You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Martin Labarthe Dubois <du...@consist.com.ar> on 2004/06/09 19:42:27 UTC

Can the same certificate have two different RSA-Modulus, RSA-Exponent pairs? --> YES!

it´s surprising...

the same key using two different algorithm, has generated the same
signature, with the same certificate but with different,
exponent+modulus pair.

i verified both, and both are correct! (with Apache and with IBM xml
security suit.)


someone here told once that the same certificate could not have two
different modulus+exponent representation, this seems to be the exception.


<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>ALTng/nEXt4jp8tatc1EHqteLwdovwRyueRuuB0Q7PisWn5uzdaCOKhnIkH9BgtlwJJ
Ewd+sYEoU
7wIj3NcLlaIg/rypTQz+AlNKmiUIxAYHbCJ1LH3cEBct9HUY4YjleV1cK9Ip6j1INQ6PjzViNMng
52RweeSuPi/hm98YafZH</Modulus>
 <Exponent>AQAB</Exponent>
 </RSAKeyValue>
</KeyValue>
</KeyInfo>

<KeyValue>
<RSAKeyValue>
<Modulus>tOeD+cRe3iOny1q1zUQeq14vB2i/BHK55G64HRDs+Kxafm7N1oI4qGciQf0GC2XAkkT
B36xgShTv
AiPc1wuVoiD+vKlNDP4CU0qaJQjEBgdsInUsfdwQFy30dRjhiOV5XVwr0inqPUg1Do+PNWI0yeDn
ZHB55K4+L+Gb3xhp9kc=</Modulus>
 <Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>

Re: Can the same certificate have two different RSA-Modulus, RSA-Exponent pairs? --> YES!

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Martin Labarthe Dubois wrote:

> someone here told once that the same certificate could not have two
> different modulus+exponent representation, this seems to be the exception.

And it's still true :>.

The two modulus values are actually exactly the same, it's just that one 
has a leading '0' byte that has made it into the key value represented 
in the XML.  That throws the base64 into looking completely different, 
but given these things are really just large integers, the addition of a 
leading 0 doesn't change its value.

Cheers,
	Berin