[xmlsec] Re: FW: X509SerialNumber

Aleksey Sanin aleksey at aleksey.com
Wed Aug 25 09:17:01 PDT 2004 

Mailing list is the right place but you need to be subscribed to
the list :)

If you are using xmlsec-openssl then I would probably trust
xmlsec output because it gets the number directly from openssl.
On the other hand, if you use the xmlsec-mscrypto then it can easily
be a bug in xmlsec-mscrypto code that produces the number. If you
have the certificate, I would recommend to use openssl to print
it out and look at the number.

Anyway, the first certificate number has only one DWORD and the
second certificate has multiple DWORDs. One of possible options
is that when you calculate the number you need to revert bytes
in DWORDs but keep DWORDs order:

1F 14 11 14 8A 53 F2 B6 49 F4 F8 4D A3 A8 14 76

which is equal to ~1.5695617 × 10^38 frome google's point of view.
This results seems closer to the number reported by xmlsec. However,
it is a pure speculation because I have no idea how you got this
number in the first place :)

Aleksey

Wes Thomas wrote:
> I originally sent this to the list serv by accident... Wasn't sure if that's
> the right place to submit questions, so I'm forwarding this to you.
> Thanks!
> 
> -----Original Message-----
> From: Wes Thomas [mailto:wes at encomia.com] 
> Sent: Tuesday, August 24, 2004 4:15 PM
> To: 'xmlsec at aleksey.com'
> Cc: 'ilya at encomia.com'
> Subject: X509SerialNumber
> 
> Hey Aleksey!
> 
> Got a question.. 
> Using XMLSec 1.2.4
> Windows 2000 etc.
> 
> I'm trying to arrive at the correct integer value for X509SerialNumber node
> in the X509IssuerSerial element.
> 
> We've made a little calculator to test and see if our formula is correct.
> 
> With one certificate I get a serial value of 0D 22 75 91 in hex and our calc
> from the right goes like this:
> 
> 91 75 22 0D
> We convert each to their integer counterparts,
> 145 117 34 13
> Add each together multiplied by 256 to the power of their position
> 145 + 117(256) + 34(256^2) + 13(256^3)
> 
> Google and our calculator say the result is = 220 362 129 which is what
> XMLSec signing says.
> 
> Our 2nd certificate has a value of 1411141FB6F2538A4DF8F4497614A8A3 Calc
> starting from the right:
> 
> A3 A8 14 76 49 F4 F8 4D 8A 53 F2 B6 1F 14 11 14
> 163 + 168*256 + 20*256^2 + 118*256^3 + 73*256^4 + 244*256^5 + 248*256^6 +
> 77*256^7 + 138*256^8 + 83*256^9 + 242*256^10 + 182*256^11 + 31*256^12 +
> 20*256^13 + 17*256^14 + 20*256^15
> 
> Google has a rounding error and gives:
> 2.66732371 × 10^37 or 26673237100000000000000000000000000000
> 
> We use a Big Integer class in .NET to get a value of:
> 26673237123177746846882916240247269539
> 
> However XMLSec reports a value of:
> 16863389628646640081019990102011455077
> 
> Is there something I'm doing wrong? This works with a smaller RSA keyed cert
> but not on the larger one.
> 
> Wes Thomas
> Encomia, L.P.
> www.encomia.com
> 
> Iguana: The other green meat.
>

More information about the xmlsec mailing list