Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 8952 invoked from network); 22 Jun 2007 12:50:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Jun 2007 12:50:52 -0000 Received: (qmail 15013 invoked by uid 500); 22 Jun 2007 12:50:47 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 14949 invoked by uid 500); 22 Jun 2007 12:50:47 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 14916 invoked by uid 99); 22 Jun 2007 12:50:47 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jun 2007 05:50:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [192.18.98.31] (HELO brmea-mail-1.sun.com) (192.18.98.31) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jun 2007 05:50:42 -0700 Received: from fe-amer-09.sun.com ([192.18.108.183]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l5MCoLM8002844 for ; Fri, 22 Jun 2007 12:50:21 GMT Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JK100301EPFHU00@mail-amer.sun.com> (original mail from Sean.Mullan@Sun.COM) for security-dev@xml.apache.org; Fri, 22 Jun 2007 06:50:21 -0600 (MDT) Received: from [192.168.0.2] ([129.150.66.17]) by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JK100K30FNGMS00@mail-amer.sun.com> for security-dev@xml.apache.org; Fri, 22 Jun 2007 06:50:06 -0600 (MDT) Date: Fri, 22 Jun 2007 08:50:01 -0400 From: Sean Mullan Subject: Re: Interop question In-reply-to: <143351185@web.de> Sender: Sean.Mullan@Sun.COM To: security-dev@xml.apache.org Message-id: <467BC579.708@sun.com> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-15 Content-transfer-encoding: 7BIT X-Enigmail-Version: 0.94.2.0 References: <143351185@web.de> User-Agent: Thunderbird 1.5.0.12 (Macintosh/20070509) X-Virus-Checked: Checked by ClamAV on apache.org Hi Ulrich, It's probably a c14n issue. What you should do is enable logging on each side, and then compare the canonicalized bytes, before it is digested. My guess is that it is something subtle (it always is) probably with namespaces. You may also try using the Java XML DSig implementation in JDK 6 or XMLSec 1.4.1, which is more up to date. --Sean Ulrich Ackermann wrote: > Hi all, > > I have got a question concerning the interoperability between the > Apache XML Security framework (we are currently using the version > 1.3.0) and the Sun implementation of XML DSIG (Java XML Digital > Signature API, 1.0 EA2). Currently we are running into problems > because the opposite application isn't able to verify our signature > whereas it is no problem for us to verify a signature built by the > Sun implementation based application with our app, which is built > upon the Apache XML Security framework. > > We are using enveloping signature and the problem can be narrowed > down to the digest (SHA1) we are calculating differently. The > canonicalization we are using is > org.apache.xml.security.c14nCanonicalizer.ALGO_ID_C14N_WITH_COMMENTS. > > > Are there any problems known with version 1.3.x of Apache XML > Security that are fixed with 1.4.x? Are there any known issues at all > concerning one or the other framework? > > Thank you in advance, Ulrich > _____________________________________________________________________ > Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu > sparen! > http://smartsurfer.web.de/?mc=100071&distributionid=000000000066 >