ALsalam Alykum, Hello,

everything is working ( almost ) except the SignedProperties,
I get a different hashing key, because of the spaces

In your Simplified invoice xml, you are putting ubl:Extensions in same level as the invoice tag

<Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"><ext:UBLExtensions>
...
..
.

Where is in my code, the ubl:extensions is inside the invoice

<Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2">

    <ext:UBLExtensions>

and because of that, my SignedProperties got an extra 4 spaces,

my question is, does that matter ? will it effect the hash ?
does that why i get an errors:

2025-07-26 19:41:38,828 [INFO] ValidationProcessorImpl - [QR] validation result : FAILED
2025-07-26 19:41:38,830 [ERROR] ValidationProcessorImpl - qr validation errors :
2025-07-26 19:41:38,830 [ERROR] ValidationProcessorImpl - CODE : QRCODE_INVALID, MESSAGE : Invalid QR code format, Please follow the ZATCA QR code specifications
2025-07-26 19:41:39,206 [INFO] ValidationProcessorImpl - [SIGNATURE] validation result : FAILED
2025-07-26 19:41:39,206 [ERROR] ValidationProcessorImpl - signature validation errors :
2025-07-26 19:41:39,207 [ERROR] ValidationProcessorImpl - CODE : X509IssuerName, MESSAGE : wrong X509IssuerName
2025-07-26 19:41:39,207 [ERROR] ValidationProcessorImpl - CODE : X509SerialNumber, MESSAGE : wrong X509SerialNumber
2025-07-26 19:41:39,207 [ERROR] ValidationProcessorImpl - CODE : signingCertificateDigestValue, MESSAGE : wrong signingCertificateDigestValue
2025-07-26 19:41:39,210 [INFO] ValidationProcessorImpl - [PIH] validation result : PASSED
2025-07-26 19:41:39,210 [INFO] InvoiceValidationService -  *** GLOBAL VALIDATION RESULT = FAILED

I’m sure if the issuerName and serialNumber, because i decoded everything and extracted it ( dynamic )

Thank you.

Yes, spaces absolutely affect hashing.

This is why you should take care of the canonicalization based on the signing process documentation, however, please find the document attached to this response.

You should take care of the SignedProperties tag placeholder as is with the spacing to populate the correct signedproperties hash tag, please refer to the document for more information.

Regards,
SigningProcessUpdated.pdf (392.7 KB)

I solved IssuerSerialNumber By setting C14N(false, false); in php

Screenshot 2025-07-29 0808271350×211 42.9 KB

Yes I’m Doing What Asked For, here is what i’m signing:

<xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xadesSignedProperties">
                                    <xades:SignedSignatureProperties>
                                        <xades:SigningTime>2025-07-29T07:44:36</xades:SigningTime>
                                        <xades:SigningCertificate>
                                            <xades:Cert>
                                                <xades:CertDigest>
                                                    <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                                    <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ZWNhNzU4YmM1ZDRhZWU1MmUyZWY1ZDZhMDA3NWMzMTQ5MDdmNDFmMzFmODc3ZjhhZDhiMzMyNTU2N2FiZDRlNQ==</ds:DigestValue>
                                                </xades:CertDigest>
                                                <xades:IssuerSerial>
                                                    <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=eInvoicing</ds:X509IssuerName>
                                                    <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1753764128608</ds:X509SerialNumber>
                                                </xades:IssuerSerial>
                                            </xades:Cert>
                                        </xades:SigningCertificate>
                                    </xades:SignedSignatureProperties>
                                </xades:SignedProperties>```

please if you know what i’m doing worng let me know!

The Error now is ( please leave the qr for now ) :

Screenshot 2025-07-29 0748181318×352 61.7 KB

Is it my signing method ? I’m using php :

  public static function generateSignatureValue($invoiceHash, $privateKey) {
    $binaryInvoiceHash = base64_decode($invoiceHash);
    $pKey = EC::loadPrivateKey($privateKey);
    $digitalSignature = $pKey->sign($binaryInvoiceHash);
    return base64_encode($digitalSignature);
  }

Note: the invoiceHash in base64 so I decode it to get the raw,
EC to load the privateKey:

-----BEGIN PRIVATE KEY-----
MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgpj+vyD2A+omx4n1c3j5e
d9Mo8akZ5MM9obEuwxf0p4uhRANCAARIxFT92xSmJnGKQ22uBjXp5pF3Ruzw+EUa
KfGDTAEBOIhMObfKC8/hmSP5odl19tAs9Rso2CP5KoXcRmmdqbWt
-----END PRIVATE KEY-----

and I’ll send you my xml to compare

The problem is when i do:
(I put my keys in the SDK files)
fatoora -sign -signedInvoice {signed.xml} -invoice {invoice_path.xml}

and I take the generated signed, it works and the error goes,

so maybe my signing

I Fixed it,

ext:UBLExtensions
it has 4 spaces ( which it should be normal )

<Invoice
   <ext:UBLExtensions>
       .....

and I removed the 4 spaces ( for all the elements in ext:UBLExtensions )
so it will be the same level as the parent Invoice.

Thank you.