1 files changed, 21 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b4df0a7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# fauxsign
+
+Python script to replace [SETCCE proXSign®](https://proxsign.setcce.si/proXSignCustomerPages/). Currently only supports XML documents with SHA256 signatures, required to submit requests on certain gov.si sites.
+
+## Setup
+
+Websites that want to sign XML or PDF documents submit requests to the proXSign® component acting as a local HTTPS server listening on port 14972. To replicate this behavior, a self-signed TLS certificate is required. One can be generated with
+
+    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
+        -subj "/CN=fauxsign" -keyout fauxsign.key -out fauxsign.crt
+
+## Usage
+
+Assuming your personal certificate and key are stored in `user.crt` and `user.key` respectively, start the server with
+
+    ./fauxsign --app-key fauxsign.key --app-cert fauxsign.crt \
+        --user-key user.key --user-cert user.crt
+
+Before signing, add a browser exception for the app certificate generated above by navigating to [https://localhost:14972/version](https://localhost:14972/version). This only needs to be done once.
+
+Visit the [XML signing test page](https://proxsign.setcce.si/proXSignCustomerPages/testXML.html) to verify the script works correctly. The script will prompt for each signature request; answer `y` or `yes` to confirm.