Hi Ulrich, It's probably a c14n issue. What you should do is enable logging on each side, and then compare the canonicalized bytes, before it is digested. My guess is that it is something subtle (it always is) probably with namespaces. You may also try using the Java XML DSig implementation in JDK 6 or XMLSec 1.4.1, which is more up to date.
--Sean Ulrich Ackermann wrote: > Hi all, > > I have got a question concerning the interoperability between the > Apache XML Security framework (we are currently using the version > 1.3.0) and the Sun implementation of XML DSIG (Java XML Digital > Signature API, 1.0 EA2). Currently we are running into problems > because the opposite application isn't able to verify our signature > whereas it is no problem for us to verify a signature built by the > Sun implementation based application with our app, which is built > upon the Apache XML Security framework. > > We are using enveloping signature and the problem can be narrowed > down to the digest (SHA1) we are calculating differently. The > canonicalization we are using is > org.apache.xml.security.c14nCanonicalizer.ALGO_ID_C14N_WITH_COMMENTS. > > > Are there any problems known with version 1.3.x of Apache XML > Security that are fixed with 1.4.x? Are there any known issues at all > concerning one or the other framework? > > Thank you in advance, Ulrich > _____________________________________________________________________ > Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu > sparen! > http://smartsurfer.web.de/?mc=100071&distributionid=000000000066 >
