DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43056>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43056 Summary: Library does not allow specify provider for private key operations Product: Security Version: Java 1.4.1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] Hello, At src/org/jcp/xml/dsig/internal/dom/DOMRSASignatureMethod.java the Signature object is used, but it is initialized without a provider. [Relevant for decryption] The problem is that if a hardware based provider is used (One which cannot extract its private key), the signature fails. The expected behavior is to use a specific provider as any other java crypto methods. I know there is an issue with the interface stabilization... But this is a required functionality, as there is no security without hardware cryptography... And security packages should be the first to support this. Thanks! -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
