[xmlsec] Learning about XML Signatures

Alberto Mijares amijaresp at gmail.com
Thu Apr 28 19:38:50 UTC 2022


Hi guys,

I'm new in the subject so perhaps someone can help me to figure out a
couple of things.

I'm signing up to a government's program for the emission of
electronic invoices. They require a digital certificate and private
key for the signatures, issued by an authorized vendor, of course.

Part of the process is to sign an XML document, using your
certificate, as proof of agreement. And you are supposed to use a
proprietary software provided by them.

So, I wanted to do the signing on my own with xmlsec1, but they
declined the document. I had no choice but to use the software they
provide and right after I went to comprate the result I got using
xmlsec1 and their tool, and the result was.... TADANNNNN... their
signatures are different.

 Here comes the question. How can I know why they are different? I
have a theory. They say in some documentation that they are using XML
Signatures 2.0, while the library under xmlsec1 only mentions XML
Signatures 1.0.

There are differences in those implementations that can lead to this
incompatibility?

Thanks in advance for your help.


Alberto Mijares


More information about the xmlsec mailing list