SignXML is an implementation of the W3C XML Signature standard in Python. This
standard (also known as "XMLDSig") is used to provide payload security in SAML
2.0, XAdES, EBICS, and WS-Security, among other uses. The standard is defined in
the W3C Recommendation XML Signature Syntax and Processing Version 1.1. SignXML
implements all of the required components of the Version 1.1 standard, and most
recommended ones. Its features are:
- Use of a libxml2-based XML parser configured to defend against common XML
  attacks when verifying signatures
- Extensions to allow signing with and verifying X.509 certificate chains,
  including hostname/CN validation
- Extensions to sign and verify XAdES signatures
- Support for exclusive XML canonicalization with inclusive prefixes
  (InclusiveNamespaces PrefixList, required to verify signatures generated by
  some SAML implementations)
- Modern Python compatibility (3.9-3.13+ and PyPy)
- Well-supported, portable, reliable dependencies: lxml and cryptography
- Comprehensive testing (including the XMLDSig interoperability suite) and
  continuous integration
- Simple interface with useful, ergonomic, and secure defaults (no network
  calls, XSLT or XPath transforms)
- Compactness, readability, and extensibility