- From: Merlin Hughes <Merlin.Hughes@betrusted.com>
- Date: Mon, 14 Jun 2004 20:56:26 +0100
- To: "Martin Labarthe Dubois" <dubois@consist.com.ar>
- Cc: w3c-ietf-xmldsig@w3.org
Look at the moduli: openssl base64 -d | od -t x1 <data> ^D 0000000 00 b4 e7 83 f9 c4 5e de 23 a7 cb 5a b5 cd 44 1e ... 0000200 47 and 0000000 b4 e7 83 f9 c4 5e de 23 a7 cb 5a b5 cd 44 1e ab ... 0000160 e0 e7 64 70 79 e4 ae 3e 2f e1 9b df 18 69 f6 47 They are the same, but the first is incorrectly encoded with a leading 00. Merlin r/dubois@consist.com.ar/2004.06.14/16:39:21 > > > > I have signed an XML with two different algorithms, > > they produced the same signature: > > > > <SignatureValue>cWmKHs9Y8kDgb18KEqzwonsAhXhcbCPJlgLKw1j4LA8FE+Z >NJEFWDk > D8EE+x+IF+HqrhtHaP9VNH > 3DZXj7d2TaD2FZg2P7H48VHZBRTXguHJ4VAoJGWVCEOWJIgAYPYY9AwCzAP7Fq1 >CK0tVjZ > uOx/kj 1pXSR2N7nhcINoy0nwI=</SignatureValue> > > > > and the same X509Certificate: > > > > <X509Data> > > <X509Certificate>MIIFYjCCBEqgAwIBAgIRAOQcxH0LRFgNXlhsKI68ao8wDQ >YJKoZIh > vcNAQEFBQAwgdIxCzAJBgNV > BAYTAkNMMR0wGwYDVQQIExRSZWdpb24gTWV0cm9wb2xpdGFuYTERMA8GA1UEBxM >IU2FudG > lhZ28x > JDAiBgNVBAoTG0NhbWFyYSBOYWNpb25hbCBkZSBDb21lcmNpbzENMAsGA1UECxM >ET05DRT > EfMB0G > A1UEAxMWT05DRSBQRVJTT05BUywgQ2xhc2UgMzEfMB0GCSqGSIb3DQEJARYQYWR >taW5vbm > NlQGNu > Yy5jbDEaMBgGCgmSJomT8ixkAQETCjcwMDA4MzEwLTEwHhcNMDQwMTEzMTk1MzU >2WhcNMD > cwMTEz > MjM1MzU2WjCB3TELMAkGA1UEBhMCQ0wxJTAjBgNVBAoTHENvbnNpc3QgVGVsZWl >uZm9ybW > F0aWNh > IFMuQS4xGTAXBgNVBAsTEEVtcGxlYWRvIEVtcHJlc2ExEzARBgNVBAsTCkluZ2V >uaWVyaW > ExGjAY > BgNVBAMTEUFuZHJlYSBWYWxlbnp1ZWxhMRwwGgYDVQQqExNJbmdlbmllcm8gQ29 >uc3VsdG > 9yMSIw > IAYJKoZIhvcNAQkBFhNhdmFsZW56dUBjb25zaXN0LmNsMRkwFwYKCZImiZPyLGQ >BARMJOT > EyNjc0 > OS03MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC054P5xF7eI6fLWrXNRB6 >rXi8HaL > 8Ecrnk > brgdEOz4rFp+bs3WgjioZyJB/QYLZcCSRMHfrGBKFO8CI9zXC5WiIP68qU0M/gJ >TSpolCM > QGB2wi > dSx93BAXLfR1GOGI5XldXCvSKeo9SDUOj481YjTJ4OdkcHnkrj4v4ZvfGGn2RwI >DAQABo4 > IBqDCC > AaQwHwYDVR0jBBgwFoAUxdKD8zXp4e6uQwaM95MtLpQnUmcwCQYDVR0TBAIwADC >BkwYDVR > 0gBIGL > MIGIMIGFBgQqAwQFMH0wSwYIKwYBBQUHAgIwPxo9Q2VydGlmaWNhZG8gdmFsaWR >vIHBhcm > EgVHJh > bnNhY2Npb25lcyBkZSBGYWN0dXJhIEVsZWN0cm9uaWNhLjAuBggrBgEFBQcCARY >iaHR0cD > ovL3d3 > dy5jbmMtb25jZS5jbC9mcmFtZTEwLmh0bTAjBgNVHRIEHDAaoBgGCCsGAQQBwQE >CoAwTCj > cwMDA4 > MzEwLTEwDgYDVR0PAQH/BAQDAgTwMBEGCWCGSAGG+EIBAQQEAwIFoDA8BgNVHRE >ENTAzoB > cGCCsG > AQQBwQEBoAsTCTkxMjY3NDktN6AYBggrBgEEAcEBA6AMEwo5NjU4NzQxMC0wMB0 >GA1UdDg > QWBBQP > jv9ZI7GZDDnSfAESYWIWR6jZ4zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY2E >uY25jLW > 9uY2Uu > Y2w6NDQ3L0NOQy1QZXJzb25hcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBABtBFuc >zwGld7a > X+iN8H > cPj3iVHSQQnFndsWydKpresdNmr04fU8SXCVsrGcqYIwK+2VbkWBmFQ9NCU+U/S >tZ9ibwO > EnCHRF > kK8ha2BLtGaGHP1u9/TjThTto77EGsGhuXaXUjSsYVBfD0EldZ/NIkhZLsBsX6D >qYxozmm > UsHcWC > 2ihEL3abDnKEq1LcrINIktOqIruUOn2PvIW2+ai3lPTeiSp3ZVw+1qouacF71oC >PNHn6Hn > rnIvpt > 4JERrifPdnRuK/vtepL7Srrpbc4NnsZArL3sj+l7365rAJ2fyC9oijIh2+pV+Rr >cn7oVgn > V092vP RE9GJ/bUs9So2n+kawk=</X509Certificate> > </X509Data> > > > > but diferent Modulus+Exponent pair. > > > > [1]- <RSAKeyValue> > > <Modulus>ALTng/nEXt4jp8tatc1EHqteLwdovwRyueRuuB0Q7PisWn5uzdaCOK >hnIkH9B > gtlwJJEwd+sYEoU > 7wIj3NcLlaIg/rypTQz+AlNKmiUIxAYHbCJ1LH3cEBct9HUY4YjleV1cK9Ip6j1 >INQ6Pjz > ViNMng 52RweeSuPi/hm98YafZH</Modulus> > <Exponent>AQAB</Exponent> > </RSAKeyValue> > </KeyValue> > > > > and > > > > [2]- <RSAKeyValue> > > <Modulus>tOeD+cRe3iOny1q1zUQeq14vB2i/BHK55G64HRDs+Kxafm7N1oI4qG >ciQf0GC > 2XAkkTB36xgShTv > AiPc1wuVoiD+vKlNDP4CU0qaJQjEBgdsInUsfdwQFy30dRjhiOV5XVwr0inqPUg >1Do+PNW > I0yeDn ZHB55K4+L+Gb3xhp9kc=</Modulus> > <Exponent>AQAB</Exponent> > </RSAKeyValue> > > > i dindīt know that a Public Key could have two different > Modulus+Exponent pairs representation, > > is this logical??? > > > > I verified both signatures with two diferent toolkits and both >are > valid, (i deleted de <X509Data> to force validation by RSAKeyVa >lue > instead of X509Certificate. > > The references in <SignedInfo> are correct too. > > > > > > Thanks & Regards, > Martin > > > > > > I deleted the X509Certificate to force validation by > >References > > 1. file://localhost/C:/temp/emartin.xml > 2. file://localhost/C:/temp/eapache.xml
Received on Monday, 14 June 2004 16:01:08 UTC