santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <>
Subject Re: SignatureAlgorithm problem with initSign and initVerify methods (xmlsec-1.4.1)
Date Tue, 12 Jun 2007 13:35:01 GMT
Hi Kevin,
It seems a bug, can you write a test case that shows the same problem?
and attached it to a bugzilla entry



On 6/12/07, Kevin Troy <> wrote:
> Hi,
> We're migrating a working web application from Java 1.4.2 to Java 1.5.
> Our 1.4.2 application used xmlsec-1.2.1 and worked fine. We've upgraded
> to xmlsec-1.4.1 in the process and we have encountered a problem that
> occurs when we try to sign/verify multiple documents with the same key
> pair:
> Consider a scenario when multiple XML documents need to be signed and
> verified with the same key pair. (The verification is just to confirm
> that signing worked). Therefore, for a given KeyPair instance, we do the
> following on each iteration:
> 1. XMLSignature sig = new XMLSignature(....);
> 2. Sign XML document with PrivateKey
> 3. Verify XML document with PublicKey (sanity check)
> The problem occurs on the second iteration. It appears that, because we
> are using the same PrivateKey to sign on each iteration, the code
> remains initialised for verification (a result of step 3 above), and is
> not re-initialised for signing as it is using a cached Private Key.
> We were unable to find an API call to resolve this. We made changes to
> SignatureAlgorithm::initSign(Key) and
> SignatureAlgorithm::initVerify(Key) so that cached keys were no longer
> used. We are therefore always calling the engineInitSign(Key) and
> engineInitVerify(Key) on the SignatureAlgorithm implementation.
> Just wondering if:
> a) we have missing something obvious here
> OR
> b) this is a legitimate limitation that may need to be addressed in code
> Thanks in advance,
> Kevin


View raw message