The final project on my Master’s degree consists of implementing a Java library for XML Advanced Electronic Signatures (XAdES) services, which I named XAdES4j. XAdES defines XML formats for advanced electronic signatures that remain valid over long periods (even if repudiation is attempted), are compliant with the European Directive on electronic signatures (1999/93/EC) and incorporate additional qualifying information. XAdES builds on XML Digital Signatures (XML-DSIG) which specifies XML syntax and processing rules for creating, representing and verifying basic digital signatures over a set of resources (XML or not).
There are multiple implementations of XML-DSIG, namely the one bundled with the Java platform and the one in Apache XML Security. However, XAdES is not supported in the platform and solid/complete/public implementations are hard to find. My goal is to build on an existing XML-DSIG implementation and provide a library for producing and verifying XAdES signatures. The project is already at a late stage and I’m aiming at publishing it on an online project hosting system soon enough.
During the analysis of the specifications and the existing libraries I wrote the documents below. While the project isn’t published I’ll keep posting some aspects I run into during the implementation. Actually, the previous post was already one of those.
EDIT: XAdES4j is now online at Google Code!