You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Markus Lindner <ma...@catbull.com> on 2006/01/26 03:27:09 UTC

problem with Algorithm ecdsa-sha1

Hi there,

I use xmlsecurity to verify Signatures (dsig) in xml-files.
I got some _new_ files, which via xmlsecurity do not work the way I expected:

org.apache.xml.security.signature.XMLSignatureException: The requested
algorithm http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 does not
exist. Original Message was: null
Original Exception was java.lang.NullPointerException
        at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source)
        at org.apache.xml.security.signature.SignedInfo.<init>(Unknown
Source)
        at org.apache.xml.security.signature.XMLSignature.<init>(Unknown
Source)


I use bouncycastle as my provider. I add the provider dynamically before
verifying.

When I list all the algorithms, I got:
[long list left out]
Signatures:
[long list left out]
            SHA1WITHECNR
            OID.1.2.840.113549.1.1.5
            SHA512withRSA
            ECDSA
            SHA512WITHRSAENCRYPTION
[long list left out]

I think that "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" should
point to ECDSA.
I use xmlsecurity-1.3 (just the jar from the web
http://xml.apache.org/security/dist/java-library/ )

I am aware of the xalan/endorsed problem. I tested on linux java 1.4/1.5
and winxp 1.4/1.5.

I am not sure if xmlsecurity can handle this anyway...just wanted to ask
what is the problem here...

greetings
m.


-- 
"0x07: Signature not present. Press any key."