Joe Hildebrand wrote: > For the complex example, I get: > > client/pc/el/Ψ 0.9.1<client/pc/en/Psi > 0.9.1<http://jabber.org/protocol/disco#info<http://jabber.org/protocol/disco#items > <http://jabber.org/protocol/muc<urn:xmpp:dataforms:softwareinfo<ip_version<ipv4<ipv6 > <os<Mac<os_version<10.5.1<software<Psi<software_version<0.11< > > > > 8lu+88MRxmKM7yO3MEzY7YmTsWs= > > But then, I utf-8 encoded before I sha'd.
I have been generating the verification strings at the command line using OpenSSL, which works fine for US-ASCII but not for characters outside that set. > SHA-1 is defined over > octets, not characters, right? I think we should specify utf-8 > encoding in step 7. I think you mean step 8: 8. Compute ver by hashing S using the algorithm specified in the 'hash' attribute (e.g., SHA-1 as defined in RFC 3174 [16]). The hashed data MUST be generated with binary output and encoded using Base64 as specified in Section 4 of RFC 4648 [17] (note: the Base64 output MUST NOT include whitespace and MUST set padding bits to zero). [18] So I think you want to add another step before the hashing algorithm is applied: 8. Ensure that S is encoded according to the UTF-8 encoding (RFC 3269 [16]). 9. Compute the verification string by hashing S using the algorithm specified in the 'hash' attribute (e.g., SHA-1 as defined in RFC 3174 [17]). The hashed data MUST be generated with binary output and encoded using Base64 as specified in Section 4 of RFC 4648 [18] (note: the Base64 output MUST NOT include whitespace and MUST set the number of pad bits to zero). [19] > Source code for my quick hack python script: > http://www.pastebin.ca/876951 Fun. /psa
smime.p7s
Description: S/MIME Cryptographic Signature
