- From: Karl Scheibelhofer <karl.scheibelhofer@iaik.tugraz.at>
- Date: Tue, 15 Jun 2004 10:20:16 +0200
- To: "Martin Labarthe Dubois" <dubois@consist.com.ar>, <w3c-ietf-xmldsig@w3.org>
according to http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary, the first representation of the modulus (ALT...ZH) is incorrect because it contains a leading zero octet. Karl -- Karl Scheibelhofer, IAIK - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Fax: +43 316 873 5520 http://jce.iaik.tugraz.at/ ----- Original Message ----- From: "Martin Labarthe Dubois" <dubois@consist.com.ar> To: <w3c-ietf-xmldsig@w3.org> Sent: Monday, June 14, 2004 9:39 PM Subject: can have the same public key two diferent <RSAKeyValue> representations ??? I have signed an XML with two different algorithms, they produced the same signature: <SignatureValue>cWmKHs9Y8kDgb18KEqzwonsAhXhcbCPJlgLKw1j4LA8FE+ZNJEFWDkD8EE+x +IF+HqrhtHaP9VNH 3DZXj7d2TaD2FZg2P7H48VHZBRTXguHJ4VAoJGWVCEOWJIgAYPYY9AwCzAP7Fq1CK0tVjZuOx/kj 1pXSR2N7nhcINoy0nwI=</SignatureValue> and the same X509Certificate: <X509Data> <X509Certificate>MIIFYjCCBEqgAwIBAgIRAOQcxH0LRFgNXlhsKI68ao8wDQYJKoZIhvcNAQE FBQAwgdIxCzAJBgNV BAYTAkNMMR0wGwYDVQQIExRSZWdpb24gTWV0cm9wb2xpdGFuYTERMA8GA1UEBxMIU2FudGlhZ28x JDAiBgNVBAoTG0NhbWFyYSBOYWNpb25hbCBkZSBDb21lcmNpbzENMAsGA1UECxMET05DRTEfMB0G A1UEAxMWT05DRSBQRVJTT05BUywgQ2xhc2UgMzEfMB0GCSqGSIb3DQEJARYQYWRtaW5vbmNlQGNu Yy5jbDEaMBgGCgmSJomT8ixkAQETCjcwMDA4MzEwLTEwHhcNMDQwMTEzMTk1MzU2WhcNMDcwMTEz MjM1MzU2WjCB3TELMAkGA1UEBhMCQ0wxJTAjBgNVBAoTHENvbnNpc3QgVGVsZWluZm9ybWF0aWNh IFMuQS4xGTAXBgNVBAsTEEVtcGxlYWRvIEVtcHJlc2ExEzARBgNVBAsTCkluZ2VuaWVyaWExGjAY BgNVBAMTEUFuZHJlYSBWYWxlbnp1ZWxhMRwwGgYDVQQqExNJbmdlbmllcm8gQ29uc3VsdG9yMSIw IAYJKoZIhvcNAQkBFhNhdmFsZW56dUBjb25zaXN0LmNsMRkwFwYKCZImiZPyLGQBARMJOTEyNjc0 OS03MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC054P5xF7eI6fLWrXNRB6rXi8HaL8Ecrnk brgdEOz4rFp+bs3WgjioZyJB/QYLZcCSRMHfrGBKFO8CI9zXC5WiIP68qU0M/gJTSpolCMQGB2wi dSx93BAXLfR1GOGI5XldXCvSKeo9SDUOj481YjTJ4OdkcHnkrj4v4ZvfGGn2RwIDAQABo4IBqDCC AaQwHwYDVR0jBBgwFoAUxdKD8zXp4e6uQwaM95MtLpQnUmcwCQYDVR0TBAIwADCBkwYDVR0gBIGL MIGIMIGFBgQqAwQFMH0wSwYIKwYBBQUHAgIwPxo9Q2VydGlmaWNhZG8gdmFsaWRvIHBhcmEgVHJh bnNhY2Npb25lcyBkZSBGYWN0dXJhIEVsZWN0cm9uaWNhLjAuBggrBgEFBQcCARYiaHR0cDovL3d3 dy5jbmMtb25jZS5jbC9mcmFtZTEwLmh0bTAjBgNVHRIEHDAaoBgGCCsGAQQBwQECoAwTCjcwMDA4 MzEwLTEwDgYDVR0PAQH/BAQDAgTwMBEGCWCGSAGG+EIBAQQEAwIFoDA8BgNVHREENTAzoBcGCCsG AQQBwQEBoAsTCTkxMjY3NDktN6AYBggrBgEEAcEBA6AMEwo5NjU4NzQxMC0wMB0GA1UdDgQWBBQP jv9ZI7GZDDnSfAESYWIWR6jZ4zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY2EuY25jLW9uY2Uu Y2w6NDQ3L0NOQy1QZXJzb25hcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBABtBFuczwGld7aX+iN8H cPj3iVHSQQnFndsWydKpresdNmr04fU8SXCVsrGcqYIwK+2VbkWBmFQ9NCU+U/StZ9ibwOEnCHRF kK8ha2BLtGaGHP1u9/TjThTto77EGsGhuXaXUjSsYVBfD0EldZ/NIkhZLsBsX6DqYxozmmUsHcWC 2ihEL3abDnKEq1LcrINIktOqIruUOn2PvIW2+ai3lPTeiSp3ZVw+1qouacF71oCPNHn6HnrnIvpt 4JERrifPdnRuK/vtepL7Srrpbc4NnsZArL3sj+l7365rAJ2fyC9oijIh2+pV+Rrcn7oVgnV092vP RE9GJ/bUs9So2n+kawk=</X509Certificate> </X509Data> but diferent Modulus+Exponent pair. - <RSAKeyValue> <Modulus>ALTng/nEXt4jp8tatc1EHqteLwdovwRyueRuuB0Q7PisWn5uzdaCOKhnIkH9BgtlwJJ Ewd+sYEoU 7wIj3NcLlaIg/rypTQz+AlNKmiUIxAYHbCJ1LH3cEBct9HUY4YjleV1cK9Ip6j1INQ6PjzViNMng 52RweeSuPi/hm98YafZH</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> and - <RSAKeyValue> <Modulus>tOeD+cRe3iOny1q1zUQeq14vB2i/BHK55G64HRDs+Kxafm7N1oI4qGciQf0GC2XAkkT B36xgShTv AiPc1wuVoiD+vKlNDP4CU0qaJQjEBgdsInUsfdwQFy30dRjhiOV5XVwr0inqPUg1Do+PNWI0yeDn ZHB55K4+L+Gb3xhp9kc=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> i dindīt know that a Public Key could have two different Modulus+Exponent pairs representation, is this logical??? I verified both signatures with two diferent toolkits and both are valid, (i deleted de <X509Data> to force validation by RSAKeyValue instead of X509Certificate. The references in <SignedInfo> are correct too. Thanks & Regards, Martin I deleted the X509Certificate to force validation by
Received on Tuesday, 15 June 2004 08:52:45 UTC