I am signing my XML document using Python's signxml library. Here's my code:
signer = XMLSigner(
method=methods.enveloped,
signature_algorithm="rsa-sha256",
c14n_algorithm="http://www.w3.org/2006/12/xml-c14n11",
digest_algorithm="sha256",
)
signed_root = signer.sign(
document_to_sign, key=private_key, cert=public_key, key_info=key_info
)
Now, since I have to pass few additional details to the signature post signing, I have to generate a digest value of the canonicalized XML element. I am facing an issue in doing that. I am using lxml to perform that operation and it does not support c14n11. Here's my code for that:
def generate_custom_digest_value(signature_element, element, namespace):
element_to_digest = signature_element.xpath(element, namespaces=namespace)[0]
# Serialize the element to canonical XML
canonicalized_element = etree.tostring(
element_to_digest, method="c14n11", exclusive=False
) # this does not work and throws an error because there's no method "c14n11"
# Calculate the SHA-256 digest
digest_value = hashlib.sha256(canonicalized_element).digest()
# Convert digest value to base64 for inclusion in XML
digest_value_base64 = base64.b64encode(digest_value).decode("utf-8")
return digest_value_base64
My question is that how can I implement the c14n11 using lxml or any other library because I have tried using xmlsec and it also does not support c14n11. Any help would be appreciated.