Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature difference between xmlsec and signxml #5

Open
edsonbernar opened this issue Nov 3, 2021 · 0 comments
Open

Signature difference between xmlsec and signxml #5

edsonbernar opened this issue Nov 3, 2021 · 0 comments

Comments

@edsonbernar
Copy link

Hello,

A help to understand the difference in signatures between xmlsec and signxml, using the same pattern:
signature_algorithm="rsa-sha1"
digest_algorithm='sha1',

xmlsec signature code:

xml ="<enviNFe xmlns="http://www.portalfiscal.inf.br/nfe" versao="4.00"><idLote>1650</idLote><indSinc>0</indSinc><NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="4.00" Id="NFe35211107457285000133550010010010341000015619"><ide><cUF>35</cUF><cNF>00001561</cNF><natOp>VENDA MERC. ADQ. OU REC. DE TERC</natOp><mod>55</mod><serie>1</serie><nNF>1001034</nNF><dhEmi>2021-11-01T13:33:29-03:00</dhEmi><dhSaiEnt>2021-11-01T13:33:29-03:00</dhSaiEnt><tpNF>1</tpNF><idDest>1</idDest><cMunFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>9</cDV><tpAmb>2</tpAmb><finNFe>1</finNFe><indFinal>0</indFinal><indPres>9</indPres><indIntermed>0</indIntermed><procEmi>0</procEmi><verProc>Monitor</verProc></ide></infNFe></NFe></enviNFe>"

parser = etree.XMLParser(remove_blank_text=True, remove_comments=True, strip_cdata=False)

xml_element = etree.fromstring(xml, parser=parser)

key = xmlsec.Key.from_memory(key_cert,
    format=xmlsec.constants.KeyDataFormatPem,  password='pass_cert')

reference = "NFe35211107457285000133550010010010341000015619"        
element_signed = xml_element.find(".//*[@Id='%s']" % reference)
parent = element_signed.getparent()        
ref_uri = "#%s" % reference

signature_node = xmlsec.template.create(
    element_signed, c14n_method=xmlsec.Transform.C14N,  sign_method=xmlsec.Transform.RSA_SHA1,)
        
parent.append(signature_node)
        
ref = xmlsec.template.add_reference(signature_node, xmlsec.Transform.SHA1, uri=ref_uri)

xmlsec.template.add_transform(ref, xmlsec.Transform.ENVELOPED)
xmlsec.template.add_transform(ref, xmlsec.Transform.C14N)

ki = xmlsec.template.ensure_key_info(signature_node)
xmlsec.template.add_x509_data(ki)

ctx = xmlsec.SignatureContext()
ctx.key = key
ctx.key.load_cert_from_memory(self.certificado, consts.KeyDataFormatPem)
ctx.register_id(node=element_signed, id_attr="Id")        
ctx.sign(signature_node)

Signature returned by xmlsec :
GVqoQRprIOpMwg4+f56aS7iKLfxOzQR62GBsz2Ix4EoYsty9KAWbmr2Nq2Nf3g2/
buY4OhJIdvpkrZ0ogLKCcBeGYssBIWprFPsuHWmwzvnQajn3qGYKiUWCs4Cd1G8M
i95DTBrN+NdbE3bNoWgsJbTiPEAjiDcnhgkpOKH6WfCq7cCNYwOoflV+7/7Zw791
qxtk3nh8/qLCbLpQajUbvXfwz/GqDducdLnyKQSkENzC+mNuVPx+A8B+g02jXn+4
dXlGVZo7eAGDiieX6smhlxbTt/x1Fu0QZgE1Odic6fWHApiKWMdjg+D2GJoXbw28
U0mF0M9FcpoJtDoqtskBvw==

DigestValue:
F7W2fq7dGEw/MY20dIRUFy3rCSI=

Signature returned by signxml (the correct one accepted on the web server) :
qOUx5ZV61ro56do4kER/q5CTj0eieIA4+1rPluK8Ooqjqnubg55JyopMFGOG+qivxfOIxpENX05iTD2W
kMs0E8cvEBfJ3jDeTezszswd14xJbBECo2LD9T5pNn7KHtQ1rjdSxVjLMXzP7Rks6rVobCCldU6+kfaN
KBLEugcW2q/yc0/kX4q4dsjjA/sTvoO6nAZsuBKbdMG+KQPYpOo46JjlBfR7RFLyAfjQX8FDnnDhILxX
bHeMcEfD6BnWuYye9dwWT5sX30h+kttfhZe3qZalaxT6JMjS7ANUoZOFijO4P/1sRGUvHyU0qPvJVNEr
WisSDNLaC4AMdV0cnGbMYQ==

DigestValue -> F7W2fq7dGEw/MY20dIRUFy3rCSI=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edsonbernar