We should add support for the SHA256withRSA and SHA512withRSA SignatureMethod algorithms to our XML DSig implementation in JDK 6. This is a fairly trivial change that will provide users with stronger signature algorithms in JDK 6. Recent cryptographic analysis has revealed weaknesses in the long term collision resistance of the SHA1 algorithm, so providing these stronger algorithms is important. The underlying JCE support is already there, so this is just a matter of adding a small amount of code.
|