Skip to content

XAdES Helpers

Use XAdES helpers when you authenticate with certificate material or need to sign the authentication token request locally. Higher-level authentication methods call these helpers for the common paths.

import os
from ksef2.core.xades import load_certificate_from_pem, load_private_key_from_pem
password = os.environ.get("KSEF2_KEY_PASSWORD")
cert = load_certificate_from_pem("company.pem")
private_key = load_private_key_from_pem(
"company.key",
password=password.encode() if password else None,
)
auth = client.authentication.with_xades(
nip="5261040828",
cert=cert,
private_key=private_key,
)
from ksef2.core.xades import generate_test_certificate
cert, private_key = generate_test_certificate(nip="5261040828")

For personal TEST identities, use generate_personal_test_certificate().

from ksef2.core.xades import build_auth_token_request_xml, sign_xades
xml = build_auth_token_request_xml(
challenge="challenge-from-ksef",
nip="5261040828",
)
signed_xml = sign_xades(xml, cert, private_key)
  1. Load certificate material from PEM or PKCS#12.

  2. Keep private-key passwords in environment variables.

  3. Authenticate through with_xades() when possible.

  4. Use direct signing helpers only for low-level integration work.