Hi all, I have got a question concerning the interoperability between the Apache XML Security framework (we are currently using the version 1.3.0) and the Sun implementation of XML DSIG (Java XML Digital Signature API, 1.0 EA2). Currently we are running into problems because the opposite application isn't able to verify our signature whereas it is no problem for us to verify a signature built by the Sun implementation based application with our app, which is built upon the Apache XML Security framework.
We are using enveloping signature and the problem can be narrowed down to the digest (SHA1) we are calculating differently. The canonicalization we are using is org.apache.xml.security.c14nCanonicalizer.ALGO_ID_C14N_WITH_COMMENTS. Are there any problems known with version 1.3.x of Apache XML Security that are fixed with 1.4.x? Are there any known issues at all concerning one or the other framework? Thank you in advance, Ulrich _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
