[OpenID] Random failures when validating signatures
Richard Davies
richard at richarddavies.us
Wed Nov 19 22:42:21 UTC 2008
In case this helps anyone... I finally figured out what my problem was
(by hacking a PHP OpenID library to replay my session and compare
their calculations with mine.)
It turns out the problem was in my extractSecret() function when
converting the shared Diffie-Hellman secret into a string, which is
required for the ColdFusion Hash() function.
As I mentioned earlier, the DH shared secret was stored in a Java
BigInteger object. I was using the toString(16) method to convert the
number into a hex string, then converting the hex string into a binary
object, which was then converted into a regular string for the Hash
function.
But the correct procedure is to us the BigInteger's toByteArray()
method to convert it into a binary object, then convert into a regular
string for the Hash function.
On an aside, I know that it seems ridiculous to have to do all of
those conversions, but the ColdFusion Hash() function only accepts a
string value, even though behind the scenes it converts it right back
into a binary object...
More information about the general
mailing list