Re: pkcs

     I can transcribe a certificate's signature (from a test system) in
this form if desired.  However, this would not be as easy to understand as
the example in DSS.  It would be something like: the following value (128
bytes binary, 172 characters of base 64) is a signature value for this
algorithm associated with the following public key (140 bytes binary).
     This brings up a second question.  Which parts of the ASN.1 wrapping
are to be included?  A 1024-bit signature may be encoded in either 128 or
129 bytes, depending on whether the high-order bit is 0 or 1, and there is
also the "extra-bits" byte, which is almost always zero.  Here are the
examples of what I mean, for a typical 512-bit signature:

     03 42 00 00 85 zy (62 more bytes)
     03 41 00 62 yz  (62 more bytes)

     Where do we start the conversion to base 64 - with the 03 byte, the
first 00 byte, or the first byte after the 00's?

     Key Values were somewhat clearer, but not absolutely so.  Here is a
fairly typical example for a 1024-bit RSA key:

     30 81 89 02 81 81 00 C4 xy (126 more bytes) 02 03 01 00 01

     Does the value to be converted for the exponent start with "C4" or
with "00"?

          Tom Gindin

"Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 05/05/2000 07:25:40 PM

Sent by:  w3c-ietf-xmldsig-request@w3.org


To:   "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
cc:
Subject:  pkcs




'Section 6.4.2 PKCS1' has long stated that an example will be provided?
Does
anyone care to provide one, or should we delete that editorial note? (Also,
we do want to call this section 'PKCS1' right?)

        The output of the RSA algorithm is an octet string. The
        SignatureValue content for an RSA signature shall be the
        base64 encoding of this octet string. Example: TBD

_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Monday, 8 May 2000 11:39:44 UTC