[xmlsec] Learning about XML Signatures
aleksey at aleksey.com
Fri Apr 29 14:27:17 UTC 2022
xmlsec has a number of tools to help with debugging
XML Signature 2.0 has a more sophisticated c14n so that might
be the difference.
On 4/28/22 3:38 PM, Alberto Mijares wrote:
> Hi guys,
> I'm new in the subject so perhaps someone can help me to figure out a
> couple of things.
> I'm signing up to a government's program for the emission of
> electronic invoices. They require a digital certificate and private
> key for the signatures, issued by an authorized vendor, of course.
> Part of the process is to sign an XML document, using your
> certificate, as proof of agreement. And you are supposed to use a
> proprietary software provided by them.
> So, I wanted to do the signing on my own with xmlsec1, but they
> declined the document. I had no choice but to use the software they
> provide and right after I went to comprate the result I got using
> xmlsec1 and their tool, and the result was.... TADANNNNN... their
> signatures are different.
> Here comes the question. How can I know why they are different? I
> have a theory. They say in some documentation that they are using XML
> Signatures 2.0, while the library under xmlsec1 only mentions XML
> Signatures 1.0.
> There are differences in those implementations that can lead to this
> Thanks in advance for your help.
> Alberto Mijares
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec