IDES Interactive Knowledge Base

Step 1 and 1a Prepare, Validate and Sign the FATCA XML File

Last Updated: Jul 26, 2016 02:11PM CDT
Step 1 - Prepare and Validate the FATCA XML File

Step 1 explains how to create a sender payload file. Each FATCA XML file contains information about the accounts required to be reported under FATCA. Ensure that all XML elements have prefixes. Do not use default namespaces. For information on the FATCA XML and related Form 8966 (FATCA Report), see
FATCA XML Schemas and Business Rules for Form 8966.

Step 1a - Sign the XML File

Digital signatures are used to assure data integrity, which means that the messages are not altered in transmission. The receiver can verify that the received message is identical to the sent message. A sender uses its private key to digitally sign the message. Senders and recipients of FATCA files will ensure that the file was not corrupted during compression, encryption, and decryption or altered during transmission to or from IDES.
 
Sign XML File:
Process Description File Naming Convention
Sign XML File
  • Prepare the FATCA reporting data using XML element prefixes. Do not use the default namespaces.
  • To generate the digital signature[1], the XML file is processed by a “one-way hashing” algorithm to generate a fixed length message digest.
  • Depending on the tool used to perform the digital signature, a different type of canonicalization method may be required. The following methods are acceptable:
    • <Canonicalization Method Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    • <Canonicalization Method Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
  • IRS requires that the payload file be signed by first creating a SHA2-256[2] hash. The Sender will then create an RSA digital signature using the 2048-bit private key that corresponds to the public key found in the Sender’s digital certificate on IDES.
  • After validating the schema, digitally sign the FATCA XML file using W3C Recommendation XML Signature Syntax and Processing (Second Edition)[3]enveloping” signature. 
  • Use the digital signature “enveloping” type. The “enveloped and detached” types will cause the transmission to fail.
  • The file name is “FATCAEntitySenderId_Payload.xml”. The file is case sensitive and any variation in file name or format will cause the transmission to fail.
FATCAEntitySenderId_Payload.xml
Table 2 – Process to digitally sign a file.
 
[1] Digital Signature Standard (DSS) (FIPS 186-4), July 2013, nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
[2] Secure Hash Standard (SHS) (FIPS 180-4), March 2012, csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
[3] XML Signature Syntax and Processing (Second Edition), June 2008, http://www.w3.org/TR/xmldsig-core/ 

Resources:

1 - History of Digital Signatures
2 - Overview of Digital Signatures and the Law
3 - Best Practice for e-Business Transactions and use
4 - FATCA IDES Technical FAQ
5 - FATCA XML Schema and Business Rules for Form 8966
6 - FATCA FAQ General


Examples:

Oracle Java Documentation “XML Digital Signature API
‚Äč
Specific java classes and interfaces are described in javax.xml.crypto.

 
  1. javax.xml.crypto has common classes for generating an XML signature or encrypting XML data
  2. javax.xml.crypto.dsig includes interfaces for elements in the W3C XML digital signature document
  3. javax.xml.crypto.dsig.keyinfo includes interfaces for KeyInfo in the W3C XML digital signature document
  4. javax.xml.crypto.dom and javax.xml.crypto.dsig.dom contain DOM-specific classes for the javax.xml.crypto and javax.xml.crypto.dsig packages. Developers creating DOM-based XMLSignatureFactory or KeyInfoFactory implementation can use these packages.

 
8cbd1ad8a75f68469f58a890843cbdbe@ides.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete