You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by "Centeno Martinez, Fernando" <FC...@IGAE.minhac.es> on 2004/11/11 10:19:00 UTC
RE: Java XML security 1.2RC1 ready to download
Hello
I was testing the new xml security version 1.2, and I've found a strange thing.
I was verifying a file. This file had got an incorrect signature with previous versions, and now with the new version the verify says the signature is correct. I don't know why???
I'm attaching the file, and I'd be very grateful if somebody could explain me what's happening
Thanks for all
Fernando Centeno
-----Mensaje original-----
De: Raul Benito [mailto:raul-info@r-bg.com]
Enviado el: sábado, 30 de octubre de 2004 21:21
Para: security-dev@xml.apache.org
Asunto: Java XML security 1.2RC1 ready to download
Hello all,
I have just upload a fresh compiled jar of the first release
candidate of version 1.2 of the java XML-Security to the Apache site.You
can find it
http://xml.apache.org/security/dist/java-library/xmlsec-1.2RC1.jar.
A lot of changes have happened since the 1.1 release, mainly:
- A rewrote canonicalization.
- A lot of memory consumption reduction work.
- A lot of optimization work.
- A new JCE discovering mechanism.
So please download and test with your programs, so we can be sure we
haven't break anything.
Regards,
Raul
http://r-bg.com
Re: Java XML security 1.2RC1 ready to download
Posted by ra...@r-bg.com.
On 11/11/2004, at 10:19, Centeno Martinez, Fernando wrote:
> Hello
>
> I was testing the new xml security version 1.2, and I've found a
> strange thing.
>
> I was verifying a file. This file had got an incorrect signature with
> previous versions, and now with the new version the verify says the
> signature is correct. I don't know why???
>
> I'm attaching the file, and I'd be very grateful if somebody could
> explain me what's happening
>
> Thanks for all
>
> Fernando Centeno
>
> Regards,
>
>
> <prueba.xml>
Hi Fernando,
First of all how this signature was created, was it tampered or it
just a good one? Regarding the changes from 1.1 there are at least one
obscure bug in the c14n code that was fixed from 1.1, but as the c14n
was rewritten other things can be fixed. If it was a wrong signature,
then We'll need to see more carefully but I think that is unlikely.
Waiting for your answers,
Raul
htpp://r-bg.com