Problem generating the stamp for CFDi 3.3

Navigation
0

Good afternoon, I am in the process of changing from cfdi 3.2 to 3.3.

Once the original string was generated, reading in other posts I found a validator of it and it is correct, at the time of generating the stamp with SHA 256, it shows me an error.

  

"Uncontrolled exception of type   'System.Cryptography.CryptographicException' Additional Information:   'Algorithm specified is not valid' "

Since I was able to verify that the original string is correct I copy the part where I try to generate the stamp. 

string co = generarCadenaOriginal(oCFDi);
X509Certificate2 _MiCertificado = new X509Certificate2(@"" + rutaP12, @"" + ConfigurationManager.AppSettings["PublicKey"], X509KeyStorageFlags.MachineKeySet);

RSACryptoServiceProvider RSA1 = (RSACryptoServiceProvider)_MiCertificado.PrivateKey;


UTF8Encoding eUTF = new UTF8Encoding(true);
byte[] tester = eUTF.GetBytes(co);
SHA256CryptoServiceProvider hasher = new SHA256CryptoServiceProvider();

byte[] signedBytes = RSA1.SignData(tester, hasher);

return Convert.ToBase64String(signedBytes);

I appreciate you can help me, Greetings to all

    
asked by Luis Angel Valderrama Orozco 31.08.2017 в 20:18
source

2 answers

1

Good morning, I share my experience with this change when trying to sign with the private key of the certificate and generate the seal in the CFDI v3.3 with SHA256 digestion with RSA.

You must explicitly specify the Microsoft Cryptographic Service Provider when integrating our private keys with our certificates stating that we are going to use "Microsoft Enhanced RSA and AES Cryptographic Provider" as our CSP .

As follows from OpenSSL, in my case: 

pkcs12 -export -in certificado.cer.pem -inkey llave.key.pem -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out certificado.p12

This problem comes from the CSP that is in Windows, when we call SignData with SHA256, the CryptCreateHash function will be called, this encryption API does not perform encryption operations by itself, it redirects the parameters obtained from the application to the CSP desired and the CSP performs the operations on your behalf.

To verify that it was generated correctly: 

pkcs12 -info -nodes -in certificado.p12

With this you can now from .NET in my case do the following without problem: 

RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_MiCertificado.PrivateKey;
SHA256 hasher = SHA256CryptoServiceProvider.Create();
byte[] signedBytes = rsa.SignData(System.Text.Encoding.UTF8.GetBytes(cadenaOriginal), hasher);

With this you can generate the stamp correctly and the algorithm will be valid when you make the signature.

Greetings!

    
answered by 08.09.2017 / 19:32
source
0

I recommend using the openssl dll for that job, or failing that, using the openssl directly on the cer and key files.

Now, focusing only on your code, if you already have the signed for cfdi 3.2, you can use the same code, only replacing the hasher from SHA1 to SHA256.

In my experience, the best mechanism for signing certificates is using the openssl exe.

    
answered by 31.08.2017 в 23:46
Copy a sheet with PHPExcel filter with content text