etobella / python-xades Goto Github PK

View Code? Open in Web Editor NEW

31.0 6.0 27.0 137 KB

Xades Signature for Python

License: GNU Lesser General Public License v3.0

Makefile 1.56% Python 98.44%

python-xades's Introduction

XAdES: Python native XAdES Signature

A python native library that signs and verifies XAdES signatures

Highlights:

Build on top of lxml, cryptography and xmlsig

Status

Installation

pip install xades

Usage

import xades
import xmlsig

sign = xmlsig.template.create(c14n_method=xmlsig.constants.TransformExclC14N, sign_method=xmlsig.constants.TransformRsaSha1)
ref = xmlsig.template.add_reference(sign, xmlsig.constants.TransformSha1)
xmlsig.template.add_transform(ref, xmlsig.constants.TransformEnveloped)
qualifying = template.create_qualifying_properties(signature)
props = template.create_signed_properties(qualifying)
policy = xades.policy.GenericPolicyId(
          policy_id,
          policy_name,
          xmlsig.constants.TransformSha1)
ctx = xades.XAdESContext(policy)

To have more examples, look at the source code of the testings

Functionality

XAdES EPES is implemented. More functionalities are still on work.

License

This library is published under LGPL-3 license.

Contributors

Enric Tobella <[email protected]>

python-xades's People

Contributors

Stargazers

Watchers

python-xades's Issues

X509 Certificate Validation : NO_CERTIFICATE_CHAIN_FOUND

I'm receiving this error when validating, what can I do???

X509 Certificate Validation : NO_CERTIFICATE_CHAIN_FOUND

thanks

Source Code Ahead compared to PyPI

I would appreciate if you can repackage this so we can enjoy the latest version to install from pypi. Thanks

incomplete assumptions about location of signature in tree

>>> root.remove(signature)
ValueError: ValueError('Element is not a child of this node.')

The signature element not necessarily is a child of the root element, however it is a "decendent". For example in UBL, <ds:Signature/> is located at ext:UBLExtensions/ext:UBLExtension/ext:ExtensionContent/ds:Signature

This needs be fixed to comply with the standard.

Xades-bes

does is support xades-bes ?? is yes, how?? I tried but complains about the digest what is strange

How to implement certificate chains

Some policies require to include the complete chain up to the trusted root CA.
Currently there is a stub method policy.calculate_certificateS but no concrete implementation.

Bascially, I see two options:

Load certificates (in order) into a certs list
Include Regexps to separate a cert chain file by --- BEGIN CERTIFICATE --- and the like.

The latter would require some plumbing in order to be able to load the certificates and hide the cryptography interface. I don't favor this idea too much.

The former would preserve the pure cryptography interface.

@etobella Is there any use case or argument why the latter should be favored? - Are you ok with me going for a cert list implementation in?

Generating xades-BES signature

Hi,

I was wondering if it is possible to generate a basic electronic signature (BES) with this library. If yes, what fields should I supress to achieve it?

Thank you

Invalid Signature

HI, i'm trying to use your code to sign electronic invoices in Costa Rica, your code works but i always get the error "Invalida Signature". If i check the final signature with some tool i get data:data and digest doesn't match. Any idea what i'm doing wrong?

etobella / python-xades Goto Github PK

python-xades's Introduction

XAdES: Python native XAdES Signature

Status

Installation

Usage

Functionality

License

Contributors

python-xades's People

Contributors

Stargazers

Watchers

Forkers

python-xades's Issues

Recommend Projects

Recommend Topics

Recommend Org