It certainly is possible to sign different elements in the same XML document with different keys. This basically adds multiple signatures with different internal references (#<ID>
) to the document.
The internal reference with the ID is required, there is no way around it that is supported by standards. A reference with an empty or missing URI does not indicate that the parent element is to be signed but that the complete document is to be signed.
If you can't add IDs to your packages you can use non-standard means to achieve your goal by effectivly treating each package like an independent XML document and leaving the reference URI empty. But that would mean that your XML document with all packages can only be verified by your program, because it would have to split the XML document into multiple documents before the verification.
In the .NET implementation it doesn't work if the signatures are placed inside the tags that should be signed. This is either due to me missing something or due to a bug.
Placing the signatures at the top level directly inside the root element works.
A working implementation can be found in my answer to your other question.