> The output of my debugging shows the SignedInfo as: Using email for this is pointless. Any whitespace will throw off the result, so you'd need to compare them byte for byte on your own.
> What occurs to me is that there is an empty X509Certificate element. I > get a "DerInputStream.getLength(): lengthTag=127, too big." error if I > leave it in, and I get the validation failure if i take it out. > Perhaps this is the root of the problem? KeyInfo isn't part of the signature, and all that's probably doing is creating a "masking" error ahead of the validation error. It's certainly invalid to have an empty element there though. -- Scott
