7f:e3:c6:6a:aa:ff:90:33:a6:
+ 00:c5:a6:60:00:39:72:25:f3:45:b0:d9:67:db:69:
+ bf:4d:f0:d3:e7:78:aa:30:fc:55:36:12:5d:52:25:
+ b2:e6:15:53:28:dd:c6:a5:2a:0d:91:cb:6a:ee:e0:
+ 9c:3b:5c:93:20:7f:10:b7:29:6e:5b:1a:dc:fc:d6:
+ 1b:38:cc:be:6e:e6:ff:cc:8b:c0:1f:3e:7b:44:37:
+ 57:32
+ P:
+ 00:de:1f:fa:4f:ad:29:09:d4:8a:62:1f:b2:eb:a4:
+ 6d:eb:f4:78:8d:4a:0b:5e:2b:2b:c5:3b:54:ed:a7:
+ 1b:72:37:96:67:44:5c:2a:d2:4c:ff:30:41:88:e3:
+ d2:77:e4:df:3b:17:b0:39:4c:d0:16:ce:97:b7:69:
+ 56:ae:b7:92:df:02:e9:5a:9f:6a:70:05:be:c5:b5:
+ 6b:ff:e3:81:26:a4:a1:06:7c:c4:9a:b3:dc:e6:5d:
+ 7a:b2:16:56:6f:b2:ec:cf:fc:a6:bc:08:2f:66:95:
+ 10:91:ff:10:93:14:ac:db:db:6c:ea:62:f0:ad:f7:
+ f8:fa:8f:fa:4d:ad:b0:eb:5f:f0:84:94:5a:17:1c:
+ 11:b5:fb:66:9b:03:95:17:90:1c:be:9a:5e:a3:04:
+ 47:05:2b:c3:12:fd:b5:d0:6f:53:d6:f5:ce:f3:fe:
+ 50:d6:ad:f4:85:1f:c1:82:20:7d:c1:62:43:71:6f:
+ 79:62:0c:36:59:1a:9f:7b:47:6b:97:ec:c9:7d:b2:
+ 05:06:8b:9c:8b:63:4e:a1:35:46:2b:0e:ec:52:c8:
+ eb:b9:03:01:cd:0f:09:ff:55:44:9d:5d:a8:87:da:
+ cb:47:5f:66:60:3d:f9:b7:26:65:0f:3b:a6:13:79:
+ 47:bb:3c:da:fc:5d:90:46:52:16:19:1d:71:59:c1:
+ c9:af
+ Q:
+ 00:c0:ec:2c:22:81:0b:ff:bb:27:c7:06:56:22:5b:
+ 30:4a:ae:ef:99:1e:c8:7d:98:7b:06:98:ca:41:97:
+ 7c:bc:7d
+ G:
+ 12:5d:71:1a:b6:f4:9b:22:cf:26:ab:eb:93:58:b7:
+ fa:34:e5:00:22:00:b9:89:31:14:62:bf:f0:d8:5f:
+ ac:ce:52:25:e6:d8:b5:cc:79:ee:97:bd:a3:ed:dd:
+ bf:0e:70:cd:50:b9:b0:42:76:32:95:f7:cd:92:c2:
+ d7:34:f6:b4:bf:5e:b0:5e:58:e1:49:8d:db:00:5b:
+ 14:7e:7b:d8:8a:7b:86:2c:86:52:56:d5:80:a2:77:
+ 9f:79:2d:55:d9:7c:0d:b0:aa:78:eb:3a:e1:b3:f9:
+ 60:39:38:af:82:3b:85:65:69:bb:19:ec:6a:dd:5e:
+ 7e:5b:ac:54:9e:f8:b3:31:48:96:37:e0:b7:16:c5:
+ 06:64:35:0c:af:7a:4f:76:cc:b4:40:9e:07:53:91:
+ 83:9a:8b:59:62:d1:71:de:67:17:a7:ce:fe:b6:56:
+ 76:cd:79:7a:cc:17:07:52:92:e9:22:bc:30:99:38:
+ b6:94:82:2e:cc:b3:4e:e7:a2:3b:2d:36:56:cc:12:
+ 48:03:4f:d5:36:ad:37:47:c6:4c:48:f5:b9:a9:49:
+ 1e:63:95:ae:e9:c6:e5:f7:e6:a8:0d:bd:7c:f8:8c:
+ d8:01:e8:f2:20:e5:ec:e7:26:59:b3:76:61:b9:55:
+ e3:f0:f8:f2:14:d9:f0:29:5e:91:e3:d4:95:71:13:
+ b2
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D2:E0:AF:FD:F9:47:36:6C:DC:0C:73:66:DA:CE:FF:1E:B3:81:8A:9A
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ serial:AF:A2:8B:B9:33:AD:DA:AD
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 18:de:fe:a7:fd:0d:17:ca:cd:7e:06:b0:3d:cd:69:11:c4:67:
+ 63:10:cd:4e:d3:6d:63:4c:9b:02:1d:39:da:5f:e3:2d:84:e1:
+ cf:fd:1f:ee:49:54:bb:85:57:4c:a6:18:f3:09:c4:f8:8c:e8:
+ 24:1e:99:cd:e8:2e:9f:cb:84:ab
+-----BEGIN CERTIFICATE-----
+MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==
+-----END CERTIFICATE-----
diff --git a/tests/keys/dsa2048key.der b/tests/keys/dsa2048key.der
new file mode 100644
index 0000000..d5848e0
Binary files /dev/null and b/tests/keys/dsa2048key.der differ
diff --git a/tests/keys/dsa2048key.p12 b/tests/keys/dsa2048key.p12
new file mode 100644
index 0000000..f37040a
Binary files /dev/null and b/tests/keys/dsa2048key.p12 differ
diff --git a/tests/keys/dsa2048key.p8-der b/tests/keys/dsa2048key.p8-der
new file mode 100644
index 0000000..ef0acf2
Binary files /dev/null and b/tests/keys/dsa2048key.p8-der differ
diff --git a/tests/keys/dsa2048key.p8-pem b/tests/keys/dsa2048key.p8-pem
new file mode 100644
index 0000000..7881652
--- /dev/null
+++ b/tests/keys/dsa2048key.p8-pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICkTAbBgkqhkiG9w0BBQMwDgQI91oYgqxFl0sCAggABIICcBrX4V56uQzG60QS
+4Q+zK6lvto6OAN+YSAdJ+f4K2YLXOZbJO6NmUFdN4geQzU2yDuk4I+KE9Ztcp1Zk
++nSmoHe0RGUak/vKftJvnicLOJht38dx+Vz3jqiOZD7d9Pxyhsp8qIOIGwKCm1Vy
+OguvX420USnwpF8Y/VnRfGPco7WjW/hRO68JPSYvteW2RaQSAyJMeUElVr0L5SPV
+NuzriEsUcVLxmO52/Ycld6p92UXH4ztO2XNQ8SLVxr96s8Cd3HGOCv4bIQWERCSo
+RQM3M2btjD2GMq+EfyTDGN7rxxZ4iRMB/f08ZALVqnmQaUj/lFhnxeTTWYnhaiNW
+s9C6v0GPjfwp9kDhDjcno16//UvBJEPEu56lRn9fONsBiWMGj1SHx148oYKudSYQ
+qunTybRDilhy/5cqZmm1JYxgXeDVhLUdjBUuTQN4O/+nCKbYX2GiPAje3C20QQP9
+RgaGo+M0gf2bz8dylPTivMch7aM1zfkE8kqf3gXvQWD7UfUXxiaX90Pdr7LLzm/P
++RWaD+yPKtN0wIQriWsqHGsiRRYW3KTLSlYaYrtmNleiVpdKG/c0et/QaXzrMsXh
+CSSZj438An7YMF9UdtAx5RjYr72USBrNbp8FKuQEo3fj1HNJaEHdrYZfkpEoCNxW
+u77r37/N7SjtgMpmEHT8gLBo+rs7cNmwwK6cH0xtg4PspEu9MjRobfV7QxqSzv+V
+ot9Ynhn3KXSzYgp2xqdOdGUJ+iUqdgQorfa+zU5NDOPqGWNKouKSDzMW/xcmcJui
+Jwc/uoAIMSjX3y7vz4Z/Q4FvLQDHyfvyvqADNt3x06ZCkCsgMg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/dsa2048key.pem b/tests/keys/dsa2048key.pem
new file mode 100644
index 0000000..a0b5d42
--- /dev/null
+++ b/tests/keys/dsa2048key.pem
@@ -0,0 +1,34 @@
+-----BEGIN DSA PARAMETERS-----
+MIICLAKCAQEA3h/6T60pCdSKYh+y66Rt6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM
+/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc
+5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs29ts6mLwrff4+o/6Ta2w61/whJRaFxwR
+tftmmwOVF5AcvppeowRHBSvDEv210G9T1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2
+WRqfe0drl+zJfbIFBouci2NOoTVGKw7sUsjruQMBzQ8J/1VEnV2oh9rLR19mYD35
+tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJrwIhAMDsLCKBC/+7J8cGViJbMEqu75ke
+yH2YewaYykGXfLx9AoIBABJdcRq29Jsizyar65NYt/o05QAiALmJMRRiv/DYX6zO
+UiXm2LXMee6XvaPt3b8OcM1QubBCdjKV982Swtc09rS/XrBeWOFJjdsAWxR+e9iK
+e4YshlJW1YCid595LVXZfA2wqnjrOuGz+WA5OK+CO4VlabsZ7GrdXn5brFSe+LMx
+SJY34LcWxQZkNQyvek92zLRAngdTkYOai1li0XHeZxenzv62VnbNeXrMFwdSkuki
+vDCZOLaUgi7Ms07nojstNlbMEkgDT9U2rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4
+jNgB6PIg5eznJlmzdmG5VePw+PIU2fApXpHj1JVxE7I=
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEA3h/6T60pCdSKYh+y66Rt6/R4jUoLXisrxTtU7acbcjeWZ0Rc
+KtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS3wLpWp9qcAW+xbVr/+OBJqShBnzE
+mrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs29ts6mLwrff4+o/6Ta2w61/whJRa
+FxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T1vXO8/5Q1q30hR/BgiB9wWJDcW95
+Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7sUsjruQMBzQ8J/1VEnV2oh9rLR19m
+YD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJrwIhAMDsLCKBC/+7J8cGViJbMEqu
+75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsizyar65NYt/o05QAiALmJMRRiv/DY
+X6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV982Swtc09rS/XrBeWOFJjdsAWxR+
+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz+WA5OK+CO4VlabsZ7GrdXn5brFSe
++LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOai1li0XHeZxenzv62VnbNeXrMFwdS
+kukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2rTdHxkxI9bmpSR5jla7pxuX35qgN
+vXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fApXpHj1JVxE7ICggEBAKodb/VTwrtr
+ZL07BRTeT1i/FzXLdKHJYDyPZGMfBSwyhGdTFuWptlHxXhRc447ePj6s4c+Ab1Sa
+hu+bzZos351k1t2xSPKiabqLdZEYA9npaStlvWMX15BIKbO7dC+6eQCCf5YUPibi
+rhTktczJSx2fAi/g0gr+qtJYsI0g40xzSAjFKgZqE8RZto9PrDt0jweHU2Tcsw2p
+xcWppmifGodALjadeZ5D2Fxuf+PGaqr/kDOmAMWmYAA5ciXzRbDZZ9tpv03w0+d4
+qjD8VTYSXVIlsuYVUyjdxqUqDZHLau7gnDtckyB/ELcpblsa3PzWGzjMvm7m/8yL
+wB8+e0Q3VzICIB9PWz6BWBYKojMpNr4DVTBQnwurewOuPPB7YS0OamXE
+-----END DSA PRIVATE KEY-----
diff --git a/tests/keys/dsa3072cert.der b/tests/keys/dsa3072cert.der
new file mode 100644
index 0000000..d8e82b5
Binary files /dev/null and b/tests/keys/dsa3072cert.der differ
diff --git a/tests/keys/dsa3072cert.pem b/tests/keys/dsa3072cert.pem
new file mode 100644
index 0000000..d23189d
--- /dev/null
+++ b/tests/keys/dsa3072cert.pem
@@ -0,0 +1,160 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 12655831530416757427 (0xafa28bb933addab3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey
Sanin/emailAddress=xmlsec aleksey com
+ Validity
+ Not Before: Mar 5 22:54:53 2015 GMT
+ Not After : Feb 9 22:54:53 2115 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third
Level DSA 3072 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ pub:
+ 00:c9:8a:8e:a6:4e:08:f4:fe:68:37:5d:30:e8:ce:
+ e2:fa:bf:be:da:dd:c9:60:95:f5:3a:18:de:66:c6:
+ 7f:6b:87:d2:5d:44:87:bb:8f:34:09:9e:f5:3c:ab:
+ 44:e7:a8:59:e6:71:3a:f8:ae:67:63:4b:95:77:fb:
+ 55:c7:20:63:bf:35:40:2e:2f:7c:35:90:f5:b5:2a:
+ 64:dc:fc:7b:98:7a:b5:be:37:9a:66:ed:9c:97:ef:
+ 56:c1:5a:47:f1:d1:34:16:8c:e5:de:0e:7a:12:65:
+ 0d:4d:06:e8:fc:1a:41:db:70:6d:1f:20:22:50:1d:
+ dd:9f:d6:af:40:27:c7:45:30:4f:db:0a:4d:4c:8b:
+ f6:3f:8c:9f:4a:af:40:04:28:f4:30:9e:dd:12:66:
+ 17:61:a8:ea:7a:12:bd:13:22:d6:ec:1e:df:5b:ae:
+ e7:38:e4:69:ae:c9:91:a0:92:7f:b0:10:8e:c6:df:
+ 1e:c1:2f:8f:38:51:aa:65:36:8d:2c:17:8d:ed:5a:
+ 60:77:e5:91:1f:7f:15:8e:60:59:4b:2e:4a:17:4e:
+ 56:67:4a:75:d6:ef:3c:7c:a1:74:ce:21:b9:fd:2b:
+ 7d:c0:f4:d8:17:b8:3a:4c:83:b2:28:b9:48:74:15:
+ 85:76:75:58:ef:36:ac:24:f1:d6:6b:38:df:a9:02:
+ d5:7b:09:0b:cd:ea:9c:de:3e:0f:e8:04:9a:d4:95:
+ 5f:cd:3b:68:f4:06:e6:6f:97:d0:11:bf:62:58:92:
+ b6:6e:7c:5b:66:30:d0:5b:a1:fe:a3:f9:66:c5:9c:
+ 8a:9b:db:b5:c2:2e:5d:5a:ef:44:35:58:a0:af:13:
+ ca:83:dc:b8:99:1f:1f:fb:96:ca:dc:69:35:7c:29:
+ 91:7c:77:99:33:81:74:48:48:5b:39:36:46:05:c6:
+ bb:bf:2e:30:4f:ef:be:c5:2c:7d:b7:41:35:b6:81:
+ eb:4f:4b:dc:84:c5:4c:3d:92:d7:85:68:5e:32:39:
+ 40:79:2a:07:84:95:e6:65:4f:e4
+ P:
+ 00:e3:88:32:2a:76:4d:35:f3:33:d3:e1:50:2b:f3:
+ a9:62:4a:d2:9b:5f:da:5a:5c:cc:dc:1d:4c:58:5b:
+ 27:14:c3:41:d2:bf:b9:15:bc:bf:11:87:ab:01:ff:
+ a4:fc:f3:42:47:e8:fb:d7:d5:49:89:4f:cd:f8:4d:
+ 98:bd:88:62:e8:01:ca:a4:a2:db:e7:b2:16:2f:5b:
+ 5a:14:77:98:6e:bc:9f:f0:38:0c:55:5e:b3:a5:a2:
+ 41:8f:fe:92:64:3d:62:89:62:f2:7f:c7:32:80:dd:
+ 2d:d2:7f:5c:f4:df:18:67:c6:b8:19:ef:49:d1:7d:
+ 4a:f7:88:e1:b6:cb:5e:30:d2:1f:16:1b:f9:72:79:
+ 1a:83:07:5a:af:91:ac:54:5d:78:ea:46:01:82:e7:
+ dc:02:f4:0b:53:dc:71:13:e9:ed:a8:64:1e:6d:81:
+ 76:38:7a:41:0b:35:9b:5f:79:3b:01:cc:7a:c3:f5:
+ 6a:c0:98:e5:2b:87:d1:52:54:8e:81:76:6b:78:c9:
+ 6e:da:cf:7a:59:21:a8:d8:bc:59:51:81:23:ef:69:
+ 15:66:f9:d5:6a:7c:20:9a:e1:e8:b8:4e:5b:86:2a:
+ cb:f6:d2:90:ed:97:6f:60:a0:45:e0:a8:b4:51:a6:
+ 5a:2c:6e:db:3e:02:a7:14:1f:5b:92:30:d9:03:ee:
+ 69:fa:88:71:9c:5a:61:d3:68:12:ff:87:4d:07:da:
+ b0:17:92:d8:70:c1:3c:d6:b3:f6:75:ea:08:9d:5a:
+ 43:f8:09:b5:f7:8d:32:9e:90:48:38:ec:6f:51:51:
+ e4:cc:bf:4f:0d:ef:56:4f:d4:58:a3:6a:a2:b5:6f:
+ 59:7b:40:98:93:32:fa:26:57:1a:08:b4:0b:fc:5b:
+ 89:a1:5e:3e:c5:94:43:9d:56:47:34:12:28:09:74:
+ 27:48:04:6e:ce:76:45:dc:15:cf:14:6b:7a:fa:f5:
+ ce:4a:1d:07:58:61:5d:60:8a:4d:09:00:20:16:f4:
+ 31:b7:e3:1e:4c:c8:e8:8d:3e:0f
+ Q:
+ 00:c2:88:7b:78:1e:fc:98:82:4e:c4:b1:14:1c:60:
+ 35:be:9b:c8:3d:81:77:32:ea:a4:d0:f1:2f:f1:38:
+ b8:59:df
+ G:
+ 00:8b:7a:a1:1c:76:49:78:e5:33:00:c6:0a:72:85:
+ 5f:0b:dc:18:1f:c5:90:3a:e2:d0:d0:07:fa:4c:50:
+ 67:27:17:54:65:59:ef:fa:54:ec:31:66:b6:48:9f:
+ 2a:e9:74:0c:1e:07:d9:2e:b5:b8:ea:61:44:f6:41:
+ 6d:68:33:43:74:21:0f:40:d5:b9:ce:ce:4b:24:49:
+ a0:31:04:72:00:90:8f:67:a9:38:0b:79:01:96:97:
+ 38:be:cf:c5:94:3a:c3:e9:7f:5a:6e:39:11:54:f3:
+ c5:19:7f:b4:ba:15:17:00:84:e8:55:88:5e:63:b7:
+ 98:88:ad:80:39:81:05:6c:0a:1f:92:2e:92:be:92:
+ d9:e3:c7:3b:f3:f7:fd:6b:07:41:db:e0:1c:f0:e2:
+ 5c:64:c4:5a:ff:96:01:d6:42:d0:b3:f6:f0:99:04:
+ 06:ec:b0:f1:c7:2e:9c:46:ed:50:3a:27:82:36:29:
+ 7c:f6:5d:37:b2:32:fd:38:f6:b7:d6:52:fe:12:20:
+ 38:0b:b3:95:f0:72:13:3e:3d:69:2e:3c:52:c8:73:
+ f2:cb:39:8f:28:7a:60:f7:af:23:86:2a:0d:87:a1:
+ f1:85:15:bf:a8:6c:7f:b7:b6:db:15:b1:d4:fb:60:
+ d5:3b:6d:70:0a:35:3f:ae:27:06:e8:d0:04:fd:db:
+ 1f:46:58:36:e4:0b:77:3a:2c:9f:c1:e6:41:29:a4:
+ b6:02:11:ae:9b:45:63:32:7a:92:33:2e:af:19:0c:
+ f7:01:87:94:ab:f5:bf:7c:cc:cc:01:bc:83:00:29:
+ e9:0e:7a:71:55:ec:2b:25:a5:7c:41:7e:30:c1:8a:
+ ea:34:d7:26:8f:d9:43:f9:ac:16:11:92:43:fb:99:
+ 46:3c:70:7a:c6:bd:5e:3d:d0:de:16:7e:b5:67:10:
+ 5a:dd:3a:c9:ab:f6:ff:15:d4:3e:4a:39:ce:04:6e:
+ a2:64:4a:35:51:48:7d:93:da:84:12:22:11:3d:19:
+ c9:5a:23:e0:a8:63:f4:bb:c9:13
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 94:81:05:72:34:53:0F:51:FC:63:B8:DE:59:F8:AC:6A:BB:F1:46:72
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+ serial:AF:A2:8B:B9:33:AD:DA:AD
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 0f:77:ba:95:c6:98:64:a0:d2:1c:81:a6:1b:bc:e8:a9:30:51:
+ 59:da:7a:1e:06:4e:dc:76:bf:50:b5:a8:13:c7:e0:00:21:fe:
+ 82:a9:cc:86:29:4e:7d:ed:ee:e0:2c:89:39:3b:8a:6e:de:6a:
+ 96:e5:b1:70:51:7b:39:11:a0:ae
+-----BEGIN CERTIFICATE-----
+MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=
+-----END CERTIFICATE-----
diff --git a/tests/keys/dsa3072key.der b/tests/keys/dsa3072key.der
new file mode 100644
index 0000000..c3cfe1c
Binary files /dev/null and b/tests/keys/dsa3072key.der differ
diff --git a/tests/keys/dsa3072key.p12 b/tests/keys/dsa3072key.p12
new file mode 100644
index 0000000..39a71a1
Binary files /dev/null and b/tests/keys/dsa3072key.p12 differ
diff --git a/tests/keys/dsa3072key.p8-der b/tests/keys/dsa3072key.p8-der
new file mode 100644
index 0000000..19b7f73
Binary files /dev/null and b/tests/keys/dsa3072key.p8-der differ
diff --git a/tests/keys/dsa3072key.p8-pem b/tests/keys/dsa3072key.p8-pem
new file mode 100644
index 0000000..4f8be16
--- /dev/null
+++ b/tests/keys/dsa3072key.p8-pem
@@ -0,0 +1,22 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIDkTAbBgkqhkiG9w0BBQMwDgQI/mbFSvEwrg0CAggABIIDcJaVzTBawa3Q2z81
+PrWS+W4m/puvKonLKeVi1yRwtpcowD7T4UDPI7Ymmm4snNnbGT5MgHmYNNedm/30
+6U4JcROowefIlyHEHL4CKFkQAPccnM0QJ44Djj2OfLKMocmL24u+bSthKTmFAdo5
+JnJc0KNc715eJKlW6UMFhEML5xxFjymvluohxOzO/bNQwuE4S85ICWUvd6JzZ97l
+9Utz7UNg7UyRBPuXX6YtjA0s+sjaA1TS6eFgsX2ZxKelOpjooqdSAY7dpTx0/sG8
+bPaJSAuEfDfcbQH02smB5CoW5qf5oBecrbiAys/PSUAhf9nR7uLPD3rs8dF5szJA
+sXED4NvC8FXlHPWcyfxIRXRv9+5Q0bSKidcQRVvxOrMQyAcSkkceZuRULYtjaQDd
+4V/snKG/6+tHdlchEObuI0qZOCjlRdVso/4A3l7ApS++FGCsjBE3TUFxQZo/JMdE
+iOAG+G/tFq6O8OSWngK/k4BdfyPEHpZnUVDvqzzBPH03WJsQttzSDxwuYANk9996
+xt732wpo15FQejOWFwDn9g0wMKhuTDN92QIKv6JlcZbIICA/VN83S5/hQaGCjA+l
+gnryloZd8cmPfrIGzfCg8IpE8Iz3wPEfSv5UsXVzXIwPYU6Nrj0B4eJ7wV9PbPuE
+vCElu7Z/Q4/27OztJVoa+McVgZd9peZjLDNwgPENdDAnCDxvUz4IXqvAuoGTL35A
+pNUvpRPx1ITT1l4bvZBEnsPpMmiTtmt3IYtNN2nhBPzVo3hStIuATO19LDCUdSsA
+MPMObQaiofEpxuZ0LGR3Kajw+29R2u+B/P5/6FVVLkgLuXsT4atOxgAh4wyQ77dU
+tPcYRGFFI675a/59oRtZRy2MgDbwJuBiV0hNi1O/2V947Cek1c9EYvLNijiVtBkf
+bSVjRZ2hHCuk8t+FIW3XvGQGXHRqsjswJCgQXv/O+KeZsGbCxAvRkqyIEChAATg2
+OUoUK3VOQmf6pg07OZIKvALF3NhhAJTiP9TyFs8AnUa/ILnBqA/kKGy+uUi9Nn2z
+Y8AEWvr21H45Y6HA51zKRR66RkrZXSMuMcEFo1rdja/SOfMpilI9RqhBnGCsLqiq
++h39z8KWmi3/VrIGKSJ5rQE90nzGJa8lU6QFHi6hC92X76fDL2IUFU0WcJvimLlP
+3Eb3jHQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/dsa3072key.pem b/tests/keys/dsa3072key.pem
new file mode 100644
index 0000000..3b2d3e5
--- /dev/null
+++ b/tests/keys/dsa3072key.pem
@@ -0,0 +1,48 @@
+-----BEGIN DSA PARAMETERS-----
+MIIDLQKCAYEA44gyKnZNNfMz0+FQK/OpYkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/
+EYerAf+k/PNCR+j719VJiU/N+E2YvYhi6AHKpKLb57IWL1taFHeYbryf8DgMVV6z
+paJBj/6SZD1iiWLyf8cygN0t0n9c9N8YZ8a4Ge9J0X1K94jhtsteMNIfFhv5cnka
+gwdar5GsVF146kYBgufcAvQLU9xxE+ntqGQebYF2OHpBCzWbX3k7Acx6w/VqwJjl
+K4fRUlSOgXZreMlu2s96WSGo2LxZUYEj72kVZvnVanwgmuHouE5bhirL9tKQ7Zdv
+YKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p+ohxnFph02gS/4dNB9qwF5LYcME81rP2
+deoInVpD+Am1940ynpBIOOxvUVHkzL9PDe9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL
+/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQx
+t+MeTMjojT4PAiEAwoh7eB78mIJOxLEUHGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGB
+AIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0
+DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7OSyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6
+w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsH
+QdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS
+/hIgOAuzlfByEz49aS48Ushz8ss5jyh6YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg
+1TttcAo1P64nBujQBP3bH0ZYNuQLdzosn8HmQSmktgIRrptFYzJ6kjMurxkM9wGH
+lKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9
+Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRuomRKNVFIfZPahBIiET0ZyVoj4Khj9LvJ
+Ew==
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1wIBAAKCAYEA44gyKnZNNfMz0+FQK/OpYkrSm1/aWlzM3B1MWFsnFMNB0r+5
+Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi6AHKpKLb57IWL1taFHeYbryf8DgM
+VV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8YZ8a4Ge9J0X1K94jhtsteMNIfFhv5
+cnkagwdar5GsVF146kYBgufcAvQLU9xxE+ntqGQebYF2OHpBCzWbX3k7Acx6w/Vq
+wJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj72kVZvnVanwgmuHouE5bhirL9tKQ
+7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p+ohxnFph02gS/4dNB9qwF5LYcME8
+1rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9PDe9WT9RYo2qitW9Ze0CYkzL6Jlca
+CLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF3BXPFGt6+vXOSh0HWGFdYIpNCQAg
+FvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEUHGA1vpvIPYF3Muqk0PEv8Ti4Wd8C
+ggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri0NAH+kxQZycXVGVZ7/pU7DFmtkif
+Kul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7OSyRJoDEEcgCQj2epOAt5AZaXOL7P
+xZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3mIitgDmBBWwKH5Iukr6S2ePHO/P3
+/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw8ccunEbtUDongjYpfPZdN7Iy/Tj2
+t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6YPevI4YqDYeh8YUVv6hsf7e22xWx
+1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzosn8HmQSmktgIRrptFYzJ6kjMurxkM
+9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxw
+esa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRuomRKNVFIfZPahBIiET0ZyVoj4Khj
+9LvJEwKCAYEAyYqOpk4I9P5oN10w6M7i+r++2t3JYJX1OhjeZsZ/a4fSXUSHu480
+CZ71PKtE56hZ5nE6+K5nY0uVd/tVxyBjvzVALi98NZD1tSpk3Px7mHq1vjeaZu2c
+l+9WwVpH8dE0Fozl3g56EmUNTQbo/BpB23BtHyAiUB3dn9avQCfHRTBP2wpNTIv2
+P4yfSq9ABCj0MJ7dEmYXYajqehK9EyLW7B7fW67nOORprsmRoJJ/sBCOxt8ewS+P
+OFGqZTaNLBeN7Vpgd+WRH38VjmBZSy5KF05WZ0p11u88fKF0ziG5/St9wPTYF7g6
+TIOyKLlIdBWFdnVY7zasJPHWazjfqQLVewkLzeqc3j4P6ASa1JVfzTto9Abmb5fQ
+Eb9iWJK2bnxbZjDQW6H+o/lmxZyKm9u1wi5dWu9ENVigrxPKg9y4mR8f+5bK3Gk1
+fCmRfHeZM4F0SEhbOTZGBca7vy4wT+++xSx9t0E1toHrT0vchMVMPZLXhWheMjlA
+eSoHhJXmZU/kAiAJlxSx721HQx7dCU+U3FcT28sdzvwYwd2Xt14n8vyo3w==
+-----END DSA PRIVATE KEY-----
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index aed6a02..7afdd7c 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -320,6 +320,24 @@ execDSigTest $res_success \
"$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret123" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256" \
+ "sha256 dsa-sha256" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsa2048key$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256" \
+ "sha256 dsa-sha256" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsa3072key$priv_key_suffix.$priv_key_format --pwd secret123" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
#
# To generate expired cert run the following command
# > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret123 --output out.xml
./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
