Yes, we're relying on the fact that openssl is correct. And we're also using openssl as the crypto for this signing code.
When doing the DWORD swap, we also arrive at 156956... Unfortunately, close isn't what we need :-) The target number (16863389628646640081019990102011455077) is what openssl gave XMLSec, for the certificate we're using. That's how we got that number. We just can't seem to duplicate that number. We can with the small one (one DWORD) but not in the larger. We're going through openssl source to see if we can figure out exactly they're doing :-) any other ideas? -----Original Message----- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 11:17 AM To: Wes Thomas; [EMAIL PROTECTED] Subject: Re: FW: X509SerialNumber Mailing list is the right place but you need to be subscribed to the list :) If you are using xmlsec-openssl then I would probably trust xmlsec output because it gets the number directly from openssl. On the other hand, if you use the xmlsec-mscrypto then it can easily be a bug in xmlsec-mscrypto code that produces the number. If you have the certificate, I would recommend to use openssl to print it out and look at the number. Anyway, the first certificate number has only one DWORD and the second certificate has multiple DWORDs. One of possible options is that when you calculate the number you need to revert bytes in DWORDs but keep DWORDs order: 1F 14 11 14 8A 53 F2 B6 49 F4 F8 4D A3 A8 14 76 which is equal to ~1.5695617 � 10^38 frome google's point of view. This results seems closer to the number reported by xmlsec. However, it is a pure speculation because I have no idea how you got this number in the first place :) Aleksey Wes Thomas wrote: > I originally sent this to the list serv by accident... Wasn't sure if > that's the right place to submit questions, so I'm forwarding this to you. > Thanks! > > -----Original Message----- > From: Wes Thomas [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 24, 2004 4:15 PM > To: '[EMAIL PROTECTED]' > Cc: '[EMAIL PROTECTED]' > Subject: X509SerialNumber > > Hey Aleksey! > > Got a question.. > Using XMLSec 1.2.4 > Windows 2000 etc. > > I'm trying to arrive at the correct integer value for X509SerialNumber > node in the X509IssuerSerial element. > > We've made a little calculator to test and see if our formula is correct. > > With one certificate I get a serial value of 0D 22 75 91 in hex and > our calc from the right goes like this: > > 91 75 22 0D > We convert each to their integer counterparts, > 145 117 34 13 > Add each together multiplied by 256 to the power of their position > 145 + 117(256) + 34(256^2) + 13(256^3) > > Google and our calculator say the result is = 220 362 129 which is > what XMLSec signing says. > > Our 2nd certificate has a value of 1411141FB6F2538A4DF8F4497614A8A3 > Calc starting from the right: > > A3 A8 14 76 49 F4 F8 4D 8A 53 F2 B6 1F 14 11 14 > 163 + 168*256 + 20*256^2 + 118*256^3 + 73*256^4 + 244*256^5 + > 248*256^6 + > 77*256^7 + 138*256^8 + 83*256^9 + 242*256^10 + 182*256^11 + 31*256^12 > + > 20*256^13 + 17*256^14 + 20*256^15 > > Google has a rounding error and gives: > 2.66732371 � 10^37 or 26673237100000000000000000000000000000 > > We use a Big Integer class in .NET to get a value of: > 26673237123177746846882916240247269539 > > However XMLSec reports a value of: > 16863389628646640081019990102011455077 > > Is there something I'm doing wrong? This works with a smaller RSA > keyed cert but not on the larger one. > > Wes Thomas > Encomia, L.P. > www.encomia.com > > Iguana: The other green meat. > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
