Problems calculating signature
Granqvist, Hans
hgranqvist at verisign.com
Tue Sep 5 18:17:29 UTC 2006
> I'd be great if somebody volunteered to write down the
> complete set of steps to do the OpenID crypto, and annotated
> it with an actual numeric example for each step.
Agree, that would be great.
> Our experience at NetMesh implementing OpenID for InfoGrid
> was similar to Thom's -- it took at lot longer than expected
> until we got it working, but then only 9 out of 10 times. It
> took a few months of cursing (and lots of help) before we
> realized that there was a leading-zero problem in one of the
> steps that would only occur rarely depending on the mood of
> the random generator.
Johannes, if you managed to do it correctly, you'd be able
to straw-man that set of steps, no? ;)
> A numerically-annotated set of steps would be really helpful.
> Actually, several annotations to catch things like leading
> zeros, negative numbers etc. etc. would be even more so.
These problems seem to echo the issue with two-complement leading
zero bytes -- to make sure the two's-complement form always is
positive. I'm curious: was your implementation using Java
BigIntegers?)
Perhaps the RFC 2437 (PKCS#1) I2OSP() function can shed some
light and provide an alternate starting point to the
openid btwoc() function?
Thanks,
Hans
More information about the general
mailing list