First commit

Heavily amended.
This commit is contained in:
Timotej Lazar 2023-07-04 22:47:41 +02:00
commit f1d9b1a291
No known key found for this signature in database
GPG key ID: 872369B696594350
5 changed files with 126 additions and 0 deletions

21
README.md Normal file
View file

@ -0,0 +1,21 @@
# fauxsign
Python script to replace [SETCCE proXSign®](https://proxsign.setcce.si/proXSignCustomerPages/). Currently only supports XML documents with SHA256 signatures, required to submit requests on certain gov.si sites.
## Setup
Websites that want to sign XML or PDF documents submit requests to the proXSign® component acting as a local HTTPS server listening on port 14972. To replicate this behavior, a self-signed TLS certificate is required. One can be generated with
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-subj "/CN=fauxsign" -keyout fauxsign.key -out fauxsign.crt
## Usage
Assuming your personal certificate and key are stored in `user.crt` and `user.key` respectively, start the server with
./fauxsign --app-key fauxsign.key --app-cert fauxsign.crt \
--user-key user.key --user-cert user.crt
Before signing, add a browser exception for the app certificate generated above by navigating to [https://localhost:14972/version](https://localhost:14972/version). This only needs to be done once.
Visit the [XML signing test page](https://proxsign.setcce.si/proXSignCustomerPages/testXML.html) to verify the script works correctly. The script will prompt for each signature request; answer `y` or `yes` to confirm.