XML Signature Id attribute

In Chilkat v9.5.0.90, the Id attribute is automatically generated and added to the “Signature” tag when an XML digital signature is created.  This results in a Signature that begins like this:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature-1502-9002-7096-7873">

Why did Chilkat do this?  It is because if you or somebody else wishes to subsequently add an Encapsulated Timestamp to the signature, then the Id attribute needs to already be present.  If the Id is not present, then it is not possible to add certain additional features.

See https://www.example-code.com/csharp/xmldsig_add_encapsulatedTimeStamp.asp

Of course, this seemingly harmless addition (i.e. adding the “Id” attribute to the Signature tag), should NOT cause failures in signature validation — except it does for the validators of various governmental servers in various countries, such as in Brazil with Estatísticas da NF-e – Portal da Nota Fiscal Eletrônica (homologacao.nfce.sefa.pr.gov.br) and Chile with Chile Servicio de Impuestos Internos (sii.cl)

Starting in Chilkat v9.5.0.91, the Id attribute will no longer get added automatically.  Your application will need to explicitly set the SigId property.  See https://www.chilkatsoft.com/refdoc/csXmlDSigGenRef.html#prop15

Many servers, specifically government servers, are exceedingly fragile and picky and fail to validate XML signatures that are perfectly valid.  The trick is to know the exact combination of what is accepted and what is not — i.e. what subset of the XML Digital Signature standard is accepted, and what subset of the internals of a PKCS7/CMS signed message is accepted, and in addition, what particular options must be chosen (among N valid choices).

This problem exists for virtually every country with XML Digital Signature requirements for invoice and tax reporting: Spain, Italy, Poland, Brazil, Chile, and on and on and on.. I could list 25 more countries.

Tags :