Invoice Signing

Signing helpers and signature metadata.

Signer

Create from PEM

Create a signer from PEM-encoded certificate and private key strings.

RustPythonC (FFI)

InvoiceSigner::from_pem(cert_pem: &str, key_pem: &str) -> Result<InvoiceSigner, SigningError>

Signer.from_pem(cert_pem: str, key_pem: str) -> Signer
Signer.certificate_pem() -> str
Signer.certificate_der() -> bytes

FfiResult_FfiSigner fatoora_signer_from_pem(const char* cert_pem, const char* key_pem);
FfiResult_FfiString fatoora_signer_certificate_pem(FfiSigner* signer);
FfiResult_FfiBytes fatoora_signer_certificate_der(FfiSigner* signer);

Args

• cert_pem: certificate in PEM format.
• key_pem: private key in PEM format.

Returns

• Signer: ready to sign invoices.

Errors

• SigningError: invalid PEM, key/cert mismatch, or parsing failures.

Create from DER

Create a signer from DER-encoded certificate and private key bytes.

RustPythonC (FFI)

InvoiceSigner::from_der(cert_der: &[u8], key_der: &[u8]) -> Result<InvoiceSigner, SigningError>

Signer.from_der(cert_der: bytes, key_der: bytes) -> Signer
Signer.certificate_pem() -> str
Signer.certificate_der() -> bytes

FfiResult_FfiSigner fatoora_signer_from_der(const uint8_t* cert_der, uintptr_t cert_len, const uint8_t* key_der, uintptr_t key_len);
FfiResult_FfiString fatoora_signer_certificate_pem(FfiSigner* signer);
FfiResult_FfiBytes fatoora_signer_certificate_der(FfiSigner* signer);

Args

• cert_der: certificate bytes in DER format.
• key_der: private key bytes in DER format.

Returns

• Signer: ready to sign invoices.

Errors

• SigningError: invalid DER, key/cert mismatch, or parsing failures.

Finalized Invoice

Sign

Signs the finalized invoice XML and returns a signed invoice.

RustPythonC (FFI)

FinalizedInvoice::sign(self, signer: &InvoiceSigner) -> Result<SignedInvoice, SigningError>

FinalizedInvoice.sign(signer: Signer) -> SignedInvoice

FfiResult_FfiSignedInvoice fatoora_invoice_sign(FfiFinalizedInvoice* invoice, FfiSigner* signer);

Args

• signer: signer created from PEM/DER certificate + private key.

Returns

• SignedInvoice: signed XML plus metadata.

Errors

• SigningError: XML parsing, canonicalization, or crypto failures.

Signed Invoice

XML

Return the signed invoice XML string.

RustPythonC (FFI)

SignedInvoice::xml(&self) -> &str

SignedInvoice.xml() -> str

FfiResult_FfiString fatoora_signed_invoice_xml(FfiSignedInvoice* signed);

Returns

• string: signed invoice XML.

XML (Base64)

Return the signed invoice XML as Base64.

RustPythonC (FFI)

SignedInvoice::to_xml_base64(&self) -> String

SignedInvoice.xml_base64() -> str

FfiResult_FfiString fatoora_signed_invoice_xml_base64(FfiSignedInvoice* signed);

Returns

• string: Base64-encoded signed XML.

QR Code

Return the embedded QR payload.

RustPythonC (FFI)

SignedInvoice::qr_code(&self) -> &str

SignedInvoice.qr() -> str

FfiResult_FfiString fatoora_signed_invoice_qr(FfiSignedInvoice* signed);

Returns

• string: QR payload.

Invoice Hash

Return the invoice hash string (canonicalized XML).

RustPythonC (FFI)

SignedInvoice::invoice_hash(&self) -> &str

SignedInvoice.invoice_hash() -> str

FfiResult_FfiString fatoora_signed_invoice_hash(FfiSignedInvoice* signed);

Returns

• string: invoice hash.

Invoice Hash (Base64)

Return the invoice hash as Base64.

RustPythonC (FFI)

SignedInvoice::hash_base64(&self) -> Result<String, SigningError>

SignedInvoice.hash_base64() -> str

FfiResult_FfiString fatoora_signed_invoice_hash_base64(FfiSignedInvoice* signed);

Returns

• string: Base64-encoded invoice hash.

Errors

• SigningError: canonicalization or encoding failures.

Signature

Return the signature value.

RustPythonC (FFI)

SignedInvoice::signature(&self) -> &str

SignedInvoice.signature() -> str

FfiResult_FfiString fatoora_signed_invoice_signature(FfiSignedInvoice* signed);

Returns

• string: signature value.

Public Key

Return the public key from the signing certificate.

RustPythonC (FFI)

SignedInvoice::public_key(&self) -> &str

SignedInvoice.public_key() -> str

FfiResult_FfiString fatoora_signed_invoice_public_key(FfiSignedInvoice* signed);

Returns

• string: public key.

ZATCA Key Signature

Return the optional ZATCA key signature.

RustPythonC (FFI)

SignedInvoice::zatca_key_signature(&self) -> Option<&str>

SignedInvoice.zatca_key_signature() -> Optional[str]

FfiResult_FfiString fatoora_signed_invoice_zatca_key_signature(FfiSignedInvoice* signed);

Returns

• string | null: ZATCA key signature if present.

Signed Properties Hash

Return the signed properties hash.

RustPythonC (FFI)

SignedProperties::signed_props_hash(&self) -> &str

SignedInvoice.signed_props_hash() -> str

FfiResult_FfiString fatoora_signed_invoice_signed_props_hash(FfiSignedInvoice* signed);

Returns

• string: signed properties hash.

Certificate Hash

Return the certificate hash.

PythonC (FFI)

SignedInvoice.cert_hash() -> str

FfiResult_FfiString fatoora_signed_invoice_cert_hash(FfiSignedInvoice* signed);

Returns

• string: certificate hash.

Signing Time

Return the signing timestamp in UTC.

PythonC (FFI)

SignedInvoice.signing_time() -> str

FfiResult_FfiString fatoora_signed_invoice_signing_time(FfiSignedInvoice* signed);

Returns

• string: UTC timestamp in YYYY-MM-DDTHH:MM:SS format.

Helpers

Hash from XML (Base64)

Compute the invoice hash from an XML string and return it as Base64.

Rust

invoice_hash_base64_from_xml_str(xml: &str) -> Result<String, SigningError>

Args

• xml: invoice XML string.

Returns

• string: Base64-encoded invoice hash.

Errors

• SigningError: XML parsing or canonicalization failures.

Errors

• SigningError covers XML parsing, canonicalization, and certificate/key errors.

Notes

• SignedProperties::signing_time is in YYYY-MM-DDTHH:MM:SS format (UTC).
• Invoice hashes are computed from canonicalized XML, excluding signature fields.

See also: Invoice Signing Guide