Troubleshooting RSA XML Signature in Elixir

I am trying to sign a XML document in a way that gets the same signature as the one produced in the Python code bellow, which I’ve verified is accepted by the web service I need to interface with.

The Elixir code I’m using produces an XML that’s identical to the output from the Python code, with the exception of the signature value.

The standards employed are
- XML enveloped signature
- RSA signature algorithm
- sha256 digest algorithm (with c14n canonicalization)

Isolating just the signature generation, where the issue seems to be, I’ve tried these two alternatives:

def get_signature(xml_string, :erlang) do
    {:ok, pem_contents} ="privatekey_pkcs8.pem")
    [pem_entry] = :public_key.pem_decode(pem_contents)
    {:RSAPrivateKey, :"two-prime", n, e, d, p, q, dp, dq, qinv, _asn1} =
    private_key = [e, n, d, p, q, dp, dq, qinv]

    :crypto.sign(:rsa, :sha256, xml_string, private_key)
    |> Base.encode64()    

def get_signature(xml_string, :ex_public_key) do
    {:ok, private_key} = ExPublicKey.load("rsa_privatekey.pem")
    ExPublicKey.sign(xml_string, private_key)
    ~>> Base.encode64()

The .pem files were generated with:

openssl pkcs12 -in cert_file.p12 -nocerts -out privatekey.pem -nodes
openssl pkcs8 -topk8 -inform PEM -outform PEM -in privatekey.pem -out privatekey_pkcs8.pem -nocrypt
openssl rsa -in privatekey.pem -out rsa_privatekey.pem

Here is the python code that produces an enveloped xml:

def sign(xml_file, cert_file_p12, password):
    xml = load_fromfile(xml_file)
    cert_data = pkcs12_data(cert_file_p12, password)

    signer = signxml.XMLSigner(
    xml_root = None
    if not isinstance(xml, etree._ElementTree):
        xml = load_fromfile(xml)
    xml_root = xml.getroot()
    signed_root = signer.sign(xml_root, key=cert_data['key_str'], cert=cert_data['cert_str'])
    return etree.ElementTree(signed_root)

def pkcs12_data(cert_file_p12, password):
    password = password.encode('utf-8')
    with open(cert_file_p12, 'rb') as fp:
        content_pkcs12 = pkcs12.load_pkcs12(, password)
    pkey = content_pkcs12.key
    cert_X509 = content_pkcs12.cert.certificate
    key_str = pkey.private_bytes(
    cert_str = cert_X509.public_bytes(encoding=serialization.Encoding.PEM)
    return {
        'key_str': key_str,
        'cert_str': cert_str

Things I’ve already tryied and tested

  • Generated a separate digest and passed it to :crypto.sign as {:digest, digest_value}, but the results remained unchanged.
  • I compared the digest with the one generated by the Python code, and they are identical. This confirms that the signed document and the results of the canonicalization process are consistent.
  • Verified the padding scheme used by signxml: it’s PKCS#1 v1.5. This is also the default for :crypto.sign. Additionally, I explicitly set it using the option [{:rsa_padding, :rsa_pkcs1_padding}].
  • Updated both Elixir and Erlang to their latest versions (Elixir 1.15.4-otp-26).
  • Checked the Python key_str, and it matches the value in privatekey_pkcs8.pem.

I’m unsure of what other approaches to take, aside from resorting to calling signxml from the shell, which I’d prefer not to do. Any insights or suggestions would be highly appreciated.