Is anyone also having trouble with the W3C RSA-SHA256 algorithm to sign XML ? I'm using it to do a XML Digital Signature but I'm not able to use it since the page has been moved, see: https://www.w3.org/2001/04/xmldsig-more#rsa-sha256
I'm forced to used the RSA-SHA1 which I don't want to use because it's stated as deprecated for my purpose and I cannot validate the crate securely with the SHA1.
Any solution on how to use the SHA256 ?
Thanks
I'm using it like this:
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha256", null), references);
And I get the error java.security.NoSuchAlgorithmException: unsupported algorithm
.
I used different sources such as Oracle doc or https://learn.microsoft.com/en-us/windows/win32/seccrypto/xml-digital-signature-cryptographic-algorithms and as you can see in the last one, many of them are unusable !
Looking at the source code at http://www.docjar.com/html/api/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java.html
the 2001 string is correct http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
instead of your 2000 one.
Or you can use the SignatureMethod.RSA_SHA256
constant which should resolve to the same thing.