Python XML Signature and XAdES library
SignXML is an implementation of the W3C XML Signature standard in Python. This standard (also known as "XMLDSig") is used to provide payload security in SAML 2.0, XAdES, EBICS, and WS-Security, among other uses. The standard is defined in the W3C Recommendation XML Signature Syntax and Processing Version 1.1. SignXML implements all of the required components of the Version 1.1 standard, and most recommended ones. Its features are: - Use of a libxml2-based XML parser configured to defend against common XML attacks when verifying signatures - Extensions to allow signing with and verifying X.509 certificate chains, including hostname/CN validation - Extensions to sign and verify XAdES signatures - Support for exclusive XML canonicalization with inclusive prefixes (InclusiveNamespaces PrefixList, required to verify signatures generated by some SAML implementations) - Modern Python compatibility (3.9-3.13+ and PyPy) - Well-supported, portable, reliable dependencies: lxml and cryptography - Comprehensive testing (including the XMLDSig interoperability suite) and continuous integration - Simple interface with useful, ergonomic, and secure defaults (no network calls, XSLT or XPath transforms) - Compactness, readability, and extensibility
pkg install py311-signxml