Rejection NFSe SP Signature of XML data differs from Calculated SHA1 VB.net

Navigation
2

I am signing the following string: 339575410000100000000000120150413NI00000000000005000000000000002502917N207293716000260

Using the following code: 

' Obtem o certificado
        Dim CertificadoDig As X509Certificate2 = ObtemCertificado("")

        ' Converte os dados ASCII para Bytes
        Dim data() As Byte = System.Text.Encoding.ASCII.GetBytes(String_AssADC)

        Dim csp As RSACryptoServiceProvider = DirectCast(CertificadoDig.PrivateKey, RSACryptoServiceProvider)

        'Gerando Hash(array de bytes) utilizando SHA1
        Dim sha As New SHA1Managed()
        Dim hash() As Byte = sha.ComputeHash(data)

        'Assinando o HASH(array de bytes) utilizando RSA-SHA1
        Dim encrypted As Byte() = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"))

        'Verifica se a Assinatura é Valida
        Dim isValid As Boolean = csp.VerifyData(data, "SHA1", encrypted)

        Return Convert.ToBase64String(encrypted)

I wonder if when I generate Hash, does it already sign? Well I have seen that it can happen, and if this happens I will be signing 2 times and I believe that there must be the error, the WebService of the City of São Paulo, returns with the following message: 

<?xml version="1.0" encoding="UTF-8" ?> 
  <RetornoEnvioRPS xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.prefeitura.sp.gov.br/nfe">
  <Cabecalho Versao="1" xmlns="">
  <Sucesso>false</Sucesso> 
  </Cabecalho>
  <Erro xmlns="">
  <Codigo>1057</Codigo> 
  <Descricao>Rejeição: Assinatura difere do calculado.</Descricao> 
  </Erro>
  </RetornoEnvioRPS>
    
asked by anonymous 13.04.2015 / 15:08

3 answers

4

SOLVED !!!

Felipe, have you solved your problem?

At last I discovered the signature problem ( 1057-Rejection: Signature differs from the calculated ): CR and LF!

Thanks to the broken line, my XML was signed in one way and validated in another in the CityService WebService, because it probably only considers the tags and values, which ends up generating a divergence in the calculation of the signature! >

As for the internal signing, from TAG, I mounted the String and signed with the code below, and it was also correct! 

public string SignRPS(X509Certificate2 cert, String sAssinatura) 
{ 

//recebe o certificado e a string a ser assinada 
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding(); 

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); 

//pega a chave privada do certificado digital 
rsa = cert. PrivateKey as RSACryptoServiceProvider; 

//cria o array de bytes e realiza a conversao da string em array de bytes 
byte[] sAssinaturaByte = enc.GetBytes(sAssinatura); 

RSAPKCS1SignatureFormatter rsaf = new RSAPKCS1SignatureFormatter(rsa); 
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); 

//cria a variavel hash que armazena o resultado do sha1 
byte[] hash; 
hash = sha1.ComputeHash(sAssinaturaByte); 

//definimos o metodo a ser utilizado na criptografia e assinamos 
rsaf.SetHashAlgorithm("SHA1"); 
sAssinaturaByte = rsaf.CreateSignature(hash); 

//por fim fazemos a conversao do array de bytes para string 
string convertido; 
convertido = Convert.ToBase64String(sAssinaturaByte); 

return convertido; 
}

OBS: I then adjusted this code to my need, since we already have signature routines on the system where I work, and in the end the big villain was the form that was encoding the String in Array Bytes: I used UnicodeEncoding and in fact for Sampa it should be System.Text.ASCIIEncoding

    
30.06.2015 / 00:15
1

Felipe, I'm having exactly the same problem, but after reading the manual of NFSe from São Paulo I noticed that there are 2 similar "returns":

1057-Rejection: Signature differs from the calculated (which is this error you described above, and the same thing that happens to me)

1206-RPS Digital Signature incorrect. (tag signature error)

In other forums, I have seen people say that when this internal signature is incorrect, they get the message: "RPS Digital Signature Incorrect - Verified String (XXXXXX)", as post in GUJ: #

That is: I believe that the problem is not in the internal signature of RPS, but in the signature of the XML file!

    
25.06.2015 / 21:34
-1

Not necessarily, it returns error 1206 when the generated string has a problem, should not be so, error 1206 should come back if there was something about signature and not the formation of the string, but this is not what happens, in my case, I get error 1206, when I try to send a note without identifying the taker, without cpf or cnpj, when I put the cpf I do not get any errors, nothing relative to the wrong RPS digital signature, but that's what returns me. p>     

06.06.2017 / 22:17
Query data from 1 day to 3 days ago mysql [closed] Create a column in Mysql that automatically divides the values into two other columns