I have not used gup aside from thru Notepad++, so I don’t know any more details.
The best advice I have is to wait a few more days and see if anyone else here chimes in (there are a few people here who probably understand the process that Don implemented better than I do, who were more involved in the security discussions around it). But if no one does, then creating an issue at the WinGUp repo, to request that the process be better documented would be a good idea.
I would recommend asking for both how to get the information for the <Signature> block in the XML and for how to get the server to generate the signature for the XML. If I’ve understood your reply correctly, you seem to have figured the signature-inside-XML portion out; however, even if you have, I don’t know that everyone who wants to use gup for their own project will have figured it out. I think that both need to be documented, otherwise gup isn’t really usable by anyone except Notepad++ anymore – so if you’re asking for one part, asking for both would be better.
(If you do create the issue, make sure to reply here with a link to the issue, so that people who find this discussion can track what the status is of the request.)