MS crypto API and Java security API (KeyValue) from 原田 on 2001-04-16 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: 原田 <harada@prs.cs.fujitsu.co.jp>
Date: Mon, 16 Apr 2001 09:04:13 -0400 (EDT)
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <00a201c0c675$e64c3080$9656230a@prs.cs.fujitsu.co.jp>
 How do you do? I am a signature beginner.
I wonder whether I may ask the following question
in this mailing-list, but I hope some answer which
will solve it.

My question is :

   How to convert a DSA key value byte array obtained
   by Microsoft Cryprto API to a W3C DSAKeyValue?

 I get a signature DSAKeyValue by MS Crypto API
such as CryptoExportKey and struct PUBLICKEYSTRUC,
DSSPUBKEY, and so on.
 And I can verify a XML signature which is created
by MS crypto API as above, but I cannot verify it
by neither IBM xss4j nor our signature processor
on Java security API.
 The MS crypto API SignatureValue byte array's size is 40,
and it seems to be right size of SignatureValue.
 So I think I need to convert the DSAKeyValue array.

 In xss4j, I try to verify the signature below and get

java.lang.ArithmeticException: BigInteger not invertible.
        at java.math.MutableBigInteger.mutableModInverse(Unknown Source)
        at java.math.BigInteger.modInverse(Unknown Source)
        at sun.security.provider.DSA.generateW(Unknown Source)
        at sun.security.provider.DSA.engineVerify(Unknown Source)
        at java.security.Signature.verify(Unknown Source)
        at com.ibm.xml.dsig.SignatureMethod$SignatureMethodImpl.verify(Unknown S
ource)

  Are there anybody who tried signing in MS crypto API
and verifing in Java2 security API?

P.S.
 My other questions are
 - Certificates got by MS crypto API are many many
   certificates and seems not to have the user's
   self-signed certificate.So XML signature by
   MS crypto API should have no X509Certificate data
   in default state. Is it right?
 - At my glance on GPKI (the Japanese Government Public
   Key Infrastructure), I recognized each certificate
   of trust chain has a CRL.
   How should I represent each CRL for each certificate?

[XML signature created by using MS crypto API]
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <Reference URI="file:///G:\src\dom\signature\tool\xmlsig\test.txt">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>h6zsF82dzSCnFsws9nQXtxyKcBY=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>KoknVleqm4cE6iN00FL5ZMXqKtlU//uNNZ3Gcvd9FuiOc0Nsuo97mg==</SignatureValue>
  <KeyInfo>
    <KeyValue><DSAKeyValue><P>T3DaFZP7c9/myxbhU+Mk4j5g7hu+aiU3zEN90Hs2vQO3Z2EibL0itC+G72+5cVZ+SefmVtwtyBds
zMnX9kSwquUelBwcmvsFyylZBcMMBwmNpXFjz7Ur1DFGO2XgryfVG5Ns1U6A/ULAACGCy67bY55b
XFVKrHw30J9X4U99eIA=</P><Q>PW3icYRgGmmCxDnyr2UdK9pDRtw=</Q><G>HQRf4wE4NVilsy5ekfv1vJvpjkRz2l9/FwimXtzUWKMPoaEmjPuNcfX/WJTvoxg13j+05j
+nls/z
9GCwaVojeY+5DIldGoRv/I91zlDPIxamHRBwA7GxYhM1xEbs4IgXJMqp7fiXz1K8pNzENDooKBL6
MRaq1u2SlQUgrnYGCoA=</G><Y>TaXw7JTXexkkhz26q5BSCjYiUDQBQCGOid/gPEaPCcRjk6hJ7OdnjHiv5gHgebBCaDVSLR/dlDwf
hFBFRCecDrJ47EeO3XQ7hyr6Wt8ZpoxikRGRmNVrFYbytZ9/t3L2xFS5oUEBFVppzC4XItOUbJ+I
drMfucs/69MGKmgeQHk=</Y></DSAKeyValue></KeyValue>
    </KeyInfo></Signature>
Received on Monday, 16 April 2001 10:49:08 UTC