Digital Signature of NFE (Electronic Invoice) [closed]

Navigation
5

I'm developing the NFE in the Python language, I already generate the XML, I can send it to Webservice and I get the answer, what I need now is the digital signature

The signature is an xml tag with some values, follow the template 

 <NFe xmlns="http://www.portalfiscal.inf.br/nfe" >
     <infNFe Id="NFe31060243816719000108550000000010001234567897"     versao="1.01">
     ...
     </infNFe>
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
           <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-  c14n-20010315"/>
           <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
           <Reference URI="#NFe31060243816719000108550000000010001234567897">
           <Transforms>
              <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped- signature"/>
              <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml- c14n-20010315"/>
           </Transforms>
           <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <DigestValue>vFL68WETQ+mvj1aJAMDx+oVi928=</DigestValue>
          </Reference>
       </SignedInfo>
     <SignatureValue>IhXNhbdL1F9UGb2ydVc5v/gTB/y6r0KIFaf5evUi1i ...    </SignatureValue>
     <KeyInfo>
        <X509Data>
            <X509Certificate>MIIFazCCBFOgAwIBAgIQaHEfNaxSeOEvZGlVDANB ...     </X509Certificate>
        </X509Data>
    </KeyInfo>
    </Signature>
</NFe>

What I know is that I need to generate the values for the tags <DigestValue> , <SignatureValue> and <X509Certificate> .

I can already read the digital certificate A1 through the file .pfx I can already extract the information:

  • Certificate owner name
  • Certificate start and end date of certificate validity
  • Private Key

  • Certificate Key

    According to the NFe Integration Manual , says the following to fill in these fields. Page 17 and 18

  

The Taxpayer's signature in the NF-e will be made in the TAG identified by the attribute   Id, whose contents must be a unique identifier (access key) preceded by the literal   'NFe' for each NF-e according to the layout described in Annex I. The unique identifier preceded   of the '#NFe' literal must be entered in the TAG URI attribute. For the remaining messages to be signed, the process is the same always maintaining an identifier   unique for the Id attribute in the TAG to be signed. Here is an example:

By what I understand, in the key NFe31060243816719000108550000000010001234567897 (in this case) ta Tag <Reference URI="#NFe31060243816719000108550000000010001234567897">

For the tag <DigestValue> it says that it has to be an algorithm SH-1 base 64 , OK this I already can, but it does not speak based on what I need to generate this key

What I want to know is, how are these field values actually generated? 

<DigestValue>
<SignatureValue>
<X509Certificate>
    
asked by anonymous 29.09.2015 / 21:57

1 answer

2

To calculate DigestValue

1 add the xmlns namespace with the link value in the infNFe tag

2 canonize the infNFe tag

3 calculate the Digest using SHA1 and convert the result to Base64

To sign the note

1 add the xmlns namespace with the value link in the SignedInfo tag

2 canonize the SignedInfo tag

3 Sign the SignedInfo tag, convert the result to Base64

Is there something missing?

More details about signing link

    
21.08.2016 / 08:29
How to keep the url fixed? How to identify if a string is a palindrome?