I used the Apache VerifySignature.java to verify two XMLs signatures. One of them made with Apache, the other with another API.
the signatures values are identical, also the certificates, alse the exponent, but the have different modulus. So to test I cut the certificate tag to force Apache to verify the exonent+modulus. and guess what? it says that both signatures are valid! Did i miss something? The two small XMLs are available and ready to test by the VerifySignature.java if anyone doesn´t believe this. Regards. Martin
