[security-dev 00138]: Re: JSR105 - Other SignatureMethod implementation ?
Sean Mullan
Sean.Mullan at Sun.COM
Thu Apr 10 17:50:02 UTC 2008
Hi JKT,
> David Herron wrote:
>> JKT wrote:
>>> Hi to all,
>>>
>>> I tried to generated a xmldsig signature by using the JSR105 API. It
>>> works well except the fact that I cannot use other signature methods
>>> than DSA_SHA1, RSA_SHA1 and HMAC_SHA1.
Right. The API is lacking a feature that allows you to extend it to
support additional signature algorithms. There is an RFE open for this:
6566047. You can't see it on bugs.sun.com yet, but try in a day or two.
The RFE is to add an API similar to TransformService.
>>> Indeed, I would like to sign an object by using SHA256withRSA
>>> algorithm (the digest method SHA256 is already implemented in this
>>> version). After having downloaded the source of SUN's jsr105
>>> implementation, i discovered that i could not use another algorithm
>>> without changing the source code.
We have added support for RSA_SHA256, RSA_SHA384, RSA_SHA512,
HMAC_SHA256, HMAC_SHA384, and HMAC_SHA512 to OpenJDK. If this is an
important feature to you, we could consider backporting it to JDK 6.
>>> Does any somebody know if the next version of Sun's jsr105
>>> implementation will include other signature algorithms ?
Yes, they will be included in JDK 7.
--Sean
More information about the security-dev
mailing list