I attached a patch that includes an experimental (i.e. nearly working, and hard to use) single pass SAX xml signature verification. Right now it can only verify signatures that the name of the element signed, and the way it is c14n are known before hand (no other transformations are implemented, so no enveloped signatures right now). Some examples of use can be found in the src_samples/prb/SaxPrb.java. I have documented my progress somehow in my blog so please take a look to http://r-bg.com/apache for more info. This feature has been tested by some other people finding very big improvements both in memory consumption and in performance. But the API is really unstable and it is going to change radically in next versions. I'm expecting some help in order to design the API, and the functionality in order to include it (when polished) in the official distribution. Thanks, Raul
Created attachment 13738 [details] First Version
Created attachment 13928 [details] Second version New version, major changes: * easier to use API(see tests for examples), in enveloping signatures no other parameters need to be given. * verification of enveloped signature. Stills: The api is still not stable, only verification not creation API. More ways of telling what to verificate and how.