Johnny Gonzalez wrote:
Hello Michael,
That's correct. The data must have the exact same
order.
How does OpenCA loads data from the DB to check the
signature with openca-sv?
When I read the data to be signed from the DB, it
appears in this order:
-----BEGIN HEADER-----
TYPE = PKCS#10
SERIAL = 4896
NOTBEFORE = Fri Jan 28 13:45:38 2005 UTC
ADDITIONAL_ATTRIBUTE_REQUESTERCN =
ADDITIONAL_ATTRIBUTE_EMAIL =
ADDITIONAL_ATTRIBUTE_DEPARTMENT =
ADDITIONAL_ATTRIBUTE_TELEPHONE =
RA = Trustcenter itself
ROLE = User
LOA = 10
-----END HEADER-----
-----BEGIN CERTIFICATE REQUEST-----
MIIB6zCCAVQCAQAwgawxCzAJBgNVBAYTAkNPMRQwEgYDVQQKEwtDRVJUSUNBTUFS
QTERMA8GA1UECxMISW50ZXJuZXQxGTAXBgNVBAMTEEJlcm5hcmRvIFZhbmVnYXMx
LTArBgkqhkiG9w0BCQEWHmJlcm5hcmRvLnZhbmVnYXNAY2VydGljYW1hcmEuYzEO
MAwGA1UEBxMFUEFTVE8xGjAYBgNVBAgTEUF2IERvcmFkbyA2OSAtIDcwMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8BtWXWJRtx4yuoo3m7VD5uO2sfLsgQ/F0
KbC2dGzUf+YCR3/mQKgPVG6GXV6+9nbcxHDYEA0ldG6cVI5bLAjxJKmSc1LJm6ZW
6veuck/vfPlMIHpwaLsfgBdR9BaYD9gs6FKzrCjpiR3Z7vG8AQCaEo75uyHDHPWJ
uzrdZCshnQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAB3GTcYKIjAIGaxcol6ve4bI
gNPhc1crNSfEsWYwgbiklWTOiGHLrg5xOe1W+bPEBBdUIDyoFGhtbzewjz15Mosq
+bctTiu3PR29Qos9LU9mV4gpvcYKsNEGTEMq8Jg9V/anWZbTk0cu/GkmEUN0KZ8p
cbvULgjegiHDXmxuKV1v
-----END CERTIFICATE REQUEST-----
But when the javascript command shows the data to be
signed it's showed this way:
-----BEGIN HEADER-----
ADDITIONAL_ATTRIBUTE_DEPARTMENT =
ADDITIONAL_ATTRIBUTE_EMAIL =
ADDITIONAL_ATTRIBUTE_REQUESTERCN =
ADDITIONAL_ATTRIBUTE_TELEPHONE =
LOA = 10
NOTBEFORE = Fri Jan 28 13:45:38 2005 UTC
RA = Trustcenter itself
ROLE = User
SERIAL = 4896
TYPE = PKCS#10
-----END HEADER-----
-----BEGIN CERTIFICATE REQUEST-----
MIIB6zCCAVQCAQAwgawxCzAJBgNVBAYTAkNPMRQwEgYDVQQKEwtDRVJUSUNBTUFS
QTERMA8GA1UECxMISW50ZXJuZXQxGTAXBgNVBAMTEEJlcm5hcmRvIFZhbmVnYXMx
LTArBgkqhkiG9w0BCQEWHmJlcm5hcmRvLnZhbmVnYXNAY2VydGljYW1hcmEuYzEO
MAwGA1UEBxMFUEFTVE8xGjAYBgNVBAgTEUF2IERvcmFkbyA2OSAtIDcwMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8BtWXWJRtx4yuoo3m7VD5uO2sfLsgQ/F0
KbC2dGzUf+YCR3/mQKgPVG6GXV6+9nbcxHDYEA0ldG6cVI5bLAjxJKmSc1LJm6ZW
6veuck/vfPlMIHpwaLsfgBdR9BaYD9gs6FKzrCjpiR3Z7vG8AQCaEo75uyHDHPWJ
uzrdZCshnQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAB3GTcYKIjAIGaxcol6ve4bI
gNPhc1crNSfEsWYwgbiklWTOiGHLrg5xOe1W+bPEBBdUIDyoFGhtbzewjz15Mosq
+bctTiu3PR29Qos9LU9mV4gpvcYKsNEGTEMq8Jg9V/anWZbTk0cu/GkmEUN0KZ8p
cbvULgjegiHDXmxuKV1v
-----END CERTIFICATE REQUEST-----
Does your verification orders the data?
However, I try to order the data the same way the
javascript window shows it, but the result remains
being different. What can I do?
if the order is equivalent then it may be
either an encoding or an cr/lf problem
it must binary equivalent
otherwise the signature can't be verified
since it won't match, different representations
could be a problem there?
just a guess
greetings
dalini
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
