[security-dev 00138]: Re: JSR105 - Other SignatureMethod implementation ?

Sean Mullan Sean.Mullan at Sun.COM
Thu Apr 10 10:50:02 PDT 2008


Hi JKT,

> David Herron wrote:
>> JKT wrote:
>>> Hi  to all,
>>>
>>> I tried to generated a xmldsig signature by using the JSR105 API. It 
>>> works well except the fact that I cannot use other signature methods 
>>> than DSA_SHA1, RSA_SHA1 and HMAC_SHA1.

Right. The API is lacking a feature that allows you to extend it to 
support additional signature algorithms. There is an RFE open for this: 
6566047. You can't see it on bugs.sun.com yet, but try in a day or two.
The RFE is to add an API similar to TransformService.

>>> Indeed, I would like to sign an object by using SHA256withRSA 
>>> algorithm (the digest method SHA256 is already implemented in this 
>>> version). After having downloaded the source of  SUN's jsr105 
>>> implementation, i discovered that i could not use another algorithm 
>>> without changing the source code.

We have added support for RSA_SHA256, RSA_SHA384, RSA_SHA512, 
HMAC_SHA256, HMAC_SHA384, and HMAC_SHA512 to OpenJDK. If this is an 
important feature to you, we could consider backporting it to JDK 6.

>>> Does any somebody know if the next version of Sun's jsr105 
>>> implementation will include other signature algorithms ?

Yes, they will be included in JDK 7.

--Sean



More information about the security-dev mailing list