W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

RE: MS crypto API and Java security API (KeyValue)

From: Brian LaMacchia <bal@microsoft.com>
Date: Mon, 16 Apr 2001 09:36:16 -0700
Message-ID: <BCDB2C3F59F5744EBE37C715D66E779CEAB65A@red-msg-04.redmond.corp.microsoft.com>
To: "??" <harada@prs.cs.fujitsu.co.jp>
Cc: <w3c-ietf-xmldsig@w3.org>
You probably have a byte-ordering problem -- the bignums exported by
CryptoAPI are in little-endian format, and I bet your Java APIs require
the integers in big-endian format.  You likely need to reverse the r and
s values of the DSA signature before feeding it to your Java routines.
Same for exported public key values.


-----Original Message-----
From: harada@prs.cs.fujitsu.co.jp [mailto:harada@prs.cs.fujitsu.co.jp] 
Sent: Monday, April 16, 2001 6:04 AM
To: w3c-ietf-xmldsig@w3.org
Subject: MS crypto API and Java security API (KeyValue)

 How do you do? I am a signature beginner.
I wonder whether I may ask the following question
in this mailing-list, but I hope some answer which
will solve it.

My question is :

   How to convert a DSA key value byte array obtained
   by Microsoft Cryprto API to a W3C DSAKeyValue?

 I get a signature DSAKeyValue by MS Crypto API
such as CryptoExportKey and struct PUBLICKEYSTRUC,
DSSPUBKEY, and so on.
 And I can verify a XML signature which is created
by MS crypto API as above, but I cannot verify it
by neither IBM xss4j nor our signature processor
on Java security API.
 The MS crypto API SignatureValue byte array's size is 40,
and it seems to be right size of SignatureValue.
 So I think I need to convert the DSAKeyValue array.

 In xss4j, I try to verify the signature below and get

java.lang.ArithmeticException: BigInteger not invertible.
        at java.math.MutableBigInteger.mutableModInverse(Unknown Source)
        at java.math.BigInteger.modInverse(Unknown Source)
        at sun.security.provider.DSA.generateW(Unknown Source)
        at sun.security.provider.DSA.engineVerify(Unknown Source)
        at java.security.Signature.verify(Unknown Source)
com.ibm.xml.dsig.SignatureMethod$SignatureMethodImpl.verify(Unknown S

  Are there anybody who tried signing in MS crypto API
and verifing in Java2 security API?

 My other questions are
 - Certificates got by MS crypto API are many many
   certificates and seems not to have the user's
   self-signed certificate.So XML signature by
   MS crypto API should have no X509Certificate data
   in default state. Is it right?
 - At my glance on GPKI (the Japanese Government Public
   Key Infrastructure), I recognized each certificate
   of trust chain has a CRL.
   How should I represent each CRL for each certificate?

[XML signature created by using MS crypto API]
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <Reference URI="file:///G:\src\dom\signature\tool\xmlsig\test.txt">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Received on Monday, 16 April 2001 12:54:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:10:04 UTC