Rejection Nfse SP XML data signature Differs from Calculated SHA1 VB.net

Question

Rejection Nfse SP XML data signature Differs from Calculated SHA1 VB.net

Asked 9 years, 2 months ago

Viewed 2,384 times

2

I am signing the following string: 339575410000100000000000120150413NI0000000000000500000000002502917N207293716000260

Using the following code:

' Obtem o certificado
        Dim CertificadoDig As X509Certificate2 = ObtemCertificado("")

        ' Converte os dados ASCII para Bytes
        Dim data() As Byte = System.Text.Encoding.ASCII.GetBytes(String_AssADC)

        Dim csp As RSACryptoServiceProvider = DirectCast(CertificadoDig.PrivateKey, RSACryptoServiceProvider)

        'Gerando Hash(array de bytes) utilizando SHA1
        Dim sha As New SHA1Managed()
        Dim hash() As Byte = sha.ComputeHash(data)

        'Assinando o HASH(array de bytes) utilizando RSA-SHA1
        Dim encrypted As Byte() = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"))

        'Verifica se a Assinatura é Valida
        Dim isValid As Boolean = csp.VerifyData(data, "SHA1", encrypted)

        Return Convert.ToBase64String(encrypted)

I was wondering if when I saw Hash, did he sign? Because I saw that this can happen, and if this happens I will be signing twice and I believe that there must be the error, the Webservice of the Municipality of São Paulo, returns with the following message:

<?xml version="1.0" encoding="UTF-8" ?> 
  <RetornoEnvioRPS xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.prefeitura.sp.gov.br/nfe">
  <Cabecalho Versao="1" xmlns="">
  <Sucesso>false</Sucesso> 
  </Cabecalho>
  <Erro xmlns="">
  <Codigo>1057</Codigo> 
  <Descricao>Rejeição: Assinatura difere do calculado.</Descricao> 
  </Erro>
  </RetornoEnvioRPS>

3 answers

4

RESOLVED!!!

Felipe, you’ve solved your problem?

I finally figured out the signature problem (1057-Rejection: Signature differs from calculated): CR and LF!

Thanks to line breaking, my XML was signed one way and validated another in the Webservice of the city, because probably there it considers only the Tags and values, which ends up generating divergence in the calculation of the signature!

As for the internal signature, from the TAG, I mounted the String and signed with the code below, and it was also correct!

public string SignRPS(X509Certificate2 cert, String sAssinatura) 
{ 

//recebe o certificado e a string a ser assinada 
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding(); 

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); 

//pega a chave privada do certificado digital 
rsa = cert. PrivateKey as RSACryptoServiceProvider; 

//cria o array de bytes e realiza a conversao da string em array de bytes 
byte[] sAssinaturaByte = enc.GetBytes(sAssinatura); 

RSAPKCS1SignatureFormatter rsaf = new RSAPKCS1SignatureFormatter(rsa); 
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); 

//cria a variavel hash que armazena o resultado do sha1 
byte[] hash; 
hash = sha1.ComputeHash(sAssinaturaByte); 

//definimos o metodo a ser utilizado na criptografia e assinamos 
rsaf.SetHashAlgorithm("SHA1"); 
sAssinaturaByte = rsaf.CreateSignature(hash); 

//por fim fazemos a conversao do array de bytes para string 
string convertido; 
convertido = Convert.ToBase64String(sAssinaturaByte); 

return convertido; 
}

OBS: then I adjusted this code to my need, because we already have signature routines in the system where I work, and in the end the great villain was the way that was coding the String in Byte Array: I used Unicodeencoding and in fact for Sampa should be System.Text.Asciiencoding

Browser other questions tagged xml vb.net sha1

You are not signed in. Login or sign up in order to post.

by Cristiano • 66 points · Answer 1 · 2015-06-25T19:34:49+00:00

Felipe, I’m having exactly the same problem, but after reading a little the manual of the Nfse of São Paulo I noticed that there are 2 returns "similar":

1057-Rejection: Signature differs from calculated (which is this error that Voce described above, and the same that happens to me)

1206-Incorrect RPS Digital Signature. (error referring to tag signature )

In other forums, I saw people say that when this internal signature is incorrect, they receive the message: "Incorrect RPS Digital Signature - Verified String (XXXXXX)", as post in GUJ: http://www.guj.com.br/25178-nfs-e-paulistana---problemas-na-assinatura-da-rps-tag-assinatura

That is: I believe that the problem is not the internal signature of the RPS, but the signature of the XML file!

by user2149513 • 1 point · Answer 2 · 2017-06-06T20:17:15+00:00

Not necessarily, it returns the error 1206 when the generated string is with some problem, it should not be like this, the error 1206 should return if there was something related to the signature and not the formation of the string, but this is not what happens, in my case, I get error 1206, when I try to send note without identifying the taker, without Cpf or cnpj, when I put Cpf I no longer get any error, nothing related to the digital signature of the incorrect RPS, but it is what returns me.