IAIK

IAIK XML Security Toolkit (XSECT)

version 2.10

Version History

SIC

XSECT 2.10

Class or Package

Bug/Change/
New Feature

Description and Examples

NF XSECT version to be used with IAIK XAdES 2.0 library -- ETSI TS 101 903 V1.4.2 (2010-12) and ETSI EN 319 132 v1.1.0 (2016-02)

XSECT 2.0

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.XmldsigMore
iaik.xml.crypto.XSecProvider
iaik.xml.crypto.dsig.SignatureMethodImpl
iaik.xml.crypto.alg.*MGF1ProxySignature
iaik.xml.crypto.dsig.spec.RSASSAPSSParameterImpl
NF RSA SSA PSS
iaik.xml.crypto.XSecProvider delegation mechanism is now compatible with Web containers as it is qualified by the Class loading context of the current thread.
iaik.xml.crypto.dom.DOMCryptoContext
javax.xml.crypto.dom.DOMCryptoContext
iaik.xml.crypto.dsig.ReferenceType
NF iaik.xml.crypto.dom.DOMCryptoContex#CACHE_CANON_INPUT_DATA Cache the canonicalization input data of all {@link javax.xml.crypto.dsig.Reference references} or a specific type.
iaik.xml.crypto.dom.DOMStructure
javax.xml.crypto.dom.DOMStructure
C iaik.xml.crypto.dom.DOMStructure#clearMarshalling() Enable to clearMarshalling() for nodes added to unmarshalled structures after unmarshalling.
iaik.xml.crypto.dsig.CanonicalizationMethodImpl
javax.xml.crypto.dsig.CanonicalizationMethod
C/NF Delegation mechanism support for java.security.Provider objects and not only provider names.
Removed experimental/deprecation warning from C14n11. However the JSR105 API still does not support it in javax.xml.crypto.dsig.CanonicalizationMethod .
iaik.xml.crypto.dsig.ReferenceImpl
javax.xml.crypto.dom.DOMStructure
C/NF iaik.xml.crypto.dsig.ReferenceImpl#setPreCalculatedDigestValue()
Sets pre calculated digest value for a Reference and appends it to the DigestValue child before signature creation.
It is recommended to use this method only for signature creation.
iaik.xml.crypto.alg.transform.XSLTTransformService
iaik.xml.crypto.dsig.TransformImpl
C Added flexibility: If URIDereferencer set in the context implements javax.xml.transform.URIResolver it will be used directly and not via iaik.xml.filter.impl.dsig.URIResolverImpl, giving applications greater control.
iaik.xml.crypto.dsig.XMLSignatureImpl
iaik.xml.crypto.utils.KeySelectorImpl
C Better error reporting why KeySelector returned 'null'. Also use the XSECT delegation mechanism to create an instance of a KeyFactory.
iaik.xml.crypto.dsig.spec.XSLTTransformParameterImpl
B iaik.xml.crypto.dsig.spec.XSLTTransformParameterImpl#marshalAttributes()
Override method from DOMStructure to not marshal any attributes, because otherwise a default namespace declaration of "http://www.w3.org/TR/REC-html40" in an embedded stylesheet maybe overwritten by the "http://www.w3.org/1999/XSL/Transform" URI, which will cause a TransformerException stating that "html" is not allowed.
Take care that all namespaces in your stylesheet are proper declared and are not out of scope.
Note: Any namespace prefix for the #getNamespace() of the XSLT namespace that maybe declared in the DOMCryptoContext will be ignored for marshaling. throws MarshalException If the namespace decalaration of the parent (i.e. the stylesheet) element is out of scope. (if embedded stylesheet is built manually (in DOM) without proper namespace declarations)
org.apache.xalan.transformer.TransformerImpl org.apache.xalan.processor.XSLTElementProcessor
B Despite the "Fix for CVE-2014-0107 insufficient secure processing" (XALAN BUG 2435) there seems to be another in acceptable issue with XALAN-2.7.2 (XALAN BUG 2591) that prevents you from using any stylesheet that emits XHTML (in secure processing mode). We are however hesitant to ship a patched version of XALAN 2.7.2 for deployment reasons. (You could apply the patch yourself, in case you intend to use XALAN-2.7.2 .) Using XSECT with the supplied XALAN-2.7.1 remains secure, as we use additional precautions by wrapping XALAN's transformer into a secure transformer that hinders the following functions from executing in org.apache.xalan.transformer.TransformerImpl:
  • org.apache.xpath.ExtensionsProvider#functionAvailable(java.lang.String, java.lang.String)
  • org.apache.xpath.ExtensionsProvider#extFunction(java.lang.String, java.lang.String, java.util.Vector, java.lang.Object)
  • org.apache.xpath.functions.ExtensionsProvider#extFunction(org.apache.xpath.functions.FuncExtFunction, java.util.Vector)
In case you want to use a Transformer supplied by the JRE (usually packaged in com.sun.*) you would have to bear in mind that we cannot give support for that, due to the fact that we cannot extend "com.sun" packaged classes for license reasons.

XSECT 1.191

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.utils.KeySelectorImpl B array initialized to wrong length.

XSECT 1.19

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.dsig.XMLSignatureImpl
iaik.xml.crypto.dsig.XMLSignatureProcessingHook
iaik.xml.crypto.XSecProvider#setPreVerifyHook(XMLSignatureProcessingHook) iaik.xml.crypto.XSecProvider#setPostVerifyHook(XMLSignatureProcessingHook) iaik.xml.crypto.XSecProvider#setPreSignHook(XMLSignatureProcessingHook) iaik.xml.crypto.XSecProvider#setPostSignHook(XMLSignatureProcessingHook)
iaik.xml.crypto.demo.DemoSignatureConstraints
C/NF Can be used for enforcing constraints on XMLSignatures, it is especially useful if the jsr 105 API is not under direct control of the application developer. It allows to plug in additional processing for greater control.

XSECT 1.18

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.dom.DOMStructure C/NF DOMStructure can be found via the {@link iaik.xml.crypto.dom.DOMCryptoContext#get(Object)} more efficiently by id.
iaik.xml.crypto.XSecProvider
iaik.xml.crypto.dom.XmldsigDOMStructure
iaik.xml.crypto.EccProviderAdapter
C/NF Enhanced robustness of provider registration.
New preference of IAIK provider over JCA framework, can be controlled by system property "iaik.xml.crypto.XSecProvider.preferIAIKoverJCA".
Experimental provider delegation by iaik.xml.crypto.XSecProvider.Purpose in combination with late/lazy cryptographic algorithm and proxy instantiation. Automatic handling of ECCelerate or the ECC library if on the classpath.
iaik.xml.crypto.dsig.AlgorithmMethodImpl
iaik.xml.crypto.dsig.SignatureMethodImpl
iaik.xml.crypto.enc.keyinfo.AgreementMethodImpl
iaik.xml.crypto.enc.EncryptionMethodImpl
iaik.xml.crypto.dsig.DigestMethodImpl
NF Support for provider delegation by iaik.xml.crypto.XSecProvider.Purpose in combination with late/lazy cryptographic algorithm and proxy instantiation.
iaik.xml.crypto.dom.X509DataImpl
iaik.xml.crypto.dsig.keyinfo.X509IssuerSerialType
B/NF Setting "iaik.xml.crypto.dsig.keyinfo.TrimNames" in the context to true allows to trim the subject name. A bug previously replacing '\n' in with a white space in the subject name was removed.
iaik.xml.crypto.utils.KeySelectorImpl
B/NF Added delegation provider support for CertificateFactory and removed dependency on KeyInfoFactory.
iaik.xml.crypto.alg.cipher.BlockCipherProxyCipher B Fixed an initialization bug causing a "java.security.ProviderException: Could not construct CipherSpi instance" in certain older jdk versions.
iaik.xml.crypto.XmldsigMore
iaik.xml.crypto.alg.signatur.RSASHA224ProxySignature
NF Added support for SHA224withRSA. cf. http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0020.html
iaik.xml.crypto.alg.transform.XSLTTransformService
iaik.xml.crypto.alg.transform.XSLTTransformServiceJDK
NF Context property "iaik.xml.crypto.alg.transform.XSLTTransformService#line-separator" will be passed on xalan as output property "{http://xml.apache.org/xalan}line-separator".
iaik.xml.crypto.alg.transform.Base64TransformService
iaik.xml.crypto.alg.transform.C14NTransformService
iaik.xml.crypto.alg.transform.XSLTTransformService
iaik.xml.crypto.alg.transform.XSLTTransformServiceJD
C passing on of base uri and mime type along transforming.
iaik.xml.crypto.alg.cipher.BlockCipherProxyCipher
iaik.xml.crypto.alg.cipher.DESedeKWProxyCipher
iaik.xml.crypto.alg.cipher.ProxyCipher
iaik.xml.crypto.alg.digest.ProxyMessageDigest
iaik.xml.crypto.alg.keyfactory.ProxyKeyFactory
iaik.xml.crypto.utils.KeySelectorImpl
iaik.xml.crypto.utils.CachedData
NF late/lazy cryptographic algorithm and proxy instantiation.
iaik.xml.crypto.utils.DOMUtils#parse() B/NF Problems setting the resource resolver. Fixed baseUri and systemId confusion. Added error handler.
all C Performance improvements. Better exception handling and chaining.

XSECT 1.17

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.XSecProvider NF New Encryption Methods: support for Camellia http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc RFC4051 section 2.6.2 Cipher.Camellia/CBC/PKCS5Padding
  • http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 RFC4051 section 2.6.3 Cipher.Camellia/ECB/NoPadding
  • http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 RFC4051 section 2.6.3 Cipher.Camellia/ECB/NoPadding
  • http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 RFC4051 section 2.6.3 Cipher.Camellia/ECB/NoPadding
iaik.xml.crypto.dsig.AlgorithmMethodImpl#getParameterSpec()
iaik.xml.crypto.dsig.AlgorithmMethodImpl#getParameterSpecClass()
iaik.xml.crypto.dsig.SignatureMethodImpl#getParameterSpecClass()
iaik.xml.crypto.dsig.DigestMethodImpl#getParameterSpecClass()
iaik.xml.crypto.enc.EncryptionMethodImpl#getParameterSpecClass()
iaik.xml.crypto.enc.keyinfo.AgreementMethodImpl#getParameterSpecClass()
NF Better support and dynamic type checking of algorithm parameters.
iaik.xml.crypto.XmldsigMore#SIGNATURE_RSA_RIPEMD160_ERRATA
iaik.xml.crypto.XmldsigMore#SIGNATURE_RSA_RIPEMD160
NF Deprecated old identifier and enhanced javadoc, cf. RFC-4051
iaik.xml.crypto.utils.MatchDistinguishedName B MatchDistinuishedName used in IndependentKeySlector and XAdES forms, did not properly default to comparison mechanisms availiable on the plattform, if RFC2253NameParser was missing.
javax.xml.crypto.dsig.Transform
iaik.xml.filter.impl.dsig.XPathFilter2Sieve
B Fixed a memory problem with large Documents and XML-Signature XPath Filter 2.0.
iaik.xml.crypto.demo.big.EncryptLargeData
iaik.xml.crypto.demo.big.DecryptLargeData
B Demo did not take, command line arguments, buffered OutputStream has to be flushed and closed in jdk 1.3.1 .
iaik.xml.crypto.utils.URI#setAdditionalFragmentChars(String) NF since 1.12 (documented since 1.17) Allows you to add characters that will not be percent encoded in the fragement of a URI. (eg. square brackets '[',']' in an XPointer). Note zhat it's unlikely that square brackets will be be allowed in the fragment by LEIRIs in the future and this Discussion on RFC 2396 + RFC 2732 vs. RFC 3986.
iaik.xml.crypto.alg.mac.HMACProxyMac B
clarification
In XMLDSIG 1.0 (second Edition) it is unclear how a HMACOutputLength that is not divisible by 8 should be handeled/padded. In XMLDSIG 1.1 only HMACOutputLength divisible by 8 are allowed. See Also:

XSECT 1.16

Class or Package

Bug/Change/
New Feature

Description and Examples

Library NF Library signed with fresh certificates, valid until Tuesday 05. November 2013 00:14:25.
iaik.xml.crypto.utils.DOMUtils B NumberFormatException was thrown when class-loading DOMUtils, if used in combination with Xerces versions that do not return a proper version string (e.g. ""&qout;"). You should preferebly use a Xerces version that supports DOM Level 3 feature "LS 3.0", as XSECT will try to use it first and if not found default to using JAXP 1.0 DocumentBuilder. To check your Xerces versions you can use:
  • com.sun.org.apache.xerces.internal.impl.Version.main(null);
  • org.apache.xerces.impl.Version.main(null);
  • check your class-path and look at the META-INF/MANIFEST.MF file in your jar file.
iaik.xml.crypto.dom.DOMCryptoContext
javax.xml.crypto.dom.DOMCryptoContext
iaik.xml.crypto.xades.dom.DOMExtensionContext
B Fixed problems with DOMExtensionContext initialization, potentially causing a NullpointerException.
javax.xml.crypto.DOMURIReference
iaik.xml.crypto.dsig.ReferenceType
B If working with subtree data more robustness was added against mixed useage with non subtree data.
iaik.xml.crypto.alg.transform.XSLTTransformService NF TransformerException with more information if caused by empty input to the XSLT transform.
Documentation NF Latest JSR105 documentation.

XSECT 1.15

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.utils.DOMUtils NF added the method bytesToBase64String(byte[] bytes, byte[] linebreak) so that binary values can be debugged to system out without harming the console.
iaik.xml.crypto.utils.MatchDistinguishedName NF Can be used for distinguished name comparison.
iaik.xml.crypto.utils.URIDereferencerImpl#dereference(URIReference uriReference, XMLCryptoContext context)
iaik.xml.crypto.utils.URI
Experimental, NF Experimatal support for LEIRI .
iaik.xml.crypto.utils.X509KeySelectorResult NF This interface extends javax.xml.crypto.KeySelectorResult by the features provided for X509 specific key selection.
iaik.xml.filter.impl.dsig.Canonicalizer NF, Workaround Attributes that have been created by using createAttribute indtead of createAttributeNS and are processed directly in memory (i.e. have not been serialized and parsed) may be skipped despite the last one. Please continue to use createAttributeNS.
iaik.xml.filter.impl.dsig.FilterIterator B If hasNext() was not called before accessing the iterator did not work.
iaik.xml.crypto.dom.DOMCryptoContext NF, Workaround SYSTEM_PROPERTY_DEBUG_OS has been added to turn on logging to "System.out" or "System.err" by a system property.
Some further preparations for using XSECT in Web some Service Frameworks.

XSECT 1.14

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.dsig.keyinfo.ECDSAKeyValueImpl B fixed a bug, that in the case of a trinomial base rendered M, K, K1, K2, K3 instead of just M and K on marshalling.
javax.xml.crypto.dom.DOMURIReference#getHere() B The getHere() function returned the parent element instead of the URI attribute (if any) containing the "here()" function call. If a custom transform changes behaviour because of this bug one may want to reinstall the bug to verify legacy signatures by calling iaik.xml.crypto.dom.DOMStructure.setBackToCompatibilityPrior1_14(true).

XSECT 1.13

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.utils.DOMUtils#parse() NF Added convenient support for system identifier, public identifier and base URI.
iaik.xml.crypto.demo.dos.ValidateWithTimeout NF This demo shows how to limit resources in JRE > 1.5 .
iaik.xml.crypto.utils.KeySelectorImpl#checkDereferencedURIsForDosPrevention(String uri, XMLCryptoContext context) NF This method checks whether a URI has already been used for dereferencing, to prevent cyclic dereferencing.
iaik.xml.crypto.dom.DOMCryptoContext#MAX_NUM_OF_TRANSFORMS
iaik.xml.crypto.dsig.TransformsType
NF This property allows to limit the maximum Number of javax.xml.crypto.dsig.Transform allowed as children of javax.xml.crypto.dsig.Transforms by setting this property with an java.lang.Integer. The default is 10.
iaik.xml.filter.impl.dsig.Canonicalizer B There has been a bug in XSECT prior to 1.13 that caused a wrong canonicalization result when tabs '#x9' or line breaks '#xA' where used in an attribute. The wrong canonicalization result should not be security critical, however it will harm inter-operability and cause false negatives. If an application built before 1.12 uses tabs '#x9' or line breaks '#xA' in attributes, one may want to reinstall the bug by calling iaik.xml.filter.impl.dsig.Canonicalizer.setBackToCompatibilityPrior1_13() before canonicalizing.
iaik.xml.crypto.utils.Serializer B There has been a bug in XSECT prior to 1.13 that caused a wrong serialization result when tabs '#x9' or line breaks '#xA' where used in an attribute.
iaik.xml.crypto.XmldsigMore.ENCRYPTION_ARCFOUR
iaik.xml.crypto.XSecProvider
B wrongly mapped on "DESede/CBC/ISO10126Padding" instead of "ARCFOUR/ECB/NoPadding". To decrypt legacy documents that have been using XmldsigMore.ENCRYPTION_ARCFOUR with XSECT versions prior to 1.13 call "provider.undoARCFourBugFix(true)" on the XSecProvider before decrypting.
iaik.xml.filter.impl.dsig.XPathEvaluatorOld
iaik.xml.filter.impl.dsig.XPathApiXPathEvaluator
B The id function in XPath Filters may have been resolved in the wrong document with detached signatures, prior to this fix.

XSECT 1.12

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.XmldsigMore NF SHA224, HmacSHA224, RIPEMD160withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA .
iaik.xml.crypto.XSecProvider NF Introduced reflexive delegation, wich is useful if XSECT is not registered as the first provider in jdk >= 1.5 and hence it is not the first XMLDSig Provider. This mechanism will preferably use its own (XSECT's) implementations before using the provider mechanism.
javax.xml.crypto.dsig.CanonicalizationMethod
iaik.xml.crypto.alg.transform.C14NTransformService
iaik.xml.crypto.dsig.CanonicalizationMethodImpl
NF Support for C14n 1.1 added.
iaik.xml.crypto.dsig.NodeSetData2OctetStreamDataExpatiator
iaik.xml.crypto.alg.transform.XSLTTransformService
iaik.xml.crypto.dsig.TransformsType
NF 3.1.1 Reference Generation RECOMMENDS to explicitly identify the transformation that is to be applied for NodeSetData to OctetStreamData conversion and RECOMMENDS to use C14n 1.1.
iaik.xml.crypto.dsig.XMLSignatureImpl
iaik.xml.crypto.dom.DOMCryptoContext
NF The property "iaik.xml.crypto.dsig.sign-over" (iaik.xml.crypto.dom.DOMCryptoContext#SIGN_OVER ) allows to use an existing signature and sign it again using another key for example.
iaik.xml.filter.impl.dsig.XPathEvaluator NF The new property "iaik.xml.filter.impl.dsig.XPathEvaluator" can be set to "iaik.xml.filter.impl.dsig.XPathEvaluatorOld" or "iaik.xml.filter.impl.dsig.XPathApiXPathEvaluator". The latter causes the JAXP 1.3 XPath API to be used instead of the Xalan's API that employed by "iaik.xml.filter.impl.dsig.XPathEvaluatorOld". It should be noted that Xalan's implementation of the JAXP 1.3 XPath API is not as well performing as the old API. Hence the default is "iaik.xml.filter.impl.dsig.XPathEvaluatorOld" which may however be changed in a future version as soon as Xalan's implementation of the JAXP 1.3 XPath API is performing better.
iaik.xml.filter.impl.dsig.XPathApiXPathEvaluator NF The new property "javax.xml.xpath.XPathFunctionResolver" can be set to an object that is an instance of javax.xml.xpath.XPathFunctionResolver. This object can be used to allow a cretain set of Xalan's extension mechanism as it is by default disabled for security reasons.
iaik.xml.crypto.utils.DOMUtils NF Changed DOMUtils#parse to use DOM Level 3 parsing and allow directly for schema validation.
iaik.xml.crypto.alg.transform.TransformServiceImpl#transform(Data, XMLCryptoContext, OutputStream) B Fixed a bug when writing a binary result to the OutputStream.
iaik.xml.crypto.dsig.keyinfo.X509IssuerSerialType B Fixed a bug during signature creation the XAdES namespace was inherited by the X509IssuserName and X509SerialNumber childs of a X509IssuerSerial element lying in the XAdES namespace when non qualified names were used.

XSECT 1.11

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.utils.URI NF Experimental support for RFC 2732.

XSECT 1.10

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.filter.impl.dsig.XPathEvaluator NF Now ready to use the JAXP-1.3 API, however as the performance impact is negative it defaults to Apache's XPath API if availiable. If the proformance issues with the JAXP-1.3 API are resolved this will become a permanent change.
iaik.xml.crypto.XSecProvider NF No DOMMarshalcontext needed any more.
iaik.xml.crypto.utils.KeySelectorImpl NF Redesign of KeySelectorImpl to allow convenient extensibility.
iaik.xml.crypto.dom.DOMStructure NF Now extends javax.xml.crypto.dom.DOMStructure. The marshalling of DOMStructures was revised and redesigned.
javax.xml.crypto.dom.DOMCryptoContext
iaik.xml.crypto.utils.DOMUtils
NF When bytes are now added to a DOMStructure as xs:base64Binary the linebreak can now be specified using the property "iaik.xml.crypto.base64.linebreak". (Eg. context.setProperty("iaik.xml.crypto.base64.linebreak", new byte[] {}) for no linebreaks, or null for the default "\n".getBytes("ASCII") )
iaik.xml.crypto.dom.DOMMarshalContext NF This class became obsolete after redesigning the marshalling.
iaik.xml.crypto.dsig.XMLSignatureFactory
iaik.xml.crypto.dsig.ReferenceImpl
NF/C The Method newReference(String uri, DigestMethod dm, List appliedTransforms, Data result, List transforms, String type, String id) now applies the tree model workaround for you if the given result is of type NodeSetData without affecting the result itself. The missing namespace nodes nodes are only added temorarily to the underlying document.

The validate(XMLValidateContext validateContext) Method now allows to check/recheck the calculated digest value against the Reference's digest value, which is necessary if the newReference(String uri, DigestMethod dm, List transforms, String type, String id, byte[] digestValue) was used to create the reference.
iaik.xml.crypto.dsig.XMLSignatureFactory NF The newReference(String uri, DigestMethod dm, List appliedTransforms, Data result, List transforms, String type, String id) Method now takes applied transforms in which case the result coresponds to the dereferenced Data.
In the case the reference was created using ReferenceType(String uri, List appliedTransforms, Data result, List transforms, String type, String id) and appliedtransforms != null && ! appliedtransforms.isEmpty() it returns the result (the data fed into the Reference).
iaik.xml.crypto.enc.CipherReference NF Fixed bug when marshalling applied transforms.
iaik.xml.crypto.enc.EncryptedKeyImpl C moved to package iaik.xml.crypto.enc.keyinfo.EncryptedKeyImpl.
iaik.xml.crypto.enc.EncryptedDataImpl B Fixed bug with debugt output.
iaik.xml.crypto.enc.EncryptedDataImpl B Fixed a bug with debugt output.
iaik.xml.crypto.alg.cipher.AESKWProxyCipher B Fixed bug with wrong OPMODE WRAP/ENCRYPT and UNWRAP/DECRYPT beeing used, which caused problems in newer java versions.
iaik.xml.crypto.alg.cipher.RSAProxyCipher B In JDK 1.5 or higher it can happen that engineDoFinal(null,x,0) which is a noop is called from the SPI framework, which causes a NullpointerException. We allow such a call as a workaround.
iaik.xml.crypto.alg.signature.ECDSAProxySignature B This signature value was limited to 192 Bits for each r and s. Hence various elliptic curves did not work. Now the length for r || s will determined by MAX(r.length,s.length) * 2. To seperate r from s again the signature value is cut in halves which are interpreted as positive binary numbers.
iaik.xml.crypto.alg.signature.ECDSAKeyValueImpl B This xsi namespace, xsi:type="PrimeFieldParamsType", xsi:type="TnBFieldParamsType" needed for validation are now properly rendered.
javax.xml.crypto.dom.DOMCryptoContext B getNamespacePrefix(String namespaceURI, String defaultPrefix) now also returns the defaultPrefix if null or no prefix is asociated to the namespaceURI
putNamespacePrefix(String namespaceURI, String prefix) allows to remove entries from the underlying hashmap by setting the prefix for a namespaceURI to null

XSECT 1.04

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.XSecProvider NF Optional class loading from related libraries can be turned off. This may be useful in applets.
iaik.xml.crypto.utils.URIDereferencer NF Now supports more URIs also in jdk 1.2.2 .
iaik.xml.crypto.alg.cipher.AESProxyCipher B DESede/CBC/ISO10126Padding was replaced by DESede/CBC/ISO10126Padding
iaik.xml.crypto.alg.cipher.DESedeProxyCipher B AES/CBC/PKCS5Padding was replaced by AES/CBC/ISO10126Padding
iaik.xml.filter.impl.dsig.Canonicalizer B A bug has been fixed, that resulted in dublicate rendering of attributes of the XML namespace under certain conditions.
iaik.xml.crypto.alg.transform.XSLTTransformService B The URIDereferencer was not always instantiated when needed in XSLT Transforms.
iaik.xml.crypto.alg.transform.XPath2FilterTransformService B The XPath2FilterTransformService was initialized using the wrong document, if intermediate parsing was neccessary before the XPath2FilterTransform in the chain of transforms.
iaik.xml.filter.impl.XPathFilter2Sieve B The xpath expressions were evaluated against the document element, now they are evaluated against the document (root) node. Refer to XPath Filter 2.0 sections 3.3 and 3.4.
iaik.xml.crypto.XSecProvider NF Some features can only be supported if optional classes are available. Currently this is:
  • support for ECDSA which requires classes of the IAIK ECC library.
  • support for ESDH which requires classes which are not available in the US version of IAIK JCE due to patent issues.

XSECT tries to load the corresponding classes and enables the corresponding features if avaliable. However, in some environments tentative class loading may be problematic (for example, class loading may be delayed in applets). iaik.xml.crypto.XSecProvider.disableOptionalClassLoading(boolean disable) may be used to disable tentative class loading.

iaik.xml.crypto.alg.cipher.AESProxyCipher
iaik.xml.crypto.alg.cipher.DESedeProxyCipher
B On decryption using a third party JCE as underlying security provider for AES or triple DES some characters are missing at the end, under certain circumstances (i.e. a third party JCE is registered before IAIK JCE).

XSECT 1.03

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.XSecProvider NF The setDelegationProvider method now supports the de-registering of an delegation provider.
iaik.xml.crypto.alg.cipher.AWSKWProxyCipher B A bug has been fixed, that prevented the operation mode from beeing set to the proper value.
iaik.xml.crypto.alg.cipher.BlockCipherProxyCipher B A bug has been fixed, that resulted in an inproper initalization vector beeing read under certain cricumstances.
iaik.xml.crypto.alg.cipher.ProxyCipher C The ProxyCipher now reports if a configured delegation provider is not installed.
iaik.xml.crypto.alg.mac.ProxyMac C The ProxyMac now reports if a configured delegation provider is not installed.
iaik.xml.crypto.alg.signature.ProxySignature C The ProxySignature now reports if a configured delegation provider is not installed.
iaik.xml.crypto.alg.transform C The Base64TransformService, C14NTransformService, EnvelopedSignatureTransformService, XPath2FilterTransformService, XPathTransformService and the XSLTTransformService are implemented without the FilterTransformService and the AlgorithmParameterFactory.
iaik.xml.crypto.dsig.TransformsType B A bug has been fixed, that prevented the TransfromsType from beeing initialized with a list of already applied transforms.
iaik.xml.crypto.enc.EncryptedDataImpl B Fixed a number of bugs inside the EncryptedDataImpl. Nodes to be encrypted are canonicalized only if a canonicalization method is given in the DomToBeEncrypted.
iaik.xml.crypto.utils.URIDereferencerImpl B A bug has been fixed, that prevented a XPointer reference from beeing resolved to the proper node-set under certain circumstances.
iaik.xml.filter.* C All iaik.xml.filter.Filter related classes have been removed.
iaik.xml.filter.impl.CachedInputStream C Some performance improvements inside the read(...) methods.
iaik.xml.filter.impl.dsig.Canonicalizer C Improved the handling of contiguous text / CData section nodes.
iaik.xml.filter.impl.dsig.CanonInputStream C Some performance improvements inside the read(...) methods.
iaik.xml.filter.impl.dsig.Traverser B Fixed a bug, that prevented processing instructions from beeing handled properly under certain circumstances.
javax.xml.crypto.enc.dom.DOMDecryptContext B Fixed a bug, that prevented the DOMDecryptContext from beeing initalized with a key and a DOM element.
javax.xml.crypto.enc.dom.DOMEncryptContext B Fixed a bug, that prevented the DOMEncryptContext from beeing initalized with a parent and next sibling node.

XSECT 1.02

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.enc.EncryptedDataImpl B A bug has been fixed, that resulted in an exception if the DocumentElement was used as to-be-encrypted node.
iaik.xml.filter.impl.Canonicalizer B A bug has been fixed, that resulted in &qout; instead of " being rendered for quotation mark characters in the canonicalization output.

XSECT 1.01

Class or Package

Bug/Change/
New Feature

Description and Examples

iaik.xml.crypto.alg.transform.FilterTransformService B A critical bug has been fixed, that prevented a FilterTransformService to be initialized with a TransformParameterSpec in the XMLSignature or EncryptedType creation use case.

XSECT 1.00

Class or Package

Bug/Change/
New Feature

Description and Examples

ALL C NF Implementation of the APIs JSR 105 and JSR 106.

 

Back to Readme

copyright © 2002-2004 by IAIK, copyright © 2004 by Stiftung SIC last update: April 20 2016
This site may contain text parts from W3C Standard specifications (see copyright note).