[xmlsec] Problem with some cert which has a negative serial number
Aleksey Sanin
aleksey at aleksey.com
Mon Feb 21 18:42:07 PST 2005
> What I suggest is to add minus sign to the string format (no matter what
> base it is) when a bn is negative. When creating bn from this string,
> the minus sign can be used to help converting back to the original bn.
Yes, I am thinking along the same lines...
>
> Anyway, I just hope any bn in string format is only used in purpose of
> displaying, otherwise, the minus sign may cause some problem.
Unfortunately, no. The bn strng is written in xml signature as
certificate serial number. And one needs to know how to convert
a bn to decimal string and back.
> Moreover, I also think the leading zero prefix should be reserved
> converting between bn and string. For instance, when converting a bn
> "01" to a string, the result should be "01", instead of "1". Only in
> this way, when converting back to a bn, the leading zero can be recoveredd.
Oh, I am really not sure about this. How this would work for decimal
string and hex in memory representations? Will it always be 1<->1
conversion?
Aleksey
More information about the xmlsec
mailing list