santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <sean.mul...@oracle.com>
Subject Re: Supported Canonicalization methods
Date Mon, 04 Jun 2012 14:50:39 GMT
On 06/01/2012 01:28 PM, David Wall wrote:
> Not sure who to ask, but is there a list of supported canonicalization
> methods?

I'm not sure if it is documented anywhere, but the config.xml file in 
the source code lists all of the supported CanonicalizationMethod 
algorithms. See:

http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?view=markup

> How about for Java 6's XML Digital Signature code?

For Oracle JDK 6: 
http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#XMLDSigProvider

> There are only the two include/exclusive versions defined in
> javax.xml.crypto.dsig CanonicalizationMethod (each with/without
> comments) that are basically like:
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315
>
> Is there a way to use the latest, like "http://www.w3.org/TR/xml-c14n11"
> or "http://www.w3.org/TR/2008/REC-xml-c14n11-20080502"? I gave these a
> try on Java 6 and they were not found, so not sure if I have the wrong
> literals or they are not supported. Is anything supported more than
> those defined in CanonicalizationMethod? I found that I could use
> RSA_SHA512 SignatureMethod with
> "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" even though it's not
> defined as a constant in there either.

Oracle's JDK 6 does support some of the stronger SHA (256, 384, 512) 
algorithms but does not support C14N 1.1. You will have to upgrade to 
JDK 7, or you can try using the latest Apache Santuario provider with 
JDK 6. (You may need to register it in your java.security file or invoke 
it using the provider name).

--Sean

Mime
View raw message