The org.w3c.com.document that is assigned to an XMLSignature object through the document's signature element Document doc=..; Element sigElement = doc.get...; XMLSignature signature = new XMLSignature(sigElement, null); signature.getKeyInfo(); -> original document is modified That seems to happen, if no Key Information is present in the signature Element. Result: document is modified, future verification fails (e.g. with another signature Element). Happens with xml-sec 1.4.2, java version xml-sec 1.4.0 did not contain this bug.
Fixed in trunk/main branch.