diff --git a/src/main/java/xades4j/verification/CertRefUtils.java b/src/main/java/xades4j/verification/CertRefUtils.java
index a3c5dfca..e85a8c2b 100644
--- a/src/main/java/xades4j/verification/CertRefUtils.java
+++ b/src/main/java/xades4j/verification/CertRefUtils.java
@@ -19,7 +19,6 @@
 import java.security.MessageDigest;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.Collection;
 import xades4j.UnsupportedAlgorithmException;
 import xades4j.XAdES4jException;
@@ -85,7 +84,7 @@ static void checkCertRef(
         {
             messageDigest = messageDigestProvider.getEngine(certRef.getDigestAlgUri());
             byte[] actualDigest = messageDigest.digest(cert.getEncoded());
-            if (!Arrays.equals(certRef.getDigestValue(), actualDigest))
+            if (!MessageDigest.isEqual(certRef.getDigestValue(), actualDigest))
                 throw new InvalidCertRefException("digests mismatch");
             return;
         } catch (UnsupportedAlgorithmException | CertificateEncodingException ex)
diff --git a/src/main/java/xades4j/verification/SignaturePolicyVerifier.java b/src/main/java/xades4j/verification/SignaturePolicyVerifier.java
index e5d2eb60..102d5b09 100644
--- a/src/main/java/xades4j/verification/SignaturePolicyVerifier.java
+++ b/src/main/java/xades4j/verification/SignaturePolicyVerifier.java
@@ -17,6 +17,9 @@
 package xades4j.verification;
 
 import jakarta.inject.Inject;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
 import xades4j.UnsupportedAlgorithmException;
 import xades4j.properties.ObjectIdentifier;
 import xades4j.properties.QualifyingProperty;
@@ -27,11 +30,6 @@
 import xades4j.providers.SignaturePolicyDocumentProvider;
 import xades4j.utils.MessageDigestUtils;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.MessageDigest;
-import java.util.Arrays;
-
 /**
  *
  * @author Luís
@@ -75,7 +73,7 @@ public QualifyingProperty verify(
             byte[] sigDocDigest = MessageDigestUtils.digestStream(md, sigDocStream);
 
             // Check the document digest.
-            if (!Arrays.equals(sigDocDigest, propData.getDigestValue()))
+            if (!MessageDigest.isEqual(sigDocDigest, propData.getDigestValue()))
             {
                 throw new SignaturePolicyDigestMismatchException(policyId);
             }