{"id":24852,"library":"xmlsig","title":"xmlsig","description":"Python based XML signature library for creating and verifying XML Digital Signatures (XMLDSIG). Version 1.0.1 is the latest stable release. Development appears sporadic; last release was several years ago.","status":"maintenance","version":"1.0.1","language":"python","source_language":"en","source_url":"https://github.com/etobella/python-xmlsig","tags":["xml","signature","xmldsig","security","cryptography"],"install":[{"cmd":"pip install xmlsig","lang":"bash","label":"Default"}],"dependencies":[{"reason":"xmlsig is a wrapper around signxml for XML signature operations","package":"signxml","optional":true},{"reason":"Used for XML parsing and manipulation","package":"lxml","optional":true}],"imports":[{"note":null,"wrong":null,"symbol":"XMLSig","correct":"from xmlsig import XMLSig"},{"note":null,"wrong":null,"symbol":"constants","correct":"from xmlsig import constants"}],"quickstart":{"code":"from xmlsig import XMLSig, constants\nfrom lxml import etree\n\n# Load XML to sign\ndoc = etree.fromstring(b'<root><data>secret</data></root>')\n\n# Create XMLSig instance (using a dummy key for demo)\nsig = XMLSig(doc, sign_key_path='/path/to/private.pem', cert_path='/path/to/cert.pem')\nsig.sign()\n\n# Verify signature\nsig2 = XMLSig(doc)\nverified = sig2.verify()\nprint('Signature verified:', verified)","lang":"python","description":"Basic signing and verification of an XML document."},"warnings":[{"fix":"Consider migrating to 'signxml' (pip install signxml) for active support and up-to-date XMLDSIG standards.","message":"The library uses the deprecated 'xmlsig' namespace; newer alternatives like signxml are more actively maintained.","severity":"deprecated","affected_versions":"1.0.x"},{"fix":"Ensure private key and certificate files exist and are in PEM format. Test file paths before calling sign().","message":"XMLSig expects paths to PEM files; passing incorrect file paths or malformed keys raises exceptions without clear messages.","severity":"gotcha","affected_versions":"all"},{"fix":"Pin lxml to version 3.x or use signxml which supports newer lxml.","message":"Incompatibility with newer lxml versions (like lxml 4.x+) may cause AttributeError on certain element operations.","severity":"breaking","affected_versions":"1.0.1"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run 'pip install xmlsig' and ensure the correct Python environment is active.","cause":"xmlsig not installed or virtual environment not activated.","error":"ModuleNotFoundError: No module named 'xmlsig'"},{"fix":"Ensure the XML document is parsed correctly with lxml.etree and not empty.","cause":"The document passed to XMLSig is None or malformed XML.","error":"AttributeError: 'NoneType' object has no attribute 'text'"},{"fix":"Check that the public key used for verification matches the private key that signed. Ensure document hasn't been modified after signing.","cause":"The signature verification fails due to mismatched keys or altered document content.","error":"xmlsig.exceptions.SignatureError: Invalid signature"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}