XML Security v1.1.0 Released
---------------------
We are proud to announce the 1.1.0 final
release of the XML Security package.
About XML Security
------------------
The XML Security project is an implementation of
security related XML standards. Currently, it includes
implementations of W3C recommendations "Canonical XML"
and "XML Signature Syntax and Processing". It also
includes a beta implementation of "XML Encryption
Syntax and Processing".
Basically, this means that you can use this software
for creating and verifying digital signatures which
are expressed in XML and sign both XML and/or arbitrary
contents.
You can now also use the library to encrypt and decrypt
portions of XML documents.
For more information about the XML Security project, please go to
http://xml.apache.org/security/
For more information about XML Signature, go to
http://www.w3.org/Signature/
For pointers about XML Security in general, please go to
http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html
---------------------------------------------------------
Downloads for XML Security v1.1.0 are available at
http://xml.apache.org/security/dist/
The source distibution is available at
http://xml.apache.org/security/dist/xml-security-src-1_1_0.zip
http://xml.apache.org/security/dist/xml-security-src-1_1_0.zip.sig
The binary distibution is available at
http://xml.apache.org/security/dist/xml-security-bin-1_1_0.zip
http://xml.apache.org/security/dist/xml-security-bin-1_1_0.zip.sig
---------------------------------------------------------
The source distibution includes
- JAVA source code for the library itself
- JAVA unit test code for the library
- JAVA sample code for the library
- test vectors for the unit tests
The source distibution does _not_ include
- JavaDocs
- the required (binary JAR) libraries.
The libraries are available under http://xml.apache.org/ .
It requires
- Jakarta ANT (1.5 or above) as build/make tool
- Apache Xerces v2.0.0
http://xml.apache.org/dist/xerces-j/Xerces-J-bin.2.0.0.zip
- Apache Xalan v2.2.0 or above
- Apache Log4J
- JUnit 3.7 or above
- A JCE Cryptographic Service Provider.
The distibution uses the BounceCastle JCE as a default provider.
When you first start ant for compiling, the JCE JAR is downloaded
from http://www.bouncycastle.org/ . This hook is included to
circumvent US export restrictions.
---------------------------------------------------------
The binary distibution includes
- JAVA sample code for the library
- JAVA code for the unit tests
- test vectors for the unit tests
- Generated JavaDocs
- The complete library compiled
- All required libaries (but not the JCE which is downloaded online).
---------------------------------------------------------
Download of the JCE
The ant make tools initiates an automated download of the BouncyCastle JCE.
The file is downloaded into the libs/ directory and a "bc-" is prepended
to the filename. This is done because we want the provider name (bc means
BouncyCastle) being visible in the JAR's filename.
If you are a little paranoid like all security people and don't want ant to
make automated downloads or your firewall doesn't permit it, look in the
./build.xml file for the properties called
Here you can see that the file
http://www.bouncycastle.org/download/jce-jdk13-112.jar
is downloaded and stored in the location
libs/bc-jce-jdk13-112.jar
If you do this by hand (pointing you favourite web browser and download it
yourself), simply put a "bc-" in front of the filename and put it to ./libs/,
then ant won't try to make a download.
---------------------------------------------------------
Questions and comments about the software:
mailto:security-dev@xml.apache.org
---------------------------------------------------------