21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
# fauxsign
|
|
|
|
Python script to replace [SETCCE proXSign®](https://proxsign.setcce.si/proXSignCustomerPages/). Currently only supports XML documents with SHA256 signatures, required to submit requests on certain gov.si sites.
|
|
|
|
## Setup
|
|
|
|
Websites that want to sign XML or PDF documents submit requests to the proXSign® component acting as a local HTTPS server listening on port 14972. To replicate this behavior, a self-signed TLS certificate is required. One can be generated with
|
|
|
|
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
|
|
-subj "/CN=fauxsign" -keyout fauxsign.key -out fauxsign.crt
|
|
|
|
## Usage
|
|
|
|
Assuming your personal certificate and key are stored in `user.crt` and `user.key` respectively, start the server with
|
|
|
|
./fauxsign --app-key fauxsign.key --app-cert fauxsign.crt \
|
|
--user-key user.key --user-cert user.crt
|
|
|
|
Before signing, add a browser exception for the app certificate generated above by navigating to [https://localhost:14972/version](https://localhost:14972/version). This only needs to be done once.
|
|
|
|
Visit the [XML signing test page](https://proxsign.setcce.si/proXSignCustomerPages/testXML.html) to verify the script works correctly. The script will prompt for each signature request; answer `y` or `yes` to confirm.
|