Library to manage XAdES signatures in Java
I'm looking for a Java library that allows the creation and verification of XAdES signatures (the more formats, the better: XAdES-BES, XAdES-C, XAdES-X-L, etc.).
The most interesting implementations I found are:
- Java XML Digital Signature API (JSR 105) (= the one included in Java SE 6), which is based on the following one;
- Apache Santuario (http://santuario.apache.org/), which provides an useful support only for basic features;
- XAdES4j (http://code.google.com/p/xades4j/, nice presentation: http://prezi.com/06vyxbgohncv/xades4j-en/), which seems to be interesting, because it "enables producing, verifying and extending signatures in the main XAdES forms: XAdES-BES, XAdES-EPES, XAdES-T and XAdES-C. Also, extended forms are supported through the enrichment of an existing signature". However it's the result of a thesys and it's followed only by a developer;
- eID Digital Signature Service (http://code.google.com/p/eid-dss/), which is developed by the Belgium Federal ICT Department and supports the XAdES-X-L format.
Which one would you suggest to use or to build on?
Answer
We have recently completed a project using XAdES-BES signatures in both enveloped and enveloping forms. We chose the XAdES4j project because it seemed the most complete, and XAdES was a core requirement.
The support on the Q&A section is sometimes slow, and and only the most obvious use case is well documented. That said the library is well tested, excellently designed, and very useful.
We spent a couple of weeks getting our heads around it and I would now recommend it as a platform.
The only caveat is that (as you say) it is the production of an academic project, so how much support it will receive in the future is anyone's guess. If you pick it up and buy into it then consider contributing, and it might pick up a bit of speed.