Invalid signed properties hashing, SignedProperties with id='xadesSignedProperties'

Signing process
1

Hi there, I’m getting an error

"errorMessages": [
            {
                "type": "ERROR",
                "code": "signed-properties-hashing",
                "category": "CERTIFICATE_ERRORS",
                "message": "Invalid signed properties hashing, SignedProperties with id='xadesSignedProperties'",
                "status": "ERROR"
            }
        ]

My code work for Sandbox account, In sandbox account I used to call Compliance API and it returning PASSED result

/compliance

but when i call Production API for invoice verification

https://gw-fatoora.zatca.gov.sa/e-invoicing/core/compliance/invoices

It returning Invalid signed properties hashing, SignedProperties with id='xadesSignedProperties error.

My xml invoice is in

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature">
                            <ds:SignedInfo>
                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
                                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
                                <ds:Reference Id="invoiceSignedData" URI="">
                                    <ds:Transforms>
                                        <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                                            <ds:XPath>not(//ancestor-or-self::ext:UBLExtensions)</ds:XPath>
                                        </ds:Transform>
                                        <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                                            <ds:XPath>not(//ancestor-or-self::cac:Signature)</ds:XPath>
                                        </ds:Transform>
                                        <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                                            <ds:XPath>not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])</ds:XPath>
                                        </ds:Transform>
                                        <ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
                                    </ds:Transforms>
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                    <ds:DigestValue>hIKaXvk7fIhwsA3O/tBm8xHSA7Qf/pEKrA7qNNQZAbk=</ds:DigestValue>
                                </ds:Reference>
                                <ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#xadesSignedProperties">
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                    <ds:DigestValue>MzVmNzAxZmFjZWVkYzk4M2YwZGQ3YmU0OWMyNDYyNjEyNWI4MmZiMjllZmJjOTkzNmI0NTZiOTAzOTU2ZDVmZA==</ds:DigestValue>
                                </ds:Reference>
                            </ds:SignedInfo>
                            <ds:SignatureValue>MEQCICg+zJ50Q5FqODPnoY+Wxw58z5E7VIO3IthvEK9qwiQHAiA8IEdEoE4VudjVTDGIaKK5y4LP0GE2/1Sz/nozKvi1fw==</ds:SignatureValue>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICHTCCAcOgAwIBAgIGAZFvLau7MAoGCCqGSM49BAMCMBUxEzARBgNVBAMMCmVJbnZvaWNpbmcwHhcNMjQwODIwMDk0NTQ0WhcNMjkwODE5MjEwMDAwWjBQMRcwFQYDVQQDDA5FR1MxLTg4NjQzMTE0NTETMBEGA1UECwwKQmluIEhhbXJhbjETMBEGA1UECgwKQmluIEhhbXJhbjELMAkGA1UEBhMCU0EwVjAQBgcqhkjOPQIBBgUrgQQACgNCAAT8oRZ5EsOuAdvZU/lfx7K8LZoEX7bftHqHUe+GZUgWhIxFlWGEAY+/kBTCNDzHqm0tY1Xne4owAec0xmtYqJQto4HGMIHDMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp6SBpDCBoTE6MDgGA1UEBAwxMS1RcnwyLUlPU3wzLTZmNGQyMGUwLTZiZmUtNGE4MC05Mzg5LTdkYWJlNjYyMGYxMjEfMB0GCgmSJomT8ixkAQEMDzMwMDEwMTYwMjEwMDAwMzENMAsGA1UEDAwEMDEwMDEkMCIGA1UEGgwbMDAwMCBLaW5nIEZhaGFoZCBzdCwgS2hvYmFyMQ0wCwYDVQQPDARGb29kMAoGCCqGSM49BAMCA0gAMEUCIC/Kxw7k6e/3LIqValF3YqExHExtw8lD3gW6WKpcCI8BAiEA4QxF9cinS/s9giwNBY7tP9zFdVSfSAw882+meLW+1SA=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <ds:Object>
                                <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="signature">
                                    <xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xadesSignedProperties">
                                    <xades:SignedSignatureProperties>
                                        <xades:SigningTime>2022-08-17T17:41:08</xades:SigningTime>
                                        <xades:SigningCertificate>
                                            <xades:Cert>
                                                <xades:CertDigest>
                                                    <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                                    <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">NzQzMWFlNmY1YmQwMmRmNDYwYmZiODI0ODI2ODVmNTE0NjdhMWJjNjc3ZWYyMWZlMzMyMmE2ZDZhYjI0YzAwNA==</ds:DigestValue>
                                                </xades:CertDigest>
                                                <xades:IssuerSerial>
                                                    <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=eInvoicing</ds:X509IssuerName>
                                                    <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1724147149755</ds:X509SerialNumber>
                                                </xades:IssuerSerial>
                                            </xades:Cert>
                                        </xades:SigningCertificate>
                                    </xades:SignedSignatureProperties>
                                </xades:SignedProperties>
                                </xades:QualifyingProperties>
                            </ds:Object>
                        </ds:Signature>

I am using this github library, your help is appreciated!
Thanks

2

Dear @Sulaman

Thanks for reaching out,

Please find the signing document attached, you can find the Signed Properties tag in slide 7.

Kindly review it carefully, and if you faced any challenges, please do not hesitate to reach out with our support team via email.

SP email: sp_support@zatca.gov.sa

Thanks,
Ibrahem Daoud.

SigningProcessUpdated.pdf (927.7 KB)

3

Hi Ibrahem,

Thanks, I am reviewing it.
Downlaod User Manuall button is not working from fatoora.zatca.gov.sa It’s returning 500 error may be you can help or share that document here as well.

Thanks,
Sulaman Khan
Good Day.

4

Dear @idaoud,

I followed all points that is mentioned in pdf, but still error exits.
The private-key & csr do i need to request from Zacta? I am generating it by my own on dev enviorment with openssl command that are mentioned in given SigningProcessUpdate.pdf file.

5

Hi @idaoud
Your assistance would be greatly appreciated; we’re currently stuck, and even though I sent an email, I haven’t received a response.

6

Dear @idaoud

We need your assistance, please. Additionally, the user manual button isn’t functioning, so I’m unable to access the details about the keys.

7

HI @Sulaman

you mentioned issue is resolved ? because we also facing same issue

hi @idaoud

i am using .NET dll Zatca.EInvoice.SDK for sign B2B or B2C document for B2B document signed and cleared from zatca in production enviroment. only issue is coming for B2C invoice while call compliance api error is coming * Invalid signed properties hashing, SignedProperties with id=‘xadesSignedProperties’

Thank’s

8

Hi @Sulaman

getting error for standard invoice or simplified invoice ?

Thanks

9

Dear @Anil_K

Thanks for reaching out,

Can I kindly ask you to send your full concerns with config file and the steps you did with the CSID, and the full request and response from the API,
to the below SP support email. To take a look and get back to you ASAP, and schedule meeting if needed.

SP email: sp_support@zatca.gov.sa.

Thanks,
Ibrahem Daoud.

10

Dear @idaoud

Thank’s for reply

i have sent you detail to email address sp_support@zatca.gov.sa

Thanks,
Anil K

11

@Anil_K did you got the solution ?

12

Dear @anusv

Kindly if you are still facing an issue provide all of the details to ensure a comprehensive support.

Please Share via
sp_support@zatca.gov.sa
E-invoicing@zatca.gov.sa

Thanks.

13

We are also facing this issue, even with the latest .net sdk

it only occurs when issuing invoices in the core and simulation environments, but not in development environment.

this occurs when there is an empty tag in the invoice (e.g. simplified invoices with no customer information), and when calling compliance, reporting or clearance APIs

someone on GitHub has posted a workaround , but I haven’t personally tested it yet.

14

Perform the following two operations before creating the hash:

  1. Replace “\r\n” with “\n”
  2. Trim the input

This worked for me.