# Digital signature

PHP FacturaE supports digital signature with XAdES-EPES compliant with FacturaE signature policy v3.1.

PKCS#12 certificates (.pfx / .p12)

use PhpFacturae\Signer;

$signer = Signer::pfx('certificate.pfx', 'mySecurePassword');
$invoice->sign($signer);

PEM certificates

$signer = Signer::pem(
    certPath: 'certificate.pem',
    keyPath: 'private-key.pem',
    passphrase: 'keyPassword'
);

Time-stamping (TSA)

$signer = Signer::pfx('certificate.pfx', 'password')
    ->timestamp('https://freetsa.org/tsr');

With authentication:

->timestamp(
    url: 'https://tsa.example.com/tsr',
    user: 'myUser',
    password: 'myPassword'
)

Cryptographic details

Canonicalization: C14N (Canonical XML 1.0)
Digest algorithm: SHA-256
Signature algorithm: RSA-SHA256
Transformation: Enveloped signature

Certificate conversion

# PEM to PKCS#12
openssl pkcs12 -export -in certificate.pem -inkey private-key.pem -out certificate.pfx

# PKCS#12 to PEM
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

# Remove passphrase from PEM key
openssl rsa -in encrypted-key.pem -out decrypted-key.pem

Verify signatures

xmlsec1 --verify signed-invoice.xml