Spherical Cow

I've been struggling for the last week trying to get some cryptography code to behave the same on Windows and under Java. Yes, I searched Google, and I was even let down by my new favorite Stack Overflow. With all those misses, I thought this would be the perfect opportunity to improve my page ranking by trying to provide legitimate content that was useful to the general programming public.

The problem was trying to generate digital signatures in non-managed C++ under Windows and in Java and being able to verify the signature on the remote side, possibly in the other environment.

On the Java side we were using the Bouncy Castle libraries through the SPI layer. It seemed to be working perfectly and we were able to sign and verify between Java clients and servers. If we couldn't, that would mean we were doing something horribly wrong and the whole affair would be in jeopardy.

With the Java side working nicely, we moved on to getting the C++ and C# code working. For C#, we used the .NET RSACryptoServiceProvider. We generate the SHA-1 hash and then pass it to the SignHash method to generate the encrypted signature.

Now, on to C++. Our initial attempt used the Windows CryptoAPI, but I think it is at too low a layer and when we decrypted the signature, the byte count was completely wrong. The Java signatures came out to be 128 bytes for a 1024 bit key, but the WinCrypt came out to 127 bytes.

Not seeing a promising road ahead, we decided to write a wrapper DLL that would allow the unmanaged C++ code to call into the .NET RSACryptoServiceProvider to use the SignHash method we were using from the C# code. Now when we would receive the signature, the decrypted byte count was 35 which was closer to the 20 we thought we needed to match the SHA-1 digest, but we had no idea where the extra 15 bytes originated.

In the Java code, we were generating the signatures in a manual fashion, thinking that would be closer to the "metal" and allow easier reproduction on the C++ side. We generated the SHA-1 digest and then encrypted it with the private key. When we decrypted the .NET generated signature, the 35 bytes contained the same SHA-1 hash, but the 15 extra bytes were ahead of it. Sensing that we were really close, I started to look through the Java crypto API to see if anything else might be more suitable.

In the release notes for Bouncy Castle, I saw a reference to signature algorithms and SHA1WithRSA was listed as an option. I rewrote the signing code using the signature algorithm and low and behold, the signatures started matching. After spending a week trying to debug this we finally found our solution and everything is working great now.

But, what about those 15 bytes? Well dear readers let me point you to the special sauce. RFC 3447 describes how RSA cryptography is supposed to be done—properly. If you're in a rush, trying to meet a deadline it's not the sort of document you want to read. Heavy on math and a little difficult to follow, it's not the sort of thing you turn to first. I found a link to the RFC from another search and decided now that we had it working I would see if I could figure out where the 15 bytes came from. Scanning through the RFC, I came across the signature section. It turns out, to generate the signature, after generating the digest, you prepend an OID for the digest algorithm to the digest and then the entire thing is encrypted with the RSA private key. In the case of SHA-1 the OID is 15 bytes.

This was one of those great triumphs that I love about programming. You're stuck on a problem working to solve it and when you do, you've learned something more about the larger world of programming. Something probably known by many others, but you've discovered it anew and now it's yours to keep.

We finally received the prognosticated snowfall last night. My layman's measurement shows about 5-6 inches of snow.

One of the things I like about working in technology is you aren't limited in what you can do when the weather goes bad. I can work from home almost as if I were in the office. It makes it so I don't...have....to.....miss......work.......because.........of..........snow.

<sigh>

I saw the front page of the Seattle Times this morning saying, "Clinton to accept State job, aides say." Doesn't this just take you back to middle school? "I told Stacey that I like Dan, so she told Joe that if Dan asked me to go out that I would say yes. But I'm not sure I will say yes if he knows that I like him because, you know, I want it to be him." I guess the communication back channels we learn to use in the awkward years are more useful than we thought.

I'm a slow driver. I like to think it's because my senses are keenly aware of everything going on around me and the car and that I drive slowly because in order to take all those inputs into account in making my next driving decision, I have to reduce speed in order to allow for greater reaction time. The truth is that I'm just slow at most things.

So I pulled out onto the main street this afternoon and found a large SUV right on my tail. Pulling onto this street involves small blinds in both directions, so I may not have seen him when I turned and in that case, I cut him off. At any rate, I was going too slowly for his tastes so he honked at me which, lately, has really been irritating me, especially when the speed limit is 25 through this area. Remembering my driver's education from 22 years ago, I tapped on the brakes with the polite message of "Please stop following me so closely." Well, okay I skipped that part and went straight to laying on the brakes hard and slowing down a lot more. This did not please the driver behind me at all.

He decided that kicking his dog this morning wasn't enough, so he pulled around me on a two lane road, got in front of me and then gave me a taste of my own medicine by slowing down. He did me one better by stopping completely before reaching the stop light and put on his hazards. As I reflect on this, he was probably considering getting out of his car at this point.

Realizing I had pushed the wrong button on this guy, I just sat patiently and waited. I was prepared to wait for hours until he decided he was ready to move. He moved into the left turn lane and I moved into the right, putting us window to window. He rolled down his window and waved to me and I waved back with four more fingers than he did. He began shouting a lot of things at me, none of which I could hear with my window rolled up and with both boys in the back seat, that's probably best. I smiled at him and continued to wave with all five fingers and he pointed at me both vertically and horizontally and continued yelling at me.

When the light turned green and we both went our ways, my heart started beating again and the boys asked me why the man was yelling. I explained that he felt like I did something wrong to him and was upset about it.

Fast-forward a couple hours as I've been thinking about the incident and all the different ways it could have ended. What would I have said had we had a more face-to-face verbal exchange? I was coming up with all sorts of witty retorts and how I would have remained unemotional and let him get as angry with me as necessary. He was clearly in the wrong. I think he was driving too fast and I had every right to try to slow him down and get him away from the back of my car. Yeah, I'm completely in the right here. I didn't do anything to provoke him, I was just being my good little Christian self heading to my church office to help with some moving issues. In walks the Holy Spirit

"In the moment you stepped on your brakes you stopped looking at him with God's eyes. In that moment your disappointment in your finances and your parenting and your personal and spiritual life came together and you decided to blame that other driver for all of them. He's not what's wrong with the world, you're what's wrong with the world."

Okay, the last statement is my interpretation of what he said. But you know, he's right. I did fail in that moment. Given my chance to extend God's grace to another individual and I failed. I plan it out in my head how I'm going to show grace and kindness to my neighbor, but like the parable, I didn't expect this to be my neighbor. My knee jerk reaction (which I believe tells more about who I am) was to irritate the other driver right back. I wasn't thinking anything about what the other driver was going through. I didn't offer him the other cheek.

Where do I go from here? After thoroughly boring my boys at the church office, I took them on a walk at a nearby park. On our way back I stopped at a bench and told them how I had made a mistake. That my first reaction was a dangerous one and could have caused an accident and hurt them. I forgot to include the part about how God calls us to be better than that, so I hope they get that from Sunday School.

As we prayed before bed, I asked God to forgive me for the way I had behaved. I hate praying like this because I feel like I'm praying at them, but I want them to know this is what you do when you do wrong. You ask for forgiveness from the only one qualified to give it. I also asked that if I ever had the opportunity to make things right that I could do it to God's glory.

Everyone has a story like this. You've been me, or you've been the other guy. Whenever you tell your story, someone often shares theirs with you. In Christian circles you'll often get a smattering of, "Well this is how I dealt with someone like that..." I realized today that when I listen to those stories and think, "Wow, that would be a really good way to deal with that situation," it will never happen that way again. I am a different person, the other driver is a different person and the circumstances are different. It reminded me of Philippians 2:12 "Therefore, my dear friends, as you have always obeyed—not only in my presence, but now much more in my absence—continue to work out your salvation with fear and trembling," You can't take someone else's experience and put it to work in your own life. You have to work it out for yourself and don't forget the fear and trembling part.

My wife and I forgot our mobile phones this morning. As I was thinking about the ramifications I realized that before mobile phones, you could never have said, "I forgot my phone." That would be like saying, "I forgot my house."

My wife teaches 7th grade Social Studies which in our school district means United States history from the Pilgrims through Reconstruction. She started the school year a couple weeks late (I'll save that for another story), so she's been scrambling to catch up to where she and the kids should be. Being the wonder-husband that I am, I've pitched in with my varied talents and am converting a couple VHS tapes to DVD (shhh, don't tell anyone I know how to do it, or I'll be converting everyone's).

So tonight's offering was April Morning. It's a TV movie with an amazing cast: Rip Torn, Tommy Lee Jones, Robert Urich, Chad Lowe and might I add Meredith Salenger is quite the babe. But I digress.

As I'm working through iMovie, trying to figure out where to put chapter markers I start to get the gist of the movie. Maybe I'm not understanding the movie so much as I'm getting a sense of what the Revolutionary War meant.

In our modern age, soldiers are trained—to kill. Call it discipline, call it combat skills, the military exists to train soldiers how to kill and how not to think but to do. I understand this is necessary because when you think about it war is mad. You are trying to kill another human being with the hope that if you kill enough of them their side will surrender. Is this not madness.

In the Revolutionary War, we didn't have trained soldiers. They were farmers and tradespeople whose families had come to the colonies for more freedom and maybe a chance for a better living than they would have had in England. Freedom they were willing to pick up a gun and kill another person to obtain. That's what floored me. They believed enough in what they were doing, they were willing to kill to obtain it. And it was only an idea. It wasn't for material wealth, the colonists hadn't found oil deposits and tried to steal them from the British. They wanted to be free of the tyranny imposed on them by an out-of-touch ruler.

Where is that strength of belief now? When we see it, we are afraid of it. It doesn't meld nicely with polite society. Is there any idea that would bind the population together to fight for it? 9/11? Maybe. With the exception of the lines at the airport I see a United States remarkably like the one pre-9/11.

I certainly don't have the answer. I can't think of something I would be willing to kill another human being to obtain. We have an exciting election coming up. Make sure you vote. Make that be your "shot heard 'round the world."

At the risk of being verbally accosted by my wife let me throw out this bit of political observation. Please be aware that I profess no expertise in politics and most of the time I wish I could do without the whole lot of it.

Is it just me or did Barack Obama's choice of Joseph Biden make his campaign a lot lamer and John McCain's choice of Sarah Palin made his a lot cooler?

Now we have a horse race!

Okay, so maybe Twitter is good for something. Andy Ihnatko tweeted about watching Ninja Warrior "The Thinking Man's Heroes." We don't get the G4 channel, but thanks to the Internet, you can sample it at any time:

It's sort of a cross between the American Gladiator series, MXCE (Most Extreme Challenge Elimination) and pick one the the current reality challenge shows.