Digital XML signature

Question

Digital XML signature

Navigation

#1 by (0 votes)

0

Good morning friends,

I'm trying to put together an electronic invoice, but in the signature sector the DigestValue asks me, but I do not know how to generate it, someone knows what to put there, thank you very much.

 <xades:SigningCertificate>
 <xades:Cert>
 <xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>  </ds:DigestValue> <!--Buscar-->
</xades:CertDigest>
 <xades:IssuerSerial>
<ds:X509IssuerName>C=CO,L=Bogota D.C.,O=Andes SCD.,OU=Division de certificacion entidad final,CN=CA ANDES SCD S.A.
Clase II,1.2.840.113549.1.9.1=#1614696e666f40616e6465737363642e636f6d2e636f</ds:X509IssuerName>
<ds:X509SerialNumber>5baa826812650bcc</ds:X509SerialNumber> <!--Puede ser o no el valor-->
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>

firma-digital xml

asked by afar1793 24.10.2017 в 15:23

source

1 answer

How to fill a DropDownList in mvc c #? [duplicate] classe properties from an external file

score 0 · Answer 1

It seems that your example is an extract from a more complete xml file, right? Because xml files with digital signature according to XADES have several DigestValue fields, if I'm not wrong.

Anyway, for your specific example, it is the DigestValue of the accompanying certificate or rather that is incorporated in your file, as part of the signature (if it is an enveloped type signature) or that includes any external reference to the certificate. To get the DigestValue certificate, do the following:

$certificado = 'MMIdhsuesHG...'; // las letras serán completamente diferentes en tu caso. Es tu certificado x509, sin "-----BEGIN CERTIFICATE-----" y "-----END CERTIFICATE-----"
$hashCertificado = hash('sha1', $certificado, TRUE);
// sha1 porque tu misma referencia lo indica (DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
// TRUE porque necesitamos que el hash sea binario para el siguiente paso
$digestCertificado = base64_encode($hashCertificado);
// lo que está en $digestCertificado es lo que estás buscando

What you put below as "It may or may not be the value" must be the serial number of the certificate; nothing to do with the DigestValue. The serial number is between the properties of the certificate, as well as the sender data that you put in the previous line (X509IssuerName).