KeyInfo->KeyValue from Gregor Karlinger on 2000-02-21 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: Gregor Karlinger <Gregor.Karlinger@iaik.at>
Date: Mon, 21 Feb 2000 13:10:09 +0100
To: ML W3C XML-Signature <w3c-ietf-xmldsig@w3.org>
Message-ID: <38B12B21.13A443F4@iaik.at>

I have a problem with understanding what the KeyInfo->KeyValue element should 
contain. 

Among other things KeyValue is a possible child of KeyInfo, as it is
stated in section 4.4:

  <!ELEMENT KeyInfo ((KeyName | KeyValue | RetrievalMethod | 
                      X509Data | PGPData  | MgmtData)*)  >

Now, if one wants to produce a Signature using the DSA algorithm, section 6.4.1
tells that the DSA key values are defined as follows:

  <!ELEMENT DSAKeyValue (P, Q, G, Y, J?, (Seed, PgenCounter)?) > 
  <!ELEMENT P (#PCDATA) >
  <!ELEMENT Q (#PCDATA) >
  <!ELEMENT G (#PCDATA) >
  <!ELEMENT Y (#PCDATA) >
  <!ELEMENT J (#PCDATA) >
  <!ELEMENT Seed (#PCDATA) >
  <!ELEMENT PgenCounter (#PCDATA) >

So, what does that mean for the KeyInfo element? As I would interpret our draft,
the following instance of KeyInfo is valid:

<KeyInfo>
  <KeyValue>
    <DSAKeyValue>
       <P> ... </P>
       <Q> ... </Q>
       <G> ... </G>
       <Y> ... </Y>
    </DSAKeyValue>
  </KeyValue>
</KeyInfo>

Please can somebody tell me if I am right? (Wheter or not I am right, I think there
is a need for some clarification on that topic).

By the way, in the example given in section 10 also DSA is used as signature method.
KeyInfo is printed as follows:

<KeyInfo> 

 <KeyValue>MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4
   2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O
   1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouu
   EC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJF
   nEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/
   hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAQFL0+RhXZbDxdt17o05PlMzQGqDnAq2NM1eun+ie2
   14okrmIp4r0CGKvHM1HbFgwXMlBpkXyStYg64RTMnL9dtShw5rCkEv145TV0EYVoxBQ5X0gmrQ2Nft
   RHH8imBhx9glz//y6NE4JhfIVPu3o+55VYUwdFP0cbBvWkKOngo0=
 </KeyValue> 
</KeyInfo>


I don't think that this is a possible option. Any comments?


Gregor    
-- 
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------

Received on Monday, 21 February 2000 07:11:31 UTC