# fauxsign

Python script to replace [SETCCE proXSign®](https://proxsign.setcce.si/proXSignCustomerPages/). Currently only supports XML documents with SHA256 signatures, required to submit requests on certain gov.si sites.

## Setup

Websites that want to sign XML or PDF documents submit requests to the proXSign® component acting as a local HTTPS server listening on port 14972. To replicate this behavior, a self-signed TLS certificate is required. One can be generated with

    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
        -subj "/CN=fauxsign" -keyout fauxsign.key -out fauxsign.crt

## Usage

Assuming your personal certificate and key are stored in `user.crt` and `user.key` respectively, start the server with

    ./fauxsign --app-key fauxsign.key --app-cert fauxsign.crt \
        --user-key user.key --user-cert user.crt

Before signing, add a browser exception for the app certificate generated above by navigating to [https://localhost:14972/version](https://localhost:14972/version). This only needs to be done once.

Visit the [XML signing test page](https://proxsign.setcce.si/proXSignCustomerPages/testXML.html) to verify the script works correctly. The script will prompt for each signature request; answer `y` or `yes` to confirm.