5
I am developing NFE in the Python language, I already Gero the XML, I can send it to Webservice and I get the answer, what I need now is the digital signature
The signature is an xml tag with some values, follows the model
<NFe xmlns="http://www.portalfiscal.inf.br/nfe" >
<infNFe Id="NFe31060243816719000108550000000010001234567897" versao="1.01">
...
</infNFe>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml- c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#NFe31060243816719000108550000000010001234567897">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped- signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml- c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>vFL68WETQ+mvj1aJAMDx+oVi928=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>IhXNhbdL1F9UGb2ydVc5v/gTB/y6r0KIFaf5evUi1i ... </SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIFazCCBFOgAwIBAgIQaHEfNaxSeOEvZGlVDANB ... </X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</NFe>
What I know is that I need to generate the values for the tags <DigestValue>
, <SignatureValue>
and <X509Certificate>
.
I can already read the digital certificate A1 through the archive .pfx
I can already extract the information:
- Name of the certificate owner
- Date of commencement and end of validity of the certificate
- Private Key
Certificate Key
According to the Nfe Integration Manual, says the following to fill in these fields. Page 17 and 18
Contributor signature on NF-e will be made on the TAG identified by the attribute Id, the content of which shall be a unique identifier (access key) preceded by the literal Nfe' for each NF-e as layout described in Annex I. The unique identifier preceded of the literal#Nfe' must be entered in the URI attribute of the TAG. For the other messages to be signed, the process is the same always keeping an identifier unique to the Id attribute in the TAG to be signed. Below is an example:
From what I understand, in the key NFe31060243816719000108550000000010001234567897
(in that case) ta Tag <Reference URI="#NFe31060243816719000108550000000010001234567897">
To the tag <DigestValue>
he says it has to be an algorithm SH-1 base 64
, Okay, I can do that, but it doesn’t speak based on what I need to generate this key
What I want to know is, how are these field values actually generated?
<DigestValue>
<SignatureValue>
<X509Certificate>
Did you follow the links just below? If I had more experience with this, I would reply, but I can only give the following comment: 1) The
DigestValue
is a hash of what is being signed (probably a simple SHA-1 of the same encoded in Base64); 2) TheX509Certificate
is the identification of the certificate used to sign (the one whose private key you control, the way you read); 3) TheSignatureValue
is the signature ofDigestValue
with the private key of the certificate, according to the specified algorithms (signature and transformations).– mgibsonbr
This may not have helped much, I imagine, but my suggestion is to try to find some library for Python that does XML signing (because this is an international standard, what Nfe uses). Again, I have no experience, but a quick search has brought me that, that and that.
– mgibsonbr
Very good your tips, the problem is that these libraries use the
xmlsec
and it doesn’t work at all in Python 3.4, I’ve tried everything, it might work but it doesn’t work so far, it would have to be in Python 3.DigestValue
using SHA-1 however it is never the same that has these examples. in relation toSignatureValue
what type of algorithm?– Rodrigo Rodrigues
If the Digest is going wrong, maybe you are not hashing the right data. For example, here says that the element to be hashed is the
Object
, and in its text all\r\n
of the text have to be replaced by a single\n
, are you doing this? Maybe they have other details too, I don’t know... As for theSignatureValue
, the type of algorithm is described inSignatureMethod
: RSA-SHA-1. And also has theCanonicalizationMethod
I’m not sure what it’s for, other thanTransforms
. If I had to do it by hand, I’d be lost rsrs.– mgibsonbr
As for the links, I entered the links but did not understand, I did not see how I can generate these values, it is a very great document rsrsrs. Yeah, I think this part I’ll see if I can make a script with Python2 just to sign, that’s the way. rsrs
– Rodrigo Rodrigues
If I make the blessed xmlsec work, then I’ll settle the matter
– Rodrigo Rodrigues
I believe you are doing everything in the arm. If yes, I think you could take a look at this lib, library project to interface with the web service of electronic Invoice for Python, which will already give you possibilities to do many things in a much simpler way.
– mazulo