Day 6: Digitally Sign UBL XML Using XMLSecLibs #xmlsignature #irbsigning

SEO Title: Day 6: Digitally Sign UBL XML Using XMLSecLibs #xmlsignature #irbsigning
Focus Keyphrase: IRB e-invoice integration
Meta Description: Learn how to digitally sign your UBL XML for IRB e-invoice integration using XMLSecLibs in Laravel. Ensure your XML includes the required ds:Signature block.

Signing the UBL XML for IRB Submission

IRBM requires all submitted XML invoices to be digitally signed using an enveloped XML signature in the ds:Signature block. We’ll use the popular PHP library RobRichards/XMLSecLibs.

Step 1: Install XMLSecLibs


composer require robrichards/xmlseclibs

Step 2: Update IRBXmlSignatureService.php


use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;

public function sign(string $unsignedXml): string
{
    $doc = new \DOMDocument();
    $doc->loadXML($unsignedXml);

    $objDSig = new XMLSecurityDSig();
    $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $objDSig->addReference(
        $doc,
        XMLSecurityDSig::SHA256,
        ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'],
        ['uri' => '']
    );

    $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type'=>'private']);
    $objKey->loadKey($this->pkeyPem, false, true, $this->pkeyPassphrase);

    $objDSig->sign($objKey);
    $objDSig->add509Cert($this->certPem, true, false);
    $objDSig->appendSignature($doc->documentElement);

    return $doc->saveXML();
}

Step 3: Test Signing Output

In your controller or test route:


$xml = app(IRBInvoiceXmlGenerator::class)->generate($invoiceData);
$signedXml = app(IRBXmlSignatureService::class)->sign($xml);

return response($signedXml)->header('Content-Type', 'application/xml');

What to Check in Output

  • Look for a full ds:Signature block inside your <Invoice>
  • Make sure it includes ds:SignedInfo, ds:SignatureValue, and ds:X509Certificate

Common Issues

  • ❌ Incorrect line endings or formatting in PEM files — normalize your certs
  • ❌ Signature not appended inside Invoice — use appendSignature($doc->documentElement)

Resources

Coming Up in Day 7

We’ll add the UBLExtensions wrapper around your signature block, as IRBM requires the signature to be wrapped inside that tag.

See also  Fixing IRBM’s DS333 Error: Signature Digest Mismatch in UBL Invoice #ds333 #irbsigning

Tags: #XMLSignature #UBL #IRBIntegration #DigitalSigning #Laravel

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.