W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2004

Re: can have the same public key two diferent <RSAKeyValue> representations ???

From: Merlin Hughes <Merlin.Hughes@betrusted.com>
Date: Mon, 14 Jun 2004 20:56:26 +0100
To: "Martin Labarthe Dubois" <dubois@consist.com.ar>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20040614195627.A9D0943C4D@yog-sothoth>


Look at the moduli:

openssl base64 -d | od -t x1
<data>
^D

  0000000 00 b4 e7 83 f9 c4 5e de 23 a7 cb 5a b5 cd 44 1e
  ...
  0000200 47

and

  0000000 b4 e7 83 f9 c4 5e de 23 a7 cb 5a b5 cd 44 1e ab
  ...
  0000160 e0 e7 64 70 79 e4 ae 3e 2f e1 9b df 18 69 f6 47

They are the same, but the first is incorrectly encoded
with a leading 00.

Merlin

r/dubois@consist.com.ar/2004.06.14/16:39:21
>
>
>
>   I have signed an XML with two different algorithms,
>
>   they produced the same signature:
>
>
>
>   <SignatureValue>cWmKHs9Y8kDgb18KEqzwonsAhXhcbCPJlgLKw1j4LA8FE+Z
>NJEFWDk
>   D8EE+x+IF+HqrhtHaP9VNH
>   3DZXj7d2TaD2FZg2P7H48VHZBRTXguHJ4VAoJGWVCEOWJIgAYPYY9AwCzAP7Fq1
>CK0tVjZ
>   uOx/kj 1pXSR2N7nhcINoy0nwI=</SignatureValue>
>
>
>
>   and the same X509Certificate:
>
>
>
>   <X509Data>
>    
>   <X509Certificate>MIIFYjCCBEqgAwIBAgIRAOQcxH0LRFgNXlhsKI68ao8wDQ
>YJKoZIh
>   vcNAQEFBQAwgdIxCzAJBgNV
>   BAYTAkNMMR0wGwYDVQQIExRSZWdpb24gTWV0cm9wb2xpdGFuYTERMA8GA1UEBxM
>IU2FudG
>   lhZ28x
>   JDAiBgNVBAoTG0NhbWFyYSBOYWNpb25hbCBkZSBDb21lcmNpbzENMAsGA1UECxM
>ET05DRT
>   EfMB0G
>   A1UEAxMWT05DRSBQRVJTT05BUywgQ2xhc2UgMzEfMB0GCSqGSIb3DQEJARYQYWR
>taW5vbm
>   NlQGNu
>   Yy5jbDEaMBgGCgmSJomT8ixkAQETCjcwMDA4MzEwLTEwHhcNMDQwMTEzMTk1MzU
>2WhcNMD
>   cwMTEz
>   MjM1MzU2WjCB3TELMAkGA1UEBhMCQ0wxJTAjBgNVBAoTHENvbnNpc3QgVGVsZWl
>uZm9ybW
>   F0aWNh
>   IFMuQS4xGTAXBgNVBAsTEEVtcGxlYWRvIEVtcHJlc2ExEzARBgNVBAsTCkluZ2V
>uaWVyaW
>   ExGjAY
>   BgNVBAMTEUFuZHJlYSBWYWxlbnp1ZWxhMRwwGgYDVQQqExNJbmdlbmllcm8gQ29
>uc3VsdG
>   9yMSIw
>   IAYJKoZIhvcNAQkBFhNhdmFsZW56dUBjb25zaXN0LmNsMRkwFwYKCZImiZPyLGQ
>BARMJOT
>   EyNjc0
>   OS03MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC054P5xF7eI6fLWrXNRB6
>rXi8HaL
>   8Ecrnk
>   brgdEOz4rFp+bs3WgjioZyJB/QYLZcCSRMHfrGBKFO8CI9zXC5WiIP68qU0M/gJ
>TSpolCM
>   QGB2wi
>   dSx93BAXLfR1GOGI5XldXCvSKeo9SDUOj481YjTJ4OdkcHnkrj4v4ZvfGGn2RwI
>DAQABo4
>   IBqDCC
>   AaQwHwYDVR0jBBgwFoAUxdKD8zXp4e6uQwaM95MtLpQnUmcwCQYDVR0TBAIwADC
>BkwYDVR
>   0gBIGL
>   MIGIMIGFBgQqAwQFMH0wSwYIKwYBBQUHAgIwPxo9Q2VydGlmaWNhZG8gdmFsaWR
>vIHBhcm
>   EgVHJh
>   bnNhY2Npb25lcyBkZSBGYWN0dXJhIEVsZWN0cm9uaWNhLjAuBggrBgEFBQcCARY
>iaHR0cD
>   ovL3d3
>   dy5jbmMtb25jZS5jbC9mcmFtZTEwLmh0bTAjBgNVHRIEHDAaoBgGCCsGAQQBwQE
>CoAwTCj
>   cwMDA4
>   MzEwLTEwDgYDVR0PAQH/BAQDAgTwMBEGCWCGSAGG+EIBAQQEAwIFoDA8BgNVHRE
>ENTAzoB
>   cGCCsG
>   AQQBwQEBoAsTCTkxMjY3NDktN6AYBggrBgEEAcEBA6AMEwo5NjU4NzQxMC0wMB0
>GA1UdDg
>   QWBBQP
>   jv9ZI7GZDDnSfAESYWIWR6jZ4zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY2E
>uY25jLW
>   9uY2Uu
>   Y2w6NDQ3L0NOQy1QZXJzb25hcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBABtBFuc
>zwGld7a
>   X+iN8H
>   cPj3iVHSQQnFndsWydKpresdNmr04fU8SXCVsrGcqYIwK+2VbkWBmFQ9NCU+U/S
>tZ9ibwO
>   EnCHRF
>   kK8ha2BLtGaGHP1u9/TjThTto77EGsGhuXaXUjSsYVBfD0EldZ/NIkhZLsBsX6D
>qYxozmm
>   UsHcWC
>   2ihEL3abDnKEq1LcrINIktOqIruUOn2PvIW2+ai3lPTeiSp3ZVw+1qouacF71oC
>PNHn6Hn
>   rnIvpt
>   4JERrifPdnRuK/vtepL7Srrpbc4NnsZArL3sj+l7365rAJ2fyC9oijIh2+pV+Rr
>cn7oVgn
>   V092vP RE9GJ/bUs9So2n+kawk=</X509Certificate>
>     </X509Data>
>
>
>
>   but diferent Modulus+Exponent pair.
>
>
>
>   [1]- <RSAKeyValue>
>    
>   <Modulus>ALTng/nEXt4jp8tatc1EHqteLwdovwRyueRuuB0Q7PisWn5uzdaCOK
>hnIkH9B
>   gtlwJJEwd+sYEoU
>   7wIj3NcLlaIg/rypTQz+AlNKmiUIxAYHbCJ1LH3cEBct9HUY4YjleV1cK9Ip6j1
>INQ6Pjz
>   ViNMng 52RweeSuPi/hm98YafZH</Modulus>
>     <Exponent>AQAB</Exponent>
>     </RSAKeyValue>
>     </KeyValue>
>
>
>
>   and
>
>
>
>   [2]- <RSAKeyValue>
>    
>   <Modulus>tOeD+cRe3iOny1q1zUQeq14vB2i/BHK55G64HRDs+Kxafm7N1oI4qG
>ciQf0GC
>   2XAkkTB36xgShTv
>   AiPc1wuVoiD+vKlNDP4CU0qaJQjEBgdsInUsfdwQFy30dRjhiOV5XVwr0inqPUg
>1Do+PNW
>   I0yeDn ZHB55K4+L+Gb3xhp9kc=</Modulus>
>     <Exponent>AQAB</Exponent>
>     </RSAKeyValue>
>
>
>   i dindīt know that a Public Key could have two different
>   Modulus+Exponent pairs representation,
>
>   is this logical???
>
>
>
>   I verified both signatures with two diferent toolkits and both 
>are
>   valid, (i deleted de <X509Data> to force validation by RSAKeyVa
>lue
>   instead of X509Certificate.
>
>   The references in <SignedInfo> are correct too.
>
>
>
>
>
>   Thanks & Regards,
>   Martin
>
>
>
>
>
>   I deleted the X509Certificate to force validation by
>
>References
>
>   1. file://localhost/C:/temp/emartin.xml
>   2. file://localhost/C:/temp/eapache.xml
Received on Monday, 14 June 2004 16:01:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:39 UTC