1.2 KiB
fauxsign
Python script to replace SETCCE proXSign®. Currently only supports XML documents with SHA256 signatures, required to submit requests on certain gov.si sites.
Setup
Websites that want to sign XML or PDF documents submit requests to the proXSign® component acting as a local HTTPS server listening on port 14972. To replicate this behavior, a self-signed TLS certificate is required. One can be generated with
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-subj "/CN=fauxsign" -keyout fauxsign.key -out fauxsign.crt
Usage
Assuming your personal certificate and key are stored in user.crt and user.key respectively, start the server with
./fauxsign --app-key fauxsign.key --app-cert fauxsign.crt \
--user-key user.key --user-cert user.crt
Before signing, add a browser exception for the app certificate generated above by navigating to https://localhost:14972/version. This only needs to be done once.
Visit the XML signing test page to verify the script works correctly. The script will prompt for each signature request; answer y or yes to confirm.