[xmlsec] Problem with some cert which has a negative serial number
Michael Mi
Hao.Mi at Sun.COM
Mon Feb 21 19:52:32 PST 2005
For a bn like "FF FF FF FF", the string format can be created as following:
1) The first byte is bigger than 127, so a "-" should be added to the
result;
2) calculate the "complement" code of "FF FF FF FF", it is "00 00 00 01";
3) the result is "-0001". (How comes the three-zero? I am not so sure at
this moment, but we can find way if necessary.)
Now the "-0001" is written into the xml file. The leading zero is used
to recover the 4 "FF". If we just write "-1" into the xml file, how can
we re-generate the "FF FF FF FF"?
At this moment, Chander and I are trying to do the test. We'll let you
know any result.
Michael
Aleksey Sanin wrote:
> Note that this is not only 00s but also FFs for negative values
> (11, 111, 1111, 11111, etc. all represent the same -1). The real
> question is how smart are the NSPR (CERT_FindCertByIssuerAndSN)
> and MSCrypto (CertCompareIntegerBlob) functions? Do they understand
> that these numbers are the same or not?
>
> Anyone wants to test it?
>
> Aleksey
>
> Michael Mi wrote:
>
>> I gree with you than "01", "00 01", "00 00 00 01" are same bns
>> theoretically.
>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list