xmldsig

[sibelius]

Any plans to add xmldsig to sign messages?

Reference implementation https://github.com/Mastercard/xmlsignverify-core-java

[svapnil]

Hey @sibelius ,

Thanks for asking. If it's a natural part of the ISO20022 specification then in should be supported.

PIX, for example, would be a usecase where signing will be necessary.

As to how it will be provided - that is something that is worth a design discussion. Current implementation may look like this:

const pix = party.createPIXCreditPaymentInitiation(...)

pix.sign({keyInformation})

pix.serialize()

Would love to chat and work to build support here - lmk what you think

[sibelius]

xml-crypto looks like the most complete solution in typescript

but it still lacks support to sign KeyInfo

node-saml/xml-crypto#464

[svapnil]

I'd love to chat and figure out how to correctly implement this together. My intuition is that we can do this by hand (Generate KeyInfo and add it to the XML) given we have the right information.

[svapnil]

Followed up with @sibelius offline about this.

TLDR: some banks require these ISO20022 messages to be signed. PIX is one standard that's very commonly signed.

@sibelius is currently moving PIX payments using the PACS standard - we do not support sending PACS directly yet, since the most standard implementation of ISO20022 is to use the PAIN (payment initiation) standard.

We should key signing for the first user that needs it in the package, where we will then work with the specification they have on hand - till then we can close this issue out and keep this as future work to do.