Hi,
I am trying to encrypt and decrypt SOAP body using xmlsec
library.
Before encrypting, my original SOAP message is
FABRIKAM
CONSTOSO
CSCO
JNPR
ttt
> Interesting point. If one of the required algorithms is really broken,
> it may be difficult to reach consensus on what to use in its place.
> Implementation A may support algorithm 1 but not algorithm 2, while
> implementation B supports 2 but not 1, and the two no longer
> interoperate.
Right
> I also think it's a mistake for XMLSig and similar specs to
> require only one
> or two algorithms be supported. It's a recipe for a big mess
> later, seems to
> me.
Interesting point. If one of the required algorithms is really broken,
it may be difficult to reach consensus on what to use in
> No, C++ lib doesn't support SHA-256 or stronger. It supports only MD5
> and SHA1 due to Windows CryptoAPI and OpenSSL limitations.
Thanks, didn't realize that.
> However, if you don't trust SHA1 anymore, you should consider that many
> digital certificates used for signing are signed using SHA1
+1
The bug I submitted is fixed:
http://issues.apache.org/bugzilla/show_bug.cgi?id=33393
Thanks,
Sean
Raul Benito wrote:
I have more or less complete my list of things for 1.2.1 release. So
please: can people that has report bugs test if there are corrected in
CVS version?
I want to call for vote
I also have the bug/feature my discussion myself. And I ended to let
it optional with the reset behaviour as default(i.e. the 1.1 behaviour
not the 1.2 one), as there are some people expecting this behaviour.
So this is fixed in CVS and in the soon to be released 1.2.1
Regards,
Raul
--
http://r-
Hy,
we're now using the lastet Version (1.2)
of the XML Security Package.
There seems to be a Problem with the
Canonicalizer, when using the same Canonicalizer twice.
The results of the canonicalizeSubtree
Functiond returns also the result from the Method Call before.
When we're always using
a ne
No, C++ lib doesn't support SHA-256 or stronger. It supports only MD5
and SHA1 due to Windows CryptoAPI and OpenSSL limitations.
However, if you don't trust SHA1 anymore, you should consider that many
digital certificates used for signing are signed using SHA1 (or even
MD5) digest algs. :(
Best
Scott,
Just been reading about it. (Was away for a few days.)
The reason it's not there now is neither Windows CAPI nor OpenSSL
supported -256 or -512 when the hashing functions were first implemented.
I notice the development branch of OpenSSL now includes SHA-256/512 so I
might look at compil
