[OpenID] Random failures when validating signatures
Breno de Medeiros
breno at google.com
Fri Nov 14 00:09:31 UTC 2008
I would introduce tests to ensure that the BigIntegers are positive
everywhere, just to make sure.
On Thu, Nov 13, 2008 at 4:06 PM, Richard Davies
<richard at richarddavies.us> wrote:
> On Nov 13, 9:30 am, Richard Davies <rich... at richarddavies.us> wrote:
>> Oh. Good suggestion. I have a btwoc() function to convert my integers
>> into strings, but I don't think I was paying particular attention to
>> how I was "unbtwoc()" the server_public value. I'll take a look at
>> that. Thanks.
>
> I'm using Java BigIntegers to store my numbers. As far as I can tell,
> it looks like this class stores them internally in the same format
> that btwoc() produces. In other words, the BigInteger.toByteArray()
> method seems to be equivalent to btwoc(). And when I create a
> BigInteger from a byte array (such as the server_public value), it
> correctly accounts for the leading 0 byte to make the number positive.
> So, as far as I can tell, I am handling the signed numbers correctly
> because BigInteger handles those details for me behind the scenes.
>
> So I'm back to square one. About half of the time, it's reporting that
> the signature is invalid and I'm not where where I'm messing up in the
> validation process. I still think it may be a character encoding
> issue, but I'm not sure. Any other suggestions?
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
More information about the general
mailing list