xmlsig

1.0.1 verified Fri May 01 auth: no python maintenance

Python based XML signature library for creating and verifying XML Digital Signatures (XMLDSIG). Version 1.0.1 is the latest stable release. Development appears sporadic; last release was several years ago.

pip install xmlsig

Common errors

error ModuleNotFoundError: No module named 'xmlsig' ↓

cause xmlsig not installed or virtual environment not activated.

fix

Run 'pip install xmlsig' and ensure the correct Python environment is active.

error AttributeError: 'NoneType' object has no attribute 'text' ↓

cause The document passed to XMLSig is None or malformed XML.

fix

Ensure the XML document is parsed correctly with lxml.etree and not empty.

error xmlsig.exceptions.SignatureError: Invalid signature ↓

cause The signature verification fails due to mismatched keys or altered document content.

fix

Check that the public key used for verification matches the private key that signed. Ensure document hasn't been modified after signing.

Warnings

deprecated The library uses the deprecated 'xmlsig' namespace; newer alternatives like signxml are more actively maintained. ↓

fix Consider migrating to 'signxml' (pip install signxml) for active support and up-to-date XMLDSIG standards.

gotcha XMLSig expects paths to PEM files; passing incorrect file paths or malformed keys raises exceptions without clear messages. ↓

fix Ensure private key and certificate files exist and are in PEM format. Test file paths before calling sign().

breaking Incompatibility with newer lxml versions (like lxml 4.x+) may cause AttributeError on certain element operations. ↓

fix Pin lxml to version 3.x or use signxml which supports newer lxml.

Imports

XMLSig
```
from xmlsig import XMLSig
```
constants
```
from xmlsig import constants
```

Quickstart

Basic signing and verification of an XML document.

from xmlsig import XMLSig, constants
from lxml import etree

# Load XML to sign
doc = etree.fromstring(b'<root><data>secret</data></root>')

# Create XMLSig instance (using a dummy key for demo)
sig = XMLSig(doc, sign_key_path='/path/to/private.pem', cert_path='/path/to/cert.pem')
sig.sign()

# Verify signature
sig2 = XMLSig(doc)
verified = sig2.verify()
print('Signature verified:', verified)