I created a jira for this as well: https://issues.apache.org/jira/browse/WSS-140
org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal calls UUIDGenerator to set the Id attribute of EncryptedKey. The problem is that the Id attribute is an xml Id and should be a NCName (non-colonized name). The output generated from WSSecEncryptedKey is: <xenc:EncryptedKey Id="EncKeyId-urn:uuid:8673283BB2856861F7121847399704618"> Any validating parser would fail based on that value. Bottom line: wss4j generates invalid xml because of the Id attribute and the fact that it is not a NCName. No one has ever sent a wss4j 1.5.4 encrypted soap request to a validating parser?
