[xmlsec] Problem with some cert which has a negative serial number
Michael Mi
Hao.Mi at Sun.COM
Mon Feb 21 19:25:20 PST 2005
I gree with you than "01", "00 01", "00 00 00 01" are same bns
theoretically.
But the current question is whether they are still same in MSCrypto/NSS
implementation. If not, we have to keep the leading zero in the xml file.
Michael
Andrew Fan wrote:
> Aleksey Sanin wrote:
>
>>> What I suggest is to add minus sign to the string format (no matter
>>> what base it is) when a bn is negative. When creating bn from this
>>> string, the minus sign can be used to help converting back to the
>>> original bn.
>>
>>
>> Yes, I am thinking along the same lines...
>>
>>>
>>> Anyway, I just hope any bn in string format is only used in purpose
>>> of displaying, otherwise, the minus sign may cause some problem.
>>
>>
>> Unfortunately, no. The bn strng is written in xml signature as
>> certificate serial number. And one needs to know how to convert
>> a bn to decimal string and back.
>>
>>> Moreover, I also think the leading zero prefix should be reserved
>>> converting between bn and string. For instance, when converting a bn
>>> "01" to a string, the result should be "01", instead of "1". Only in
>>> this way, when converting back to a bn, the leading zero can be
>>> recoveredd.
>>
>>
>> Oh, I am really not sure about this. How this would work for decimal
>> string and hex in memory representations? Will it always be 1<->1
>> conversion?
>>
> I'm against that convert bn "01" to string "01". As Aleksey said above
> the bn is write for xml signature as serial number, so it should ship
> ASN.1 BER/DER integer encording rules. Decimal string "01", "1",
> "00001" have the same means, which should be encoded into the same bn.
>
> Andrew
>
>> Aleksey
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list