[xmlsec] Problem with some cert which has a negative serial number

Aleksey Sanin aleksey at aleksey.com
Mon Feb 21 18:42:07 PST 2005

> What I suggest is to add minus sign to the string format (no matter what 
> base it is) when a bn is negative. When creating bn from this string, 
> the minus sign can be used to help converting back to the original bn.
Yes, I am thinking along the same lines...

> Anyway, I just hope any bn in string format is only used in purpose of 
> displaying, otherwise, the minus sign may cause some problem.
Unfortunately, no. The bn strng is written in xml signature as
certificate serial number. And one needs to know how to convert
a bn to decimal string and back.

> Moreover, I also think the leading zero prefix should be reserved 
> converting between bn and string. For instance, when converting a bn 
> "01" to a string, the result should be "01", instead of "1". Only in 
> this way, when converting back to a bn, the leading zero can be recoveredd.
Oh, I am really not sure about this. How this would work for decimal
string and hex in memory representations? Will it always be 1<->1


More information about the xmlsec mailing list