Re: MS crypto API and Java security API (KeyValue)

• From: 原田 <harada@prs.cs.fujitsu.co.jp>
• Date: Mon, 16 Apr 2001 22:29:29 -0400 (EDT)
• To: "Brian LaMacchia" <bal@microsoft.com>
• Cc: <w3c-ietf-xmldsig@w3.org>
• Message-ID: <004001c0c6e6$610be0c0$9656230a@prs.cs.fujitsu.co.jp>

Thank you for your suggesstion.
But I cannot do well.
I created signature by converting SignatureValue
and DSAKeyValue(P,Q,G,Y) by convLittleArray below,
and verified by xss4j.
The result is an Exception occurs.
When only SignatureValue converted, the result is better,
no exception occurs, but verify error.
I will try to convert as BigInterger of 20 byte array.

1)
  private byte[] convLittleArray(byte[] dsaSigval) {
        byte [] retval = new byte[dsaSigval.length];
        for (int i=0;i<dsaSigval.length;i+=4) {
            retval[i+3] = dsaSigval[i];
            retval[i+2] = dsaSigval[i+1];
            retval[i+1] = dsaSigval[i+2];
            retval[i  ] = dsaSigval[i+3];
        }
        return(retval);
   }

[Converted SigantureValue and KeyValue by 1]
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <Reference URI="file:///G:\src\dom\signature\tool\xmlsig\test.txt">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>h6zsF82dzSCnFsws9nQXtxyKcBY=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>MJGUGP6sh5RHLl4KKfNiDEm0RDlIe3K4S49zIfw8sTjRnUJGa0x9Vg==</SignatureValue>
  <KeyInfo>
    <KeyValue><DSAKeyValue><P>FdpwT99z+5PhFsvm4iTjUxvuYD43JWq+0H1DzAO9NnsiYWe3tCK9bG/vhi9+VnG5VubnSRfILdzX
ycxsqrBE9hyUHuUF+5ocBVkpywkHDMNjcaWN1Cu1z2U7RjHVJ6/g1WyTG0L9gE6CIQDAY9uuy1Vc
W543fKxK4Vef0IB4fU8=</P><Q>ceJtPWkaYITyOcSCKx1lr9xGQ9o=</Q><G>418EHVg1OAFeLrOlvPX7kUSO6Zt/X9pzXqYIF6NY1NwmoaEPcY37jJRY//U1GKPv5rQ/3s
+Wpz+w
YPTzeSNaaYkMuY9vhBpdznWP/BYjz1BwEB2mYrGxA0bENRMXiODs7anKJFLPl/jE3KS8KCg6NBYx
+hKS7daqriAFlYAKBnY=</G><Y>7PClTRl715S6PYckClKQqzRQIjaOIUABPODficQJj0ZJqJNjjGfn7AHmr3hCsHngLVI1aDyU3R9F
UIQfDpwnREfseLI7dN2OWvoqh4ymGd+REZFiFWvVmJ+18ob2crd/oblUxFoVAUEXLsxpbJTTIrN2
iJ8/y7kfKgbT63lAHmg=</Y></DSAKeyValue></KeyValue>
    </KeyInfo></Signature>

----- Original Message -----
送信者 : "Brian LaMacchia" <bal@microsoft.com>
宛先 : "??" <harada@prs.cs.fujitsu.co.jp>
CC : <w3c-ietf-xmldsig@w3.org>
送信日時 : 2001年4月17日 午前 01:36
件名 : RE: MS crypto API and Java security API (KeyValue)


You probably have a byte-ordering problem -- the bignums exported by
CryptoAPI are in little-endian format, and I bet your Java APIs require
the integers in big-endian format.  You likely need to reverse the r and
s values of the DSA signature before feeding it to your Java routines.
Same for exported public key values.

--bal

Received on Tuesday, 17 April 2001 09:33:24 UTC