[xmlsec] Learning about XML Signatures
Aleksey Sanin
aleksey at aleksey.com
Fri Apr 29 14:27:17 UTC 2022
xmlsec has a number of tools to help with debugging
(https://www.aleksey.com/xmlsec/xmlsec-man.html):
--store-references
--store-signatures
XML Signature 2.0 has a more sophisticated c14n so that might
be the difference.
Best,
Aleksey
On 4/28/22 3:38 PM, Alberto Mijares wrote:
> Hi guys,
>
> I'm new in the subject so perhaps someone can help me to figure out a
> couple of things.
>
> I'm signing up to a government's program for the emission of
> electronic invoices. They require a digital certificate and private
> key for the signatures, issued by an authorized vendor, of course.
>
> Part of the process is to sign an XML document, using your
> certificate, as proof of agreement. And you are supposed to use a
> proprietary software provided by them.
>
> So, I wanted to do the signing on my own with xmlsec1, but they
> declined the document. I had no choice but to use the software they
> provide and right after I went to comprate the result I got using
> xmlsec1 and their tool, and the result was.... TADANNNNN... their
> signatures are different.
>
> Here comes the question. How can I know why they are different? I
> have a theory. They say in some documentation that they are using XML
> Signatures 2.0, while the library under xmlsec1 only mentions XML
> Signatures 1.0.
>
> There are differences in those implementations that can lead to this
> incompatibility?
>
> Thanks in advance for your help.
>
>
> Alberto Mijares
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list