- From: Martin Labarthe Dubois <dubois@consist.com.ar>
- Date: Mon, 14 Jun 2004 16:39:21 -0300
- To: <w3c-ietf-xmldsig@w3.org>
- Message-ID: <020301c45247$4a5274d0$3c0201c0@consist.com.ar>
I have signed an XML with two different algorithms, they produced the same signature: <SignatureValue>cWmKHs9Y8kDgb18KEqzwonsAhXhcbCPJlgLKw1j4LA8FE+ZNJEFWDkD8EE+x+IF+HqrhtHaP9VNH 3DZXj7d2TaD2FZg2P7H48VHZBRTXguHJ4VAoJGWVCEOWJIgAYPYY9AwCzAP7Fq1CK0tVjZuOx/kj 1pXSR2N7nhcINoy0nwI=</SignatureValue> and the same X509Certificate: <X509Data> <X509Certificate>MIIFYjCCBEqgAwIBAgIRAOQcxH0LRFgNXlhsKI68ao8wDQYJKoZIhvcNAQEFBQAwgdIxCzAJBgNV BAYTAkNMMR0wGwYDVQQIExRSZWdpb24gTWV0cm9wb2xpdGFuYTERMA8GA1UEBxMIU2FudGlhZ28x JDAiBgNVBAoTG0NhbWFyYSBOYWNpb25hbCBkZSBDb21lcmNpbzENMAsGA1UECxMET05DRTEfMB0G A1UEAxMWT05DRSBQRVJTT05BUywgQ2xhc2UgMzEfMB0GCSqGSIb3DQEJARYQYWRtaW5vbmNlQGNu Yy5jbDEaMBgGCgmSJomT8ixkAQETCjcwMDA4MzEwLTEwHhcNMDQwMTEzMTk1MzU2WhcNMDcwMTEz MjM1MzU2WjCB3TELMAkGA1UEBhMCQ0wxJTAjBgNVBAoTHENvbnNpc3QgVGVsZWluZm9ybWF0aWNh IFMuQS4xGTAXBgNVBAsTEEVtcGxlYWRvIEVtcHJlc2ExEzARBgNVBAsTCkluZ2VuaWVyaWExGjAY BgNVBAMTEUFuZHJlYSBWYWxlbnp1ZWxhMRwwGgYDVQQqExNJbmdlbmllcm8gQ29uc3VsdG9yMSIw IAYJKoZIhvcNAQkBFhNhdmFsZW56dUBjb25zaXN0LmNsMRkwFwYKCZImiZPyLGQBARMJOTEyNjc0 OS03MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC054P5xF7eI6fLWrXNRB6rXi8HaL8Ecrnk brgdEOz4rFp+bs3WgjioZyJB/QYLZcCSRMHfrGBKFO8CI9zXC5WiIP68qU0M/gJTSpolCMQGB2wi dSx93BAXLfR1GOGI5XldXCvSKeo9SDUOj481YjTJ4OdkcHnkrj4v4ZvfGGn2RwIDAQABo4IBqDCC AaQwHwYDVR0jBBgwFoAUxdKD8zXp4e6uQwaM95MtLpQnUmcwCQYDVR0TBAIwADCBkwYDVR0gBIGL MIGIMIGFBgQqAwQFMH0wSwYIKwYBBQUHAgIwPxo9Q2VydGlmaWNhZG8gdmFsaWRvIHBhcmEgVHJh bnNhY2Npb25lcyBkZSBGYWN0dXJhIEVsZWN0cm9uaWNhLjAuBggrBgEFBQcCARYiaHR0cDovL3d3 dy5jbmMtb25jZS5jbC9mcmFtZTEwLmh0bTAjBgNVHRIEHDAaoBgGCCsGAQQBwQECoAwTCjcwMDA4 MzEwLTEwDgYDVR0PAQH/BAQDAgTwMBEGCWCGSAGG+EIBAQQEAwIFoDA8BgNVHREENTAzoBcGCCsG AQQBwQEBoAsTCTkxMjY3NDktN6AYBggrBgEEAcEBA6AMEwo5NjU4NzQxMC0wMB0GA1UdDgQWBBQP jv9ZI7GZDDnSfAESYWIWR6jZ4zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY2EuY25jLW9uY2Uu Y2w6NDQ3L0NOQy1QZXJzb25hcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBABtBFuczwGld7aX+iN8H cPj3iVHSQQnFndsWydKpresdNmr04fU8SXCVsrGcqYIwK+2VbkWBmFQ9NCU+U/StZ9ibwOEnCHRF kK8ha2BLtGaGHP1u9/TjThTto77EGsGhuXaXUjSsYVBfD0EldZ/NIkhZLsBsX6DqYxozmmUsHcWC 2ihEL3abDnKEq1LcrINIktOqIruUOn2PvIW2+ai3lPTeiSp3ZVw+1qouacF71oCPNHn6HnrnIvpt 4JERrifPdnRuK/vtepL7Srrpbc4NnsZArL3sj+l7365rAJ2fyC9oijIh2+pV+Rrcn7oVgnV092vP RE9GJ/bUs9So2n+kawk=</X509Certificate> </X509Data> but diferent Modulus+Exponent pair. - <RSAKeyValue> <Modulus>ALTng/nEXt4jp8tatc1EHqteLwdovwRyueRuuB0Q7PisWn5uzdaCOKhnIkH9BgtlwJJEwd+sYEoU 7wIj3NcLlaIg/rypTQz+AlNKmiUIxAYHbCJ1LH3cEBct9HUY4YjleV1cK9Ip6j1INQ6PjzViNMng 52RweeSuPi/hm98YafZH</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> and - <RSAKeyValue> <Modulus>tOeD+cRe3iOny1q1zUQeq14vB2i/BHK55G64HRDs+Kxafm7N1oI4qGciQf0GC2XAkkTB36xgShTv AiPc1wuVoiD+vKlNDP4CU0qaJQjEBgdsInUsfdwQFy30dRjhiOV5XVwr0inqPUg1Do+PNWI0yeDn ZHB55K4+L+Gb3xhp9kc=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> i dindīt know that a Public Key could have two different Modulus+Exponent pairs representation, is this logical??? I verified both signatures with two diferent toolkits and both are valid, (i deleted de <X509Data> to force validation by RSAKeyValue instead of X509Certificate. The references in <SignedInfo> are correct too. Thanks & Regards, Martin I deleted the X509Certificate to force validation by
Received on Monday, 14 June 2004 15:43:40 UTC