RE: KeyInfo->KeyValue from david.solo@citicorp.com on 2000-02-24 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: <david.solo@citicorp.com>
Date: Thu, 24 Feb 2000 15:17:05 -0500
TO: Gregor.Karlinger@iaik.at, w3c-ietf-xmldsig@w3.org
Message-Id: <H0000cc4057e1a90@MHS>
Gregor,

I think you're correct.  The syntax of keyValue is based on the algorithm and 
so for DSA is would use the DSAKeyValue element, and would be

<KeyInfo>
 <KeyValue>
    <DSAKeyValue>
    </DSAKeyValue>
 </KeyValue>
</KeyInfo>

While another alg could be

<KeyInfo>
 <KeyValue>
    --encoded binary key--
 </KeyValue>
</KeyInfo>

It appears our current syntax mandates a single keyvalue format for any given 
algorithm (since there's no attribute in keyValue, the syntax is derived from 
SignatureMethod?); but I may have missed something.

Dave

-----Original Message-----
From: Gregor.Karlinger [mailto:Gregor.Karlinger@iaik.at]
Sent: Monday, February 21, 2000 7:10 AM
To: w3c-ietf-xmldsig
Cc: Gregor.Karlinger
Subject: KeyInfo->KeyValue


I have a problem with understanding what the KeyInfo->KeyValue element should 
contain. 

Among other things KeyValue is a possible child of KeyInfo, as it is
stated in section 4.4:

  <!ELEMENT KeyInfo ((KeyName | KeyValue | RetrievalMethod | 
                      X509Data | PGPData  | MgmtData)*)  >

Now, if one wants to produce a Signature using the DSA algorithm, section 6.4.1
tells that the DSA key values are defined as follows:

  <!ELEMENT DSAKeyValue (P, Q, G, Y, J?, (Seed, PgenCounter)?) > 
  <!ELEMENT P (#PCDATA) >
  <!ELEMENT Q (#PCDATA) >
  <!ELEMENT G (#PCDATA) >
  <!ELEMENT Y (#PCDATA) >
  <!ELEMENT J (#PCDATA) >
  <!ELEMENT Seed (#PCDATA) >
  <!ELEMENT PgenCounter (#PCDATA) >

So, what does that mean for the KeyInfo element? As I would interpret our draft,
the following instance of KeyInfo is valid:

<KeyInfo>
  <KeyValue>
    <DSAKeyValue>
       <P> ... </P>
       <Q> ... </Q>
       <G> ... </G>
       <Y> ... </Y>
    </DSAKeyValue>
  </KeyValue>
</KeyInfo>

Please can somebody tell me if I am right? (Wheter or not I am right, I think 
there
is a need for some clarification on that topic).

By the way, in the example given in section 10 also DSA is used as signature 
method.
KeyInfo is printed as follows:

<KeyInfo> 

 <KeyValue>MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP
4
   
2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O
   
1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouu
   
EC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJF
   
nEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/
   
hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAQFL0+RhXZbDxdt17o05PlMzQGqDnAq2NM1eun+ie2
   
14okrmIp4r0CGKvHM1HbFgwXMlBpkXyStYg64RTMnL9dtShw5rCkEv145TV0EYVoxBQ5X0gmrQ2Nft
   RHH8imBhx9glz//y6NE4JhfIVPu3o+55VYUwdFP0cbBvWkKOngo0=
 </KeyValue> 
</KeyInfo>


I don't think that this is a possible option. Any comments?


Gregor    
-- 
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Thursday, 24 February 2000 15:16:05 UTC