Hi everyone, Apologies in advance for what is probably a rather naive question. Current distributions of Apache XML-Security contain no third party JCE, but all of the documentation points to using the latest versions of the Bouncy Castle JCE as the provider for XML-Security. I am dealing with clients that are hyper-sensitive to non-U.S. crypto implementations, and so I pose the question:
If I am using J2SE 1.4.2 (1.4.2_03, to be precise), does the default Sun provider that ships with 1.4.2 provide everything I need to use XML-Security to both sign and encrypt? I was initially suspicious of the SunJCE supporting SHA1withRSA (I am primarily concerned with XML-DSIG), but it appears to me that 1.4.2 SunJCE supports it just fine.
I would sincerely be grateful if someone could either confirm that the 1.4.2 SunJCE supports all of the Apache XML-Security use cases OR provide me with a list of use cases that require a third party JCE such as Bouncy Castle.
Sun's JCA/JCE provider in 1.4.2 should have everything you need for XML DSig and has almost everything you need for XML Enc. These are the exceptions:
- we don't support the XML Encryption Block Encryption Padding algorithm (ISO10126) This will be fixed in 1.5, which a beta version will be available soon. As a workaround you might be to do the padding/unpadding yourself.
- we don't support the XML Encryption RSA and RSA-OAEP key transport algorithms. Both of these will be supported in 1.5 (beta available soon).
--Sean
