RE: <ds:Signature/> and <Signature/>

ECDSA signatures, like DSA sigs, will be different each time, even when
the same key is used.  

Both use random numbers in the computation of r and s.  For some testing
it is desirable to stub the random number generator.

Larry


-----Original Message-----
From: Tom Gindin [mailto:tgindin@us.ibm.com] 
Sent: Tuesday, June 06, 2006 8:15 PM
To: Hothi_Amrit@emc.com
Cc: w3c-ietf-xmldsig@w3.org
Subject: Re: <ds:Signature/> and <Signature/>


        Amritpal:

        If you look inside the lower-level signature algorithms you'll
find that the signature value is expected to be identical between
multiple uses of the same key over the same base for RSA v1 signatures (
http://www.w3.org/2000/09/xmldsig#rsa-sha1 and the various
http://www.w3.org/2001/04/xmldsig-more/rsa-* algorithms) but not for DSA
(
http://www.w3.org/2000/09/xmldsig#dsa-sha1) or RSA PSS (not used by
XMLDSIG).  I personally don't know about ECDSA.

                Tom Gindin





Hothi_Amrit@emc.com
Sent by: w3c-ietf-xmldsig-request@w3.org
05/31/2006 06:43 PM
 
        To:     <w3c-ietf-xmldsig@w3.org>
        cc: 
        Subject:        <ds:Signature/>   and <Signature/>



Hi,

 I looking at signature interoperability between C which is using
libxml2 (v 2.6.24) and Java using Apache's xml-security libs.  When I
sign the same document using the same key on same document.  The digest
match, but the signature values are different?

 Also the C lib is signing with the signature element <Signature
xmlns="http://www.w3.org/2000/09/xmldsig#"> whereas Java's signature
element is: <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">. 

Thanks,
Amritpal.

Received on Thursday, 8 June 2006 13:54:39 UTC