Skip to content

Signature difference between xmlsec and signxml #5

New issue
New issue
Open
Open
Signature difference between xmlsec and signxml#5
@edsonbernar

Description

@edsonbernar
edsonbernar
opened on Nov 3, 2021

Hello,

A help to understand the difference in signatures between xmlsec and signxml, using the same pattern:
signature_algorithm="rsa-sha1"
digest_algorithm='sha1',

xmlsec signature code:

xml ="<enviNFe xmlns="http://www.portalfiscal.inf.br/nfe" versao="4.00"><idLote>1650</idLote><indSinc>0</indSinc><NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="4.00" Id="NFe35211107457285000133550010010010341000015619"><ide><cUF>35</cUF><cNF>00001561</cNF><natOp>VENDA MERC. ADQ. OU REC. DE TERC</natOp><mod>55</mod><serie>1</serie><nNF>1001034</nNF><dhEmi>2021-11-01T13:33:29-03:00</dhEmi><dhSaiEnt>2021-11-01T13:33:29-03:00</dhSaiEnt><tpNF>1</tpNF><idDest>1</idDest><cMunFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>9</cDV><tpAmb>2</tpAmb><finNFe>1</finNFe><indFinal>0</indFinal><indPres>9</indPres><indIntermed>0</indIntermed><procEmi>0</procEmi><verProc>Monitor</verProc></ide></infNFe></NFe></enviNFe>"

parser = etree.XMLParser(remove_blank_text=True, remove_comments=True, strip_cdata=False)

xml_element = etree.fromstring(xml, parser=parser)

key = xmlsec.Key.from_memory(key_cert,
    format=xmlsec.constants.KeyDataFormatPem,  password='pass_cert')

reference = "NFe35211107457285000133550010010010341000015619"        
element_signed = xml_element.find(".//*[@Id='%s']" % reference)
parent = element_signed.getparent()        
ref_uri = "#%s" % reference

signature_node = xmlsec.template.create(
    element_signed, c14n_method=xmlsec.Transform.C14N,  sign_method=xmlsec.Transform.RSA_SHA1,)
        
parent.append(signature_node)
        
ref = xmlsec.template.add_reference(signature_node, xmlsec.Transform.SHA1, uri=ref_uri)

xmlsec.template.add_transform(ref, xmlsec.Transform.ENVELOPED)
xmlsec.template.add_transform(ref, xmlsec.Transform.C14N)

ki = xmlsec.template.ensure_key_info(signature_node)
xmlsec.template.add_x509_data(ki)

ctx = xmlsec.SignatureContext()
ctx.key = key
ctx.key.load_cert_from_memory(self.certificado, consts.KeyDataFormatPem)
ctx.register_id(node=element_signed, id_attr="Id")        
ctx.sign(signature_node)

Signature returned by xmlsec :
GVqoQRprIOpMwg4+f56aS7iKLfxOzQR62GBsz2Ix4EoYsty9KAWbmr2Nq2Nf3g2/
buY4OhJIdvpkrZ0ogLKCcBeGYssBIWprFPsuHWmwzvnQajn3qGYKiUWCs4Cd1G8M
i95DTBrN+NdbE3bNoWgsJbTiPEAjiDcnhgkpOKH6WfCq7cCNYwOoflV+7/7Zw791
qxtk3nh8/qLCbLpQajUbvXfwz/GqDducdLnyKQSkENzC+mNuVPx+A8B+g02jXn+4
dXlGVZo7eAGDiieX6smhlxbTt/x1Fu0QZgE1Odic6fWHApiKWMdjg+D2GJoXbw28
U0mF0M9FcpoJtDoqtskBvw==

DigestValue:
F7W2fq7dGEw/MY20dIRUFy3rCSI=

Signature returned by signxml (the correct one accepted on the web server) :
qOUx5ZV61ro56do4kER/q5CTj0eieIA4+1rPluK8Ooqjqnubg55JyopMFGOG+qivxfOIxpENX05iTD2W
kMs0E8cvEBfJ3jDeTezszswd14xJbBECo2LD9T5pNn7KHtQ1rjdSxVjLMXzP7Rks6rVobCCldU6+kfaN
KBLEugcW2q/yc0/kX4q4dsjjA/sTvoO6nAZsuBKbdMG+KQPYpOo46JjlBfR7RFLyAfjQX8FDnnDhILxX
bHeMcEfD6BnWuYye9dwWT5sX30h+kttfhZe3qZalaxT6JMjS7ANUoZOFijO4P/1sRGUvHyU0qPvJVNEr
WisSDNLaC4AMdV0cnGbMYQ==

DigestValue -> F7W2fq7dGEw/MY20dIRUFy3rCSI=

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions