Signing Process issue in Step 5

Ramish · September 3, 2024, 11:39am

Dear
we are facing an issue while signing the xml we follow the below link

page 52 and we stuck on step 5

This is Original Version of xml after step 4

<xades:SignedProperties Id=“xadesSignedProperties”>
xades:SignedSignatureProperties
xades:SigningTime2024-09-02T05:49:14</xades:SigningTime>
xades:SigningCertificate
xades:Cert
xades:CertDigest
<ds:DigestMethod Algorithm=“XML Encryption Syntax and Processing”/>
ds:DigestValueY2YzN2ExZDFmNTAxZGI2Mzg1ZTJjZTUzNjFhMDc5ODNmNjFlZTM0ZmYzOTM4OTI2NGViOTM2YzkwMzZjNzJjMA==</ds:DigestValue>
</xades:CertDigest>
xades:IssuerSerial
ds:X509IssuerNameCN=eInvoicing</ds:X509IssuerName>
ds:X509SerialNumber1724940897783</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>

This is what we are using for hash Original Version of xml block after step 4

<xades:SignedProperties xmlns:xades=“Assigned ETSI XML URIs” Id=“xadesSignedProperties”>
xades:SignedSignatureProperties
xades:SigningTime2024-09-02T05:32:07</xades:SigningTime>
xades:SigningCertificate
xades:Cert
xades:CertDigest
<ds:DigestMethod xmlns:ds=“XML-Signature Syntax and Processing” Algorithm=“XML Encryption Syntax and Processing”/>
<ds:DigestValue xmlns:ds=“XML-Signature Syntax and Processing”>Y2YzN2ExZDFmNTAxZGI2Mzg1ZTJjZTUzNjFhMDc5ODNmNjFlZTM0ZmYzOTM4OTI2NGViOTM2YzkwMzZjNzJjMA==</ds:DigestValue>
</xades:CertDigest>
xades:IssuerSerial
<ds:X509IssuerName xmlns:ds=“XML-Signature Syntax and Processing”>CN=eInvoicing</ds:X509IssuerName>
<ds:X509SerialNumber xmlns:ds=“XML-Signature Syntax and Processing”>1724940897783</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>

the sdk value after hashing above xml block is

ZTNiMTZmNzIyN2U5ZmQ3MzQ5MDFkMjIzNDc2NjE1MzhlZjk3ZDIxN2MzNDZmMWFjMTNmYTFkY2NkYTZhYWM1OQ==

and what we get when we hash online with provided tools link is

MDM2ZTEyNzM5YmFiMWQxZDdmNWJhMmRhZjUwNDc4M2UxZjMzOTMxOTQ5ZDhjNjAzODZiMDJmMjViM2Q3OWU1MQ==

I think we misses some trick here please help us to resolve this issue

lalomar · September 3, 2024, 12:39pm

If you are implementing the signing process in your own code, please refer to the document
SigningProcessUpdated.pdf (392.7 KB)

Ramish · September 4, 2024, 7:35am

Yes i am refer to this but i got stuck in step 5 as i mentioned
the hash of the xml block is provided by sdk when signing the invoice is totally differnt to the hash i got from the tools online , for coding we have to know how this hash of the xml block in step 5 is calculted

lalomar · September 4, 2024, 11:20am

Hi @Ramish ,

as explained in the technical guideline, the hash should be generated by using SHA-256 Hash - Hashing algorithm first then the output should be encoded using base64. Please refer to the picture below

Ramish · September 8, 2024, 9:56am

                            <xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xadesSignedProperties">
                                <xades:SignedSignatureProperties>
                                    <xades:SigningTime>2024-01-14T10:31:59</xades:SigningTime>
                                    <xades:SigningCertificate>
                                        <xades:Cert>
                                            <xades:CertDigest>
                                                <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                                <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ZDMwMmI0MTE1NzVjOTU2NTk4YzVlODhhYmI0ODU2NDUyNTU2YTVhYjhhMDFmN2FjYjk1YTA2OWQ0NjY2MjQ4NQ==</ds:DigestValue>
                                            </xades:CertDigest>
                                            <xades:IssuerSerial>
                                                <ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=PRZEINVOICESCA4-CA, DC=extgazt, DC=gov, DC=local</ds:X509IssuerName>
                                                <ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">379112742831380471835263969587287663520528387</ds:X509SerialNumber>
                                            </xades:IssuerSerial>
                                        </xades:Cert>
                                    </xades:SigningCertificate>
                                </xades:SignedSignatureProperties>
                            </xades:SignedProperties>

Please can you perform hash on this because as in the document in step 5 we need to hash this and encode the hash to base 64
I am using these two links as prefrered in Zatca documentation

For Hashing: SHA256 - Online Tools
For Encode Base64 : https://www.base64encode.org/

and got this hex

a5f6a44b28df90f043eac27e62cba89a4f346cb976a56bab5614b4fd858896b5

and this is base64

YTVmNmE0NGIyOGRmOTBmMDQzZWFjMjdlNjJjYmE4OWE0ZjM0NmNiOTc2YTU2YmFiNTYxNGI0ZmQ4NTg4OTZiNQ==

but the hash made by sdk during signing is the

YjlmMzU5OWE5YmRhNjUzMzgzNjVlM2E2YmI5NzhjZTQ3MTA1NmVhNWZmOTYwNmIxODlmNDY2NTllNzkxNDMyZg==

It seems even a single blank change the hash so what is the right format of the xml block

Madleen · September 8, 2024, 9:56am

Dear @lalomar,
How can do step 4

creativebusiness · January 26, 2025, 7:03am

SDK will always hash with current timestamp, so you will always get different values.

ObeidSalem · July 27, 2025, 12:35pm

any updates .. did you fix your problem ?

Thanks.

Topic		Replies	Views
How i Get the Right Hash? Signing process	4	85	October 29, 2024
What do Signed Properties Look Like When Hashing? Signing process	36	4606	August 21, 2025
How to Generate Hash? Signing process	8	209	October 31, 2024
The invoice hash API body does not match the (calculated) Hash of the XML and xadesSignedProperties Clearance and Reporting	5	188	June 16, 2025
Signing Process Documentation	0	5720	July 19, 2023

Signing Process issue in Step 5

Related topics