Hi Pid, in that way you're able to verify an HMAC signed signature with an RSA verifying key, that's wrong by nature.
> + > + /** > + * @param value > + * @return key > + */ > + SigningKey createSigningKey(String... value); > + > + /** > + * @param value > + * @return key > + */ > + VerifyingKey createVerifyingKey(String... value); > uhm I really don't think keys have to be generated by an algorithm that the task to sign/verify a signature, Keys can be defined independently by the algorithm implementation. BTW I was integrating the Signature api to the implementation to the already existing codebase and that modification broke my work, can you please advice me before you want to modify it, to avoid we both have problems? Can you please rollback that class? Thanks in advance, very appreciated :) Simo http://people.apache.org/~simonetripodi/ http://www.99soft.org/
