Of course, it remains to be seen if this software uses them. And, you would need access to the key pair used to sign the XML or JSON to determine if the file had been modified (otherwise, someone could just regenerate the signature).
I mean, the software itself, if it has the ability to produce those signatures, may have an import feature for files that don't include those signatures, or an override to import them, or a feature to sign unsigned versions.
They can, but the specs for both XML and JSON include provisions for a digital signature. I posted links here:
https://thedonald.win/p/11QlFgNFTh/x/c/4DpMxRUuNxG
Of course, it remains to be seen if this software uses them. And, you would need access to the key pair used to sign the XML or JSON to determine if the file had been modified (otherwise, someone could just regenerate the signature).
I mean, the software itself, if it has the ability to produce those signatures, may have an import feature for files that don't include those signatures, or an override to import them, or a feature to sign unsigned versions.