I’m trying to send a simplified invoice to compliance/invoices. I’ve successfully sent three standard invoices (invoice, credit, and debit), but when I send the simplified invoice, I receive the following response:
{
“validationResults”: {
“infoMessages”: [
{
“type”: “INFO”,
“code”: “XSD_ZATCA_VALID”,
“category”: “XSD validation”,
“message”: “Complies with UBL 2.1 standards in line with ZATCA specifications”,
“status”: “PASS”
}
],
“warningMessages”: ,
“errorMessages”: [
{
“type”: “ERROR”,
“code”: “signed-properties-hashing”,
“category”: “CERTIFICATE_ERRORS”,
“message”: “Invalid signed properties hashing. SignedProperties with id=‘xadesSignedProperties’.”,
“status”: “ERROR”
}
],
“status”: “ERROR”
},
“reportingStatus”: “NOT_REPORTED”,
“clearanceStatus”: null,
“qrSellerStatus”: null,
“qrBuyerStatus”: null
}
@khalid it appears only with simplified invoices because you dont have to sign standard invoices . you send them without signature and QR code .
for simple invoices , it looks like you did something wrong while signing the invoice (hashing the signed properties)
What’s missing or what could be wrong here?
<sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
<sac:SignatureInformation>
<cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
<sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
<ds:Reference Id="invoiceSignedData" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::ext:UBLExtensions)</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::cac:Signature)</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zcjaJC3vZxj4cdsbhYJJeN64chljiUjOEK3eqsaqTso=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#xadesSignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ZjcxNTE5YTk0ZTYyZDQyMzgwNDVkMjZmNzg3NWIwYWE1ZjY4OGYwYzFhNWJmYzMxOWM5YzY2ZGNiNTU1NmY3Zg==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MEQCIEC7L03yu+eWPovXQxEmEm7YFYHn3Wcvz2koaEuLw/zkAiBDQPAfKPOZaIEaGj+q5CzOl1gfBXCFNJOev3DIDQqxPA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIB6TCCAY+gAwIBAgIGAZVT6vOuMAoGCCqGSM49BAMCMBUxEzARBgNVBAMMCmVJbnZvaWNpbmcwHhcNMjUwMzAxMjI1NDE2WhcNMzAwMzAxMjEwMDAwWjA9MQowCAYDVQQDDAEgMQowCAYDVQQKDAEgMRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQswCQYDVQQGEwJTQTBWMBAGByqGSM49AgEGBSuBBAAKA0IABNEHsPc9PfRipXk1rzhJIY7bwF/AKoET3sV/Vu24jb1EWxTx5vN04xwBpk+PGp5MxZ6Ebq+aGE2QIhZ3ZcVJe36jgaUwgaIwDAYDVR0TAQH/BAIwADCBkQYDVR0RBIGJMIGGpIGDMIGAMRswGQYDVQQEDBIxLVBPU3wyLUExfDMtOTg3NjUxHzAdBgoJkiaJk/IsZAEBDA8zMTI0NDM2OTc0MDAwMDMxDTALBgNVBAwMBDExMDAxHDAaBgNVBBoMEzEyMzQgTWFpbiBTdCBSaXlhZGgxEzARBgNVBA8MClRlY2hub2xvZ3kwCgYIKoZIzj0EAwIDSAAwRQIga31o+7oAC4/0vDrZhum/HSc/YigFEiy11syrDbaMRgMCIQDGMEBQjljEVQEJ72JH8TCdOqYFtwhW2xIRgkWWd2qg1g==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="signature">
<xades:SignedProperties Id="xadesSignedProperties">
<xades:SignedSignatureProperties>
<xades:SigningTime>2025-03-02T01:55:18</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>NTQ2M2Q1OTNmN2RhYmM3YzRmOTk5ZDFhY2Q3YzMyNDc3YTE5NTcwMTkwYTgyYmYxNzlmMTU0OTI3NTExMTlkZQ==</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>CN=eInvoicing</ds:X509IssuerName>
<ds:X509SerialNumber>1740869661614</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</sac:SignatureInformation>
</sig:UBLDocumentSignatures>
</ext:ExtensionContent>
</ext:UBLExtension>
</ext:UBLExtensions>
<cbc:ProfileID>reporting:1.0</cbc:ProfileID>
<cbc:ID>SME00023</cbc:ID>
<cbc:UUID>3cf5ee18-ee25-44ea-a444-2c37ba7f28be</cbc:UUID>
<cbc:IssueDate>2024-09-07</cbc:IssueDate>
<cbc:IssueTime>17:41:08Z</cbc:IssueTime>
<cbc:InvoiceTypeCode name="0200000">388</cbc:InvoiceTypeCode>
<cbc:Note languageID="ar">ABC</cbc:Note>
<cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>
<cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>
<cac:AdditionalDocumentReference>
<cbc:ID>ICV</cbc:ID>
<cbc:UUID>10</cbc:UUID>
</cac:AdditionalDocumentReference>
<cac:AdditionalDocumentReference>
<cbc:ID>PIH</cbc:ID>
<cac:Attachment>
<cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain" filename="base64">NWZlY2ViNjZmZmM4NmYzOGQ5NTI3ODZjNmQ2OTZjNzljMmRiYzIzOWRkNGU5MWI0NjcyOWQ3M2EyN2ZiNTdlOQ==</cbc:EmbeddedDocumentBinaryObject>
</cac:Attachment>
</cac:AdditionalDocumentReference>
<cac:AdditionalDocumentReference>
<cbc:ID>QR</cbc:ID>
<cac:Attachment>
<cbc:EmbeddedDocumentBinaryObject mimeCode="text/plain">ARlNYXhpbXVtIFNwZWVkIFRlY2ggU3VwcGx5Ag8zMTI0NDM2OTc0MDAwMDMDFDIwMjQtMDktMDdUMTc6NDE6MDhaBAQ0LjYwBQQwLjYwBix6Y2phSkMzdlp4ajRjZHNiaFlKSmVONjRjaGxqaVVqT0VLM2Vxc2FxVHNvPQdgTUVRQ0lFQzdMMDN5dStlV1BvdlhReEVtRW03WUZZSG4zV2N2ejJrb2FFdUx3L3prQWlCRFFQQWZLUE9aYUlFYUdqK3E1Q3pPbDFnZkJYQ0ZOSk9ldjNESURRcXhQQT09CFgwVjAQBgcqhkjOPQIBBgUrgQQACgNCAATRB7D3PT30YqV5Na84SSGO28BfwCqBE97Ff1btuI29RFsU8ebzdOMcAaZPjxqeTMWehG6vmhhNkCIWd2XFSXt+CUcwRQIga31o+7oAC4/0vDrZhum/HSc/YigFEiy11syrDbaMRgMCIQDGMEBQjljEVQEJ72JH8TCdOqYFtwhW2xIRgkWWd2qg1g==</cbc:EmbeddedDocumentBinaryObject>
</cac:Attachment>
</cac:AdditionalDocumentReference>
<cac:Signature>
<cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>
<cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
</cac:Signature>
this value . step 5 in signing the invoice .
Step 5: Generate Signed Properties Hash
1.
Get the properties tag only using the XPath (don’t remove from XML file).
2. Linearize the XML block (properties tag) and remove the spaces
3. Hash the property tag using SHA-256 (output). e.g.:99282555b5d79209be5883cc23eb234cd01b
d33ea7d54d88f491248d33e321f1
4. Encode the hashed property tag using HEX-to Base64 Encoder (output). E.g.:mSglVbXXkgm+WIP
MI+sjTNAb0z6n1U2I9JEkjTPjIfE
We are also facing the same issue. We followed the same instructions based on SigningProcessUpdated.pdf.Is there a way to check whether the hash-signed property is in the correct format or not?
@mubarkoot can you share your 2nd step ( 2. Linearize the XML block (properties tag) and remove the spaces ) . you actually dont have to linearize and remove all spaces . try to get the properties as a string without removing tabs and spaces and hash it .
<xades:SignedProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="xadesSignedProperties">
<xades:SignedSignatureProperties>
<xades:SigningTime>2025-03-02T16:03:30</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MGRkMjZmZjUzODAwNzExZTBmM2VhNTI5ZGM4MGVmMDMxMjUyZTBlN2MxYzU2NzI1M2QwMDU2NTQ3MDhhODdlZg==</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=eInvoicing</ds:X509IssuerName>
<ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1740918445373</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
is this the same hash you got ?
YzcwNzllYjczNGJlMWIwMDMwYjMyNmQzNDgwOTQ3MDE1ZGFkYjM1YjI2OWEwOTI2MGM2YjEwNTMyNjlhNmQyNw==
No @bahaeddine
<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#xadesSignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>nW6YhvpQrq78e+w1QZ84CqbqiEhfAfiTthskhQutOro=</ds:DigestValue>
</ds:Reference>
please have a look at this
<ext:ExtensionContent>
<sig:UBLDocumentSignatures xmlns:sig="urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2" xmlns:sac="urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2" xmlns:sbc="urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2">
<sac:SignatureInformation>
<cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>
<sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
<ds:Reference Id="invoiceSignedData" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::ext:UBLExtensions)</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::cac:Signature)</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>MEYCIQCaOayI6r8EjXisxiznZ+OwV7kk5u59S8Dn9/Ah9lhgrAIhAMk4UliogoM9FNxOjO9xnDOYDPbYBK4D8vx+ZOTdd+yy</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#xadesSignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>OThlMDVkMTEyNmFhMjFiOTI2MDk1OGM4YThhYjhkNTEwMWUyODgwNTQ2OWI0OTI3YTBlM2ZmYzg3ODZjZjUzYQ==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MEUCIQDOefxh8xjTKFAHlnHlQyef3sL1sdzkeGEFgeHr7VsrWwIgU8uE4Ij/YZ39dvGPa2VAlNk31MoADZuPX8vbmfCSaK4=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIB6TCCAY+gAwIBAgIGAZVT6vOuMAoGCCqGSM49BAMCMBUxEzARBgNVBAMMCmVJbnZvaWNpbmcwHhcNMjUwMzAxMjI1NDE2WhcNMzAwMzAxMjEwMDAwWjA9MQowCAYDVQQDDAEgMQowCAYDVQQKDAEgMRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQswCQYDVQQGEwJTQTBWMBAGByqGSM49AgEGBSuBBAAKA0IABNEHsPc9PfRipXk1rzhJIY7bwF/AKoET3sV/Vu24jb1EWxTx5vN04xwBpk+PGp5MxZ6Ebq+aGE2QIhZ3ZcVJe36jgaUwgaIwDAYDVR0TAQH/BAIwADCBkQYDVR0RBIGJMIGGpIGDMIGAMRswGQYDVQQEDBIxLVBPU3wyLUExfDMtOTg3NjUxHzAdBgoJkiaJk/IsZAEBDA8zMTI0NDM2OTc0MDAwMDMxDTALBgNVBAwMBDExMDAxHDAaBgNVBBoMEzEyMzQgTWFpbiBTdCBSaXlhZGgxEzARBgNVBA8MClRlY2hub2xvZ3kwCgYIKoZIzj0EAwIDSAAwRQIga31o+7oAC4/0vDrZhum/HSc/YigFEiy11syrDbaMRgMCIQDGMEBQjljEVQEJ72JH8TCdOqYFtwhW2xIRgkWWd2qg1g==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="signature">
<xades:SignedProperties Id="xadesSignedProperties">
<xades:SignedSignatureProperties>
<xades:SigningTime>2025-03-02T13:59:55</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>NTQ2M2Q1OTNmN2RhYmM3YzRmOTk5ZDFhY2Q3YzMyNDc3YTE5NTcwMTkwYTgyYmYxNzlmMTU0OTI3NTExMTlkZQ==</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>CN=eInvoicing</ds:X509IssuerName>
<ds:X509SerialNumber>1740869661614</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>
</sac:SignatureInformation>
</sig:UBLDocumentSignatures>
</ext:ExtensionContent>
@khalid after testing your data , the signed properties hash should be : “ZjQwODk0Y2JhZmNmMjk0OTA0NjNhM2NlMDMzN2E2NzQ2Zjg5YTlhOGUwZmI2NGYxZmQ5NmIwMjllNGM3ZWM5OQ==”
but of course if your certificate hash , issuer name and serial number are correct .