In [1]:
!pip install signxml

Collecting signxml
  Downloading signxml-4.2.0-py3-none-any.whl.metadata (16 kB)
Downloading signxml-4.2.0-py3-none-any.whl (59 kB)
Installing collected packages: signxml
Successfully installed signxml-4.2.0


In [2]:
from lxml import etree
from signxml import XMLSigner, XMLVerifier

# 1. Load your key and certificate
with open("private_key.pem", "rb") as f:
    key = f.read()
with open("certificate.pem", "rb") as f:
    cert = f.read()

# 2. Create a sample XML document
root = etree.fromstring("<Message><Body>Never again will the waters become a flood to destroy all life.</Body></Message>")

# 3. Sign the XML
# Enveloped signature means the <Signature> block is placed inside the XML
signed_root = XMLSigner().sign(root, key=key, cert=cert)

# 4. Output the signed XML
signed_xml = etree.tostring(signed_root, pretty_print=True).decode()
print("--- SIGNED XML ---")
print(signed_xml)

--- SIGNED XML ---
<Message>
  <Body>Never again will the waters become a flood to destroy all life.</Body>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <ds:Reference URI="">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue>bonhjxWpCdpqQhvtVplo3GhAFAV9Sz1tqZm7rwKbdJE=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>iLDz9oTABbL/TZkabdfcm18j9EUmV1eCbU/2s3cvL//UkTfz6ZFM7urWdqDOfKL6+ZZJtCNCWS38qcYgR2VL7yAR7X6z5uJBLar7Cevkfci19Bv71Vf/jkQO1V0zV8SgxNSBbPSA366hIGFivAl+PPEM1GcrncUO

In [3]:
# Use the signed_root from the previous step
try:
    # We provide the certificate to verify the signature
    verified_data = XMLVerifier().verify(signed_root, x509_cert=cert)
    print("\nVerification Successful!")
    print("Signed data verified:", etree.tostring(verified_data.signed_xml).decode())
except Exception as e:
    print(f"\nVerification Failed: {e}")


Verification Successful!
Signed data verified: <Message><Body>Never again will the waters become a flood to destroy all life.</Body></Message>
