Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 69811 invoked from network); 14 Mar 2008 17:10:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Mar 2008 17:10:41 -0000 Received: (qmail 62956 invoked by uid 500); 14 Mar 2008 17:10:38 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 62787 invoked by uid 500); 14 Mar 2008 17:10:37 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 62776 invoked by uid 99); 14 Mar 2008 17:10:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Mar 2008 10:10:37 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [198.152.71.100] (HELO de307622-de-outbound.net.avaya.com) (198.152.71.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Mar 2008 17:09:47 +0000 X-IronPort-AV: E=Sophos;i="4.25,502,1199682000"; d="scan'208,217";a="97807292" Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 14 Mar 2008 13:10:06 -0400 X-IronPort-AV: E=Sophos;i="4.25,502,1199682000"; d="scan'208,217";a="175598776" Received: from unknown (HELO 300815ANEX3.global.avaya.com) ([198.152.6.137]) by co300216-co-erhwest-out.avaya.com with ESMTP; 14 Mar 2008 13:10:05 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C885F6.40F710E4" Subject: RSA Key based signature in xtest of xml-secuirty-c (1.3.1 and 1.40) does not wok for NSS in Firefox/Linux Date: Fri, 14 Mar 2008 13:10:02 -0400 Message-ID: <727A3526E8F1E34A99CA0EAE7FC782FC99AA89@300815ANEX3.global.avaya.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RSA Key based signature in xtest of xml-secuirty-c (1.3.1 and 1.40) does not wok for NSS in Firefox/Linux Thread-Index: AciF9j3nJWnVw17ORMG1sEEOmrpc8A== From: "Mazumdar, Subrata (Subrata)" To: X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. ------_=_NextPart_001_01C885F6.40F710E4 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Hi, I have tried to run the xtest application in the XML-Security C (1.3.1 and 1.4.0) library but it fails at the verification step of "Unit testing of RSA-SHA1" signature. I have used "xtest -n".=20 =20 Here is my development environment: Fedora7 Linux, NSS code in Firefox2 and Firefox3 beta source.=20 =20 For 1.3.1 and 1.4.0 compiled with NSS in Firefox2, I get an XSECCryptoException in the "Unit testing of RSA-SHA1" signature function. =20 For 1.3.1 and 1.4..0 compiled with NSS in Firefox3, it fails in the the sig.verify() step. I get following message=20 " ... signing ... OK ... validating ... bad verify!". =20 xtext app works fine for symmetric key cases but signature verification fails for the RSA Key, even though sign() step works properly.=20 It also works fine with xml-security-c-1.3.0 and NSS in Firefox2 on Linux (Fedora7).=20 =20 I have compared the signature element form 1.3.0 and 1.4.0 and the only difference is in the SignatureValue element.=20 =20 I have also found that the size of the shared library for 1.3.1. and 1.4.0 is ~9.38MB compared to the 1.41MB for 1.3.0.=20 Is this expected? Is there anything I can do to reduce the size to be comparable 1.3.0.=20 =20 I understand the disclaimer that "NSS part is alpha", still any help in getting around the problem would be greatly appreciated.=20 Thanks. -- Subrata Mazumdar=20 =20 =20 ------_=_NextPart_001_01C885F6.40F710E4 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

Hi,

I have tried to run the xtest application in the = XML-Security C (1.3.1 and 1.4.0) library but it fails at the verification step =  of “Unit testing of RSA-SHA1” signature.

I have used “xtest –n”. =

 

Here is my development environment: Fedora7 Linux, = NSS code in Firefox2 and Firefox3 beta source.

 

For 1.3.1 and 1.4.0 compiled with NSS in Firefox2, I = get an XSECCryptoException in the “Unit testing of RSA-SHA1” = signature function.  

For 1.3.1 and 1.4..0 compiled with NSS in Firefox3, = it fails in the the sig.verify() step. I get following message =

“ … signing … OK … validating = … bad verify!”.

 

xtext app works fine for symmetric key cases but = signature verification fails for the RSA Key, even though sign() step works = properly.

It also works fine with xml-security-c-1.3.0 and NSS = in Firefox2 on Linux (Fedora7).

 

I have compared the signature element form 1.3.0 and = 1.4.0 and the only difference is in the SignatureValue element. =

 

I have also found that the size of the shared library = for 1.3.1. and 1.4.0 is ~9.38MB compared to the  1.41MB for 1.3.0. =

Is this expected? Is there anything I can do to = reduce the size to be comparable 1.3.0.

 

I understand the disclaimer that “NSS part is = alpha”, still any help in getting around the problem would be greatly = appreciated.

Thanks.

--

Subrata = Mazumdar =

 

 

------_=_NextPart_001_01C885F6.40F710E4--