Re: [ebxmlms-develop] signed acknowledgments

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Actually, with a bit of hacking I got it to work (I think). BC is used =
from apache...xml/security, where the jce classes are dynamically loaded =
from an Australian ftp site to bypass US export regulations. The trick =
was to pass in the 'rsa-sha1' algorithm parameter to the =
ebxmlMessage.sign function. For acks, I added a property to trigger this =
behaviour ( for signed messages, you can do it from the client =
directly). Funny thing is that verification occurs with the envelope set =
to dsa-sha1 :-), and still works fine. I guess that's because that =
information sits inside the ds:Signature, which is never signed itself, =
and is not used for the verification itself. I don't think I got it =
quite right, yet, bit it seems to work on the loopback...
  ----- Original Message -----=20
  From: Ronald van Kuijk=20
  To: 'ebx...@li...'=20
  Sent: Friday, April 04, 2003 10:50 AM
  Subject: RE: [ebxmlms-develop] signed acknowledgments

  from what i've seen the bouncycastle libraries are used in the =
signature process. The rsa algorithms are probably not included due to =
licensing restrictions.

  But thats just a wild guess
    -----Oorspronkelijk bericht-----
    Van: Gait Boxman [mailto:gai...@ti...]
    Verzonden: vrijdag 4 april 2003 9:27
    Aan: ebx...@li...
    Onderwerp: Re: [ebxmlms-develop] signed acknowledgments

    One more question: is the limitation to DSA signatures local to my =
machine (i.e. a setup problem on my part), a limitation from Hermes, or =
a limitation from XMLDsig?
    I seem to remember we were able to use RSA in the earlier days, and =
they certainly work for SSL...=20
      ----- Original Message -----=20
      From: Gait Boxman=20
      To: ebx...@li...=20
      Sent: Monday, March 31, 2003 1:56 PM
      Subject: [ebxmlms-develop] signed acknowledgments

      Hi team,=20

      per ebMS2, when signed acknowledgments are requested, the =
acknowledgment must contain the digests of the original (signed or =
unsigned) message. AFAICT, this is currently not implemented. Is there =
an easy way to add it? I've tracked down signing as far as the Apache =
XML security libs, but I was hoping of an easier and faster way to add =
the digests than going through three levels of API's...

      thnx, Gait.