javaxmlalgorithmdigital-signaturersa-sha256

W3C RSA-SHA256 algorithm cannot be used, unsupported algorithm


Is anyone also having trouble with the W3C RSA-SHA256 algorithm to sign XML ? I'm using it to do a XML Digital Signature but I'm not able to use it since the page has been moved, see: https://www.w3.org/2001/04/xmldsig-more#rsa-sha256

I'm forced to used the RSA-SHA1 which I don't want to use because it's stated as deprecated for my purpose and I cannot validate the crate securely with the SHA1.

Any solution on how to use the SHA256 ?

Thanks

I'm using it like this: SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha256", null), references);

And I get the error java.security.NoSuchAlgorithmException: unsupported algorithm.

I used different sources such as Oracle doc or https://learn.microsoft.com/en-us/windows/win32/seccrypto/xml-digital-signature-cryptographic-algorithms and as you can see in the last one, many of them are unusable !


Solution

  • Looking at the source code at http://www.docjar.com/html/api/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java.html

    the 2001 string is correct http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 instead of your 2000 one.

    Or you can use the SignatureMethod.RSA_SHA256 constant which should resolve to the same thing.