[camel] branch master updated (399b77e -> 39539d6)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[camel] branch master updated (399b77e -> 39539d6)

coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git.


    from 399b77e  CAMEL-14150: Regen
     new c460b97  CAMEL-14157 - Upgrade default signature algorithm for XML Signature to RSA-SHA256
     new 39539d6  CAMEL-14160 - Updating the default algorithm for the Crypto Component

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../src/main/docs/crypto-component.adoc            |   4 ++--
 .../src/main/docs/crypto-dataformat.adoc           |   2 +-
 .../crypto/DigitalSignatureConfiguration.java      |   4 ++--
 .../camel/component/crypto/SignatureTest.java      |  23 +++++++++++++++-----
 .../component/crypto/SpringSignatureTest.java      |  10 +++++++++
 .../camel-crypto/src/test/resources/ks.keystore    | Bin 3734 -> 2229 bytes
 .../camel/component/crypto/SpringSignatureTest.xml |   6 ++++--
 .../src/main/docs/xmlsecurity-component.adoc       |   4 ++--
 .../processor/XmlSignerConfiguration.java          |  24 ++++++++++-----------
 .../ROOT/pages/camel-3-migration-guide.adoc        |  10 +++++++++
 .../DigitalSignatureComponentConfiguration.java    |   2 +-
 .../XmlSignatureComponentConfiguration.java        |   2 +-
 12 files changed, 63 insertions(+), 28 deletions(-)

Reply | Threaded
Open this post in threaded view
|

[camel] 01/02: CAMEL-14157 - Upgrade default signature algorithm for XML Signature to RSA-SHA256

coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit c460b971eca289a3458d5599a84a08d272c5e426
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Fri Nov 8 10:16:14 2019 +0000

    CAMEL-14157 - Upgrade default signature algorithm for XML Signature to RSA-SHA256
---
 .../src/main/docs/xmlsecurity-component.adoc       |  4 ++--
 .../processor/XmlSignerConfiguration.java          | 24 +++++++++++-----------
 .../ROOT/pages/camel-3-migration-guide.adoc        |  5 +++++
 .../XmlSignatureComponentConfiguration.java        |  2 +-
 4 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/components/camel-xmlsecurity/src/main/docs/xmlsecurity-component.adoc b/components/camel-xmlsecurity/src/main/docs/xmlsecurity-component.adoc
index a49eb44..64eec65 100644
--- a/components/camel-xmlsecurity/src/main/docs/xmlsecurity-component.adoc
+++ b/components/camel-xmlsecurity/src/main/docs/xmlsecurity-component.adoc
@@ -297,7 +297,7 @@ with the following path and query parameters:
 | *plainTextEncoding* (sign) | Encoding of the plain text. Only relevant if the message body is plain text (see parameter plainText. Default value is UTF-8. | UTF-8 | String
 | *prefixForXmlSignature Namespace* (sign) | Namespace prefix for the XML signature namespace \http://www.w3.org/2000/09/xmldsig#. Default value is ds. If null or an empty value is set then no prefix is used for the XML signature namespace. See best practice \http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml- without-namespaces | ds | String
 | *properties* (sign) | For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. |  | XmlSignatureProperties
-| *signatureAlgorithm* (sign) | Signature algorithm. Default value is \http://www.w3.org/2000/09/xmldsig#rsa-sha1. | http://www.w3.org/2000/09/xmldsig#rsa-sha1 | String
+| *signatureAlgorithm* (sign) | Signature algorithm. Default value is \http://www.w3.org/2000/09/xmldsig#rsa-sha1. | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | String
 | *signatureId* (sign) | Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to (empty string) then no Id attribute is created in the signature element. |  | String
 | *transformMethods* (sign) | Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also \http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. |  | List
 | *xpathsToIdAttributes* (sign) | Define the elements which are signed in the detached case via XPATH expressions to ID attributes (attributes of type ID). For each element found via the XPATH expression a detached signature is created whose reference URI contains the corresponding attribute value (preceded by '#'). The signature becomes the last sibling of the signed element. Elements with deeper hierarchy level are signed first. You can also set the XPATH list dynamically via the heade [...]
@@ -360,7 +360,7 @@ The component supports 63 options, which are listed below.
 | *camel.component.xmlsecurity.signer-configuration.properties* | For adding additional References and Objects to the XML signature which contain additional properties, you can provide a bean which implements the XmlSignatureProperties interface. |  | XmlSignatureProperties
 | *camel.component.xmlsecurity.signer-configuration.properties-name* | Sets the reference name for a XmlSignatureProperties that can be found in the registry. |  | String
 | *camel.component.xmlsecurity.signer-configuration.schema-resource-uri* | Classpath to the XML Schema. Must be specified in the detached XML Signature case for determining the ID attributes, might be set in the enveloped and enveloping case. If set, then the XML document is validated with the specified XML schema. The schema resource URI can be overwritten by the header {@link XmlSignatureConstants#HEADER_SCHEMA_RESOURCE_URI}. |  | String
-| *camel.component.xmlsecurity.signer-configuration.signature-algorithm* | Signature algorithm. Default value is "\http://www.w3.org/2000/09/xmldsig#rsa-sha1". | http://www.w3.org/2000/09/xmldsig#rsa-sha1 | String
+| *camel.component.xmlsecurity.signer-configuration.signature-algorithm* | Signature algorithm. Default value is "\http://www.w3.org/2000/09/xmldsig#rsa-sha1". | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | String
 | *camel.component.xmlsecurity.signer-configuration.signature-id* | Sets the signature Id. If this parameter is not set (null value) then a unique ID is generated for the signature ID (default). If this parameter is set to "" (empty string) then no Id attribute is created in the signature element. |  | String
 | *camel.component.xmlsecurity.signer-configuration.transform-methods* | Transforms which are executed on the message body before the digest is calculated. By default, C14n is added and in the case of enveloped signature (see option parentLocalName) also \http://www.w3.org/2000/09/xmldsig#enveloped-signature is added at position 0 of the list. Use methods in XmlSignatureHelper to create the transform methods. |  | List
 | *camel.component.xmlsecurity.signer-configuration.transform-methods-name* | Sets the reference name for a XmlSignatureProperties that can be found in the registry. |  | String
diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerConfiguration.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerConfiguration.java
index 22f22b1..c8949ed 100644
--- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerConfiguration.java
+++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignerConfiguration.java
@@ -52,8 +52,8 @@ public class XmlSignerConfiguration extends XmlSignatureConfiguration {
     @UriParam(label = "sign", defaultValue = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
     private AlgorithmMethod canonicalizationMethod = new XmlSignatureTransform(CanonicalizationMethod.INCLUSIVE);
     private String canonicalizationMethodName;
-    @UriParam(label = "sign", defaultValue = "http://www.w3.org/2000/09/xmldsig#rsa-sha1")
-    private String signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+    @UriParam(label = "sign", defaultValue = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
+    private String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
     @UriParam(label = "sign")
     private String digestAlgorithm;
     @UriParam(label = "sign", defaultValue = "true")
@@ -235,14 +235,14 @@ public class XmlSignerConfiguration extends XmlSignatureConfiguration {
     /**
      * Namespace prefix for the XML signature namespace
      * "http://www.w3.org/2000/09/xmldsig#". Default value is "ds".
-     *
+     *
      * If <code>null</code> or an empty value is set then no prefix is used for
      * the XML signature namespace.
      * <p>
      * See best practice
      * http://www.w3.org/TR/xmldsig-bestpractices/#signing-xml-
      * without-namespaces
-     *
+     *
      * @param prefixForXmlSignatureNamespace
      *            prefix
      */
@@ -256,20 +256,20 @@ public class XmlSignerConfiguration extends XmlSignatureConfiguration {
 
     /**
      * Local name of the parent element to which the XML signature element will
-     * be added. Only relevant for enveloped XML signature. Alternatively you can
+     * be added. Only relevant for enveloped XML signature. Alternatively you can
      * also use {@link #setParentXpath(XPathFilterParameterSpec)}.
-     *
+     *
      * <p> Default value is
      * <code>null</code>. The value must be <code>null</code> for enveloping and
      * detached XML signature.
      * <p>
      * This parameter or the parameter {@link #setParentXpath(XPathFilterParameterSpec)}
-     * for enveloped signature and the parameter {@link #setXpathsToIdAttributes(List)}
+     * for enveloped signature and the parameter {@link #setXpathsToIdAttributes(List)}
      * for detached signature must not be set in the same configuration.
      * <p>
      * If the parameters <tt>parentXpath</tt> and <tt>parentLocalName</tt> are specified
      * in the same configuration then an exception is thrown.
-     *
+     *
      * @param parentLocalName
      *            local name
      */
@@ -467,19 +467,19 @@ public class XmlSignerConfiguration extends XmlSignatureConfiguration {
 
     /**
      * Sets the XPath to find the parent node in the enveloped case.
-     * Either you specify the parent node via this method or the local name and namespace of the parent
-     * with the methods {@link #setParentLocalName(String)} and {@link #setParentNamespace(String)}.
+     * Either you specify the parent node via this method or the local name and namespace of the parent
+     * with the methods {@link #setParentLocalName(String)} and {@link #setParentNamespace(String)}.
      * <p>
      * Default value is <code>null</code>. The value must be <code>null</code> for enveloping and
      * detached XML signature.
      * <p>
      * If the parameters <tt>parentXpath</tt> and <tt>parentLocalName</tt> are specified
      * in the same configuration then an exception is thrown.
-     *
+     *
      * @param parentXpath xpath to the parent node, if the xpath returns several values then the first Element node is used
      */
     public void setParentXpath(XPathFilterParameterSpec parentXpath) {
         this.parentXpath = parentXpath;
     }
-    
+
 }
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index 0d1f820..c51416c 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -327,6 +327,11 @@ also been deprecated in Camel 2.x. In Camel 3 we have removed the remaining code
 
 The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`.
 
+=== XML Security Component
+
+The default signature algorithm has changed for the XML Security Component - it
+is now RSA-SHA256 (before it was RSA-SHA1).
+
 === XML Security DataFormat
 
 The default encryption key for the XML Security DataFormat has been removed,
diff --git a/platforms/spring-boot/components-starter/camel-xmlsecurity-starter/src/main/java/org/apache/camel/component/xmlsecurity/springboot/XmlSignatureComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-xmlsecurity-starter/src/main/java/org/apache/camel/component/xmlsecurity/springboot/XmlSignatureComponentConfiguration.java
index f2062a9..e86f1a5 100644
--- a/platforms/spring-boot/components-starter/camel-xmlsecurity-starter/src/main/java/org/apache/camel/component/xmlsecurity/springboot/XmlSignatureComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-xmlsecurity-starter/src/main/java/org/apache/camel/component/xmlsecurity/springboot/XmlSignatureComponentConfiguration.java
@@ -121,7 +121,7 @@ public class XmlSignatureComponentConfiguration
          * Signature algorithm. Default value is
          * "http://www.w3.org/2000/09/xmldsig#rsa-sha1".
          */
-        private String signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+        private String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
         /**
          * Digest algorithm URI. Optional parameter. This digest algorithm is
          * used for calculating the digest of the input message. If this digest

Reply | Threaded
Open this post in threaded view
|

[camel] 02/02: CAMEL-14160 - Updating the default algorithm for the Crypto Component

coheigea
In reply to this post by coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 39539d66b5437527a5489be099d9f92e7ba26414
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Fri Nov 8 11:39:38 2019 +0000

    CAMEL-14160 - Updating the default algorithm for the Crypto Component
---
 .../src/main/docs/crypto-component.adoc            |   4 ++--
 .../src/main/docs/crypto-dataformat.adoc           |   2 +-
 .../crypto/DigitalSignatureConfiguration.java      |   4 ++--
 .../camel/component/crypto/SignatureTest.java      |  23 ++++++++++++++++-----
 .../component/crypto/SpringSignatureTest.java      |  10 +++++++++
 .../camel-crypto/src/test/resources/ks.keystore    | Bin 3734 -> 2229 bytes
 .../camel/component/crypto/SpringSignatureTest.xml |   6 ++++--
 .../ROOT/pages/camel-3-migration-guide.adoc        |   5 +++++
 .../DigitalSignatureComponentConfiguration.java    |   2 +-
 9 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/components/camel-crypto/src/main/docs/crypto-component.adoc b/components/camel-crypto/src/main/docs/crypto-component.adoc
index 2c908e4..25c4d3f 100644
--- a/components/camel-crypto/src/main/docs/crypto-component.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-component.adoc
@@ -119,7 +119,7 @@ with the following path and query parameters:
 [width="100%",cols="2,5,^1,2",options="header"]
 |===
 | Name | Description | Default | Type
-| *algorithm* (producer) | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *algorithm* (producer) | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
 | *alias* (producer) | Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS |  | String
 | *certificateName* (producer) | Sets the reference name for a PrivateKey that can be found in the registry. |  | String
 | *keystore* (producer) | Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used. |  | KeyStore
@@ -166,7 +166,7 @@ The component supports 33 options, which are listed below.
 |===
 | Name | Description | Default | Type
 | *camel.component.crypto.basic-property-binding* | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | Boolean
-| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
 | *camel.component.crypto.configuration.alias* | Sets the alias used to query the KeyStore for keys and {@link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header {@link org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS} |  | String
 | *camel.component.crypto.configuration.buffer-size* | Set the size of the buffer used to read in the Exchange payload data. | 2048 | Integer
 | *camel.component.crypto.configuration.certificate* | Set the Certificate that should be used to verify the signature in the exchange based on its payload. |  | Certificate
diff --git a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
index e7e69fa..5f61deb 100644
--- a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
@@ -57,7 +57,7 @@ The component supports 33 options, which are listed below.
 |===
 | Name | Description | Default | Type
 | *camel.component.crypto.basic-property-binding* | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | Boolean
-| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
 | *camel.component.crypto.configuration.alias* | Sets the alias used to query the KeyStore for keys and {@link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header {@link org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS} |  | String
 | *camel.component.crypto.configuration.buffer-size* | Set the size of the buffer used to read in the Exchange payload data. | 2048 | Integer
 | *camel.component.crypto.configuration.certificate* | Set the Certificate that should be used to verify the signature in the exchange based on its payload. |  | Certificate
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java b/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
index 908abfb..900baf2 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
@@ -49,8 +49,8 @@ public class DigitalSignatureConfiguration implements Cloneable, CamelContextAwa
     private KeyStore keystore;
     @UriParam(label = "advanced", secret = true)
     private SecureRandom secureRandom;
-    @UriParam(defaultValue = "SHA1WithDSA")
-    private String algorithm = "SHA1WithDSA";
+    @UriParam(defaultValue = "SHA256withRSA")
+    private String algorithm = "SHA256withRSA";
     @UriParam(label = "advanced", defaultValue = "" + 2048)
     private Integer bufferSize = 2048;
     @UriParam
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
index 47fb83f..90656e7 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
@@ -48,6 +48,7 @@ import static org.apache.camel.component.crypto.DigitalSignatureConstants.SIGNAT
 public class SignatureTest extends CamelTestSupport {
 
     private KeyPair keyPair;
+    private KeyPair dsaKeyPair;
     private String payload = "Dear Alice, Rest assured it's me, signed Bob";
 
     @BindToRegistry("someRandom")
@@ -110,7 +111,8 @@ public class SignatureTest extends CamelTestSupport {
         }, new RouteBuilder() {
             public void configure() throws Exception {
                 // START SNIPPET: provider
-                from("direct:provider").to("crypto:sign:provider?privateKey=#myPrivateKey&provider=SUN", "crypto:verify:provider?publicKey=#myPublicKey&provider=SUN",
+                from("direct:provider").to("crypto:sign:provider?algorithm=SHA1withDSA&privateKey=#myDSAPrivateKey&provider=SUN",
+                                           "crypto:verify:provider?algorithm=SHA1withDSA&publicKey=#myDSAPublicKey&provider=SUN",
                                            "mock:result");
                 // END SNIPPET: provider
             }
@@ -288,7 +290,7 @@ public class SignatureTest extends CamelTestSupport {
         unsigned.getIn().setBody(payload);
 
         // create a keypair
-        KeyPair pair = getKeyPair("DSA");
+        KeyPair pair = getKeyPair("RSA");
 
         // sign with the private key
         unsigned.getIn().setHeader(SIGNATURE_PRIVATE_KEY, pair.getPrivate());
@@ -375,13 +377,14 @@ public class SignatureTest extends CamelTestSupport {
     @Override
     @Before
     public void setUp() throws Exception {
-        setUpKeys("DSA");
+        setUpKeys();
         disableJMX();
         super.setUp();
     }
 
-    public void setUpKeys(String algorithm) throws Exception {
-        keyPair = getKeyPair(algorithm);
+    public void setUpKeys() throws Exception {
+        keyPair = getKeyPair("RSA");
+        dsaKeyPair = getKeyPair("DSA");
     }
 
     public KeyPair getKeyPair(String algorithm) throws NoSuchAlgorithmException {
@@ -410,11 +413,21 @@ public class SignatureTest extends CamelTestSupport {
         return c.getPublicKey();
     }
 
+    @BindToRegistry("myDSAPublicKey")
+    public PublicKey getDSAPublicKey() throws Exception {
+        return dsaKeyPair.getPublic();
+    }
+
     @BindToRegistry("myPrivateKey")
     public PrivateKey getKeyFromKeystore() throws Exception {
         return (PrivateKey)loadKeystore().getKey("bob", "letmein".toCharArray());
     }
 
+    @BindToRegistry("myDSAPrivateKey")
+    public PrivateKey getDSAPrivateKey() throws Exception {
+        return dsaKeyPair.getPrivate();
+    }
+
     @BindToRegistry("signatureParams")
     public KeyStoreParameters getParams() {
         KeyStoreParameters keystoreParameters = new KeyStoreParameters();
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
index ec26064..a5c82f6 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
@@ -31,10 +31,12 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
 public class SpringSignatureTest extends SignatureTest {
 
     private static KeyPair rsaPair;
+    private static KeyPair dsaPair;
 
     @Override
     protected CamelContext createCamelContext() throws Exception {
         rsaPair = getKeyPair("RSA");
+        dsaPair = getKeyPair("DSA");
         return SpringCamelContext.springCamelContext(new ClassPathXmlApplicationContext("org/apache/camel/component/crypto/SpringSignatureTest.xml"), true);
     }
 
@@ -66,10 +68,18 @@ public class SpringSignatureTest extends SignatureTest {
         return rsaPair.getPrivate();
     }
 
+    public static PrivateKey privateDSAKey() throws Exception {
+        return dsaPair.getPrivate();
+    }
+
     public static PublicKey publicRSAKey() throws Exception {
         return rsaPair.getPublic();
     }
 
+    public static PublicKey publicDSAKey() throws Exception {
+        return dsaPair.getPublic();
+    }
+
     public static SecureRandom random() throws Exception {
         return new SecureRandom();
     }
diff --git a/components/camel-crypto/src/test/resources/ks.keystore b/components/camel-crypto/src/test/resources/ks.keystore
index 7db483e..3bb8ca6 100644
Binary files a/components/camel-crypto/src/test/resources/ks.keystore and b/components/camel-crypto/src/test/resources/ks.keystore differ
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
index 7ccbbc6..3e2882a 100644
--- a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
+++ b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
@@ -82,8 +82,8 @@
         <!-- START SNIPPET: provider -->
         <route>
             <from uri="direct:provider"/>
-            <to uri="crypto:sign:provider?privateKey=#myPrivateKey&amp;provider=SUN" />
-            <to uri="crypto:verify:provider?publicKey=#myPublicKey&amp;provider=SUN" />
+            <to uri="crypto:sign:provider?algorithm=SHA1withDSA&amp;privateKey=#dsaPrivateKey&amp;provider=SUN" />
+            <to uri="crypto:verify:provider?algorithm=SHA1withDSA&amp;publicKey=#dsaPublicKey&amp;provider=SUN" />
             <to uri="mock:result"/>
         </route>        
         <!-- END SNIPPET: provider -->
@@ -163,6 +163,8 @@
     <bean id="myPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicKey"/>
     <bean id="rsaPrivateKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="privateRSAKey"/>
     <bean id="rsaPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicRSAKey"/>
+    <bean id="dsaPrivateKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="privateDSAKey"/>
+    <bean id="dsaPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicDSAKey"/>
     <bean id="someRandom" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="random"/>
 
     <keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="signatureParams"
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index c51416c..47ded17 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -323,6 +323,11 @@ The uri attribute has been deprecated, instead use value, which allows a shortha
 In Camel 2.x you could have 2 or more inputs to Camel routes, however this was not supported in all use-cases in Camel, and this functionality is seldom in use. This has
 also been deprecated in Camel 2.x. In Camel 3 we have removed the remaining code for specifying multiple inputs to routes, and its now only possible to specify exactly only 1 input to a route.
 
+=== Crypto Component
+
+The default signature algorithm has changed for the Crypto (JCE) Component - it
+is now SHA256withRSA (before it was SHA1WithDSA).
+
 === JSon DataFormat
 
 The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`.
diff --git a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
index 9c48f9c..d93a6df 100644
--- a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
@@ -81,7 +81,7 @@ public class DigitalSignatureComponentConfiguration
          * Sets the JCE name of the Algorithm that should be used for the
          * signer.
          */
-        private String algorithm = "SHA1WithDSA";
+        private String algorithm = "SHA256withRSA";
         /**
          * Sets the alias used to query the KeyStore for keys and {@link
          * java.security.cert.Certificate Certificates} to be used in signing