I'm developing the NFE in the Python language, I already generate the XML, I can send it to Webservice and I get the answer, what I need now is the digital signature
The signature is an xml tag with some values, follow the template
<NFe xmlns="http://www.portalfiscal.inf.br/nfe" >
<infNFe Id="NFe31060243816719000108550000000010001234567897" versao="1.01">
...
</infNFe>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml- c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#NFe31060243816719000108550000000010001234567897">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped- signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml- c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>vFL68WETQ+mvj1aJAMDx+oVi928=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>IhXNhbdL1F9UGb2ydVc5v/gTB/y6r0KIFaf5evUi1i ... </SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIFazCCBFOgAwIBAgIQaHEfNaxSeOEvZGlVDANB ... </X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</NFe>
What I know is that I need to generate the values for the tags <DigestValue>
, <SignatureValue>
and <X509Certificate>
.
I can already read the digital certificate A1 through the file .pfx
I can already extract the information:
- Certificate owner name
- Certificate start and end date of certificate validity
- Private Key
-
Certificate Key
According to the NFe Integration Manual , says the following to fill in these fields. Page 17 and 18
The Taxpayer's signature in the NF-e will be made in the TAG identified by the attribute Id, whose contents must be a unique identifier (access key) preceded by the literal 'NFe' for each NF-e according to the layout described in Annex I. The unique identifier preceded of the '#NFe' literal must be entered in the TAG URI attribute. For the remaining messages to be signed, the process is the same always maintaining an identifier unique for the Id attribute in the TAG to be signed. Here is an example:
By what I understand, in the key NFe31060243816719000108550000000010001234567897
(in this case) ta Tag <Reference URI="#NFe31060243816719000108550000000010001234567897">
For the tag <DigestValue>
it says that it has to be an algorithm SH-1 base 64
, OK this I already can, but it does not speak based on what I need to generate this key
What I want to know is, how are these field values actually generated?
<DigestValue>
<SignatureValue>
<X509Certificate>