Im using EXCHANGE key for signing. I dont have a SIGNING key, but xmlsec signs the xml ok. No complaints. Also my package signs it ok, but the signature is different. I wanted to check the digest before it gets signed and compare it with my. Regards, Gregor