DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42239>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42239 Summary: ECDSA signature value interoperability patch. Product: Security Version: cvs Platform: Other OS/Version: All Status: NEW Keywords: RFC Severity: normal Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] I've recently tried to verify a signature from the austrian citizen security card (www.buergerkarte.at), which uses ECDSA-singatures. Unfortunately, the code in SignatureECDSA.java passes the SignatureValue directly to the JCE-provider. However, the ECDSA xml-security spec at ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt states, that the ECDSA SignatureValue is a concatenation of the raw BigIntegers. This is in line with the semantics of SignatureValue for conventional DSA signatures (SignatureDSA.java), where the SignatureValue is converted to the ASN1 representation used by the JCE provider. The attached patch adopts the procedure of converting the SignatureValue to ASN.1 for the ECDSA algorithm. With this patch applied to xmlsec-1.4.0 I can verify the signatures of my austrian card. (An example is attached) Regards, Wolfgang -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
