Hello,
A help to understand the difference in signatures between xmlsec and signxml, using the same pattern:
signature_algorithm="rsa-sha1"
digest_algorithm='sha1',
xmlsec signature code:
xml ="<enviNFe xmlns="http://www.portalfiscal.inf.br/nfe" versao="4.00"><idLote>1650</idLote><indSinc>0</indSinc><NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="4.00" Id="NFe35211107457285000133550010010010341000015619"><ide><cUF>35</cUF><cNF>00001561</cNF><natOp>VENDA MERC. ADQ. OU REC. DE TERC</natOp><mod>55</mod><serie>1</serie><nNF>1001034</nNF><dhEmi>2021-11-01T13:33:29-03:00</dhEmi><dhSaiEnt>2021-11-01T13:33:29-03:00</dhSaiEnt><tpNF>1</tpNF><idDest>1</idDest><cMunFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>9</cDV><tpAmb>2</tpAmb><finNFe>1</finNFe><indFinal>0</indFinal><indPres>9</indPres><indIntermed>0</indIntermed><procEmi>0</procEmi><verProc>Monitor</verProc></ide></infNFe></NFe></enviNFe>"
parser = etree.XMLParser(remove_blank_text=True, remove_comments=True, strip_cdata=False)
xml_element = etree.fromstring(xml, parser=parser)
key = xmlsec.Key.from_memory(key_cert,
format=xmlsec.constants.KeyDataFormatPem, password='pass_cert')
reference = "NFe35211107457285000133550010010010341000015619"
element_signed = xml_element.find(".//*[@Id='%s']" % reference)
parent = element_signed.getparent()
ref_uri = "#%s" % reference
signature_node = xmlsec.template.create(
element_signed, c14n_method=xmlsec.Transform.C14N, sign_method=xmlsec.Transform.RSA_SHA1,)
parent.append(signature_node)
ref = xmlsec.template.add_reference(signature_node, xmlsec.Transform.SHA1, uri=ref_uri)
xmlsec.template.add_transform(ref, xmlsec.Transform.ENVELOPED)
xmlsec.template.add_transform(ref, xmlsec.Transform.C14N)
ki = xmlsec.template.ensure_key_info(signature_node)
xmlsec.template.add_x509_data(ki)
ctx = xmlsec.SignatureContext()
ctx.key = key
ctx.key.load_cert_from_memory(self.certificado, consts.KeyDataFormatPem)
ctx.register_id(node=element_signed, id_attr="Id")
ctx.sign(signature_node)
Signature returned by xmlsec :
GVqoQRprIOpMwg4+f56aS7iKLfxOzQR62GBsz2Ix4EoYsty9KAWbmr2Nq2Nf3g2/
buY4OhJIdvpkrZ0ogLKCcBeGYssBIWprFPsuHWmwzvnQajn3qGYKiUWCs4Cd1G8M
i95DTBrN+NdbE3bNoWgsJbTiPEAjiDcnhgkpOKH6WfCq7cCNYwOoflV+7/7Zw791
qxtk3nh8/qLCbLpQajUbvXfwz/GqDducdLnyKQSkENzC+mNuVPx+A8B+g02jXn+4
dXlGVZo7eAGDiieX6smhlxbTt/x1Fu0QZgE1Odic6fWHApiKWMdjg+D2GJoXbw28
U0mF0M9FcpoJtDoqtskBvw==
DigestValue:
F7W2fq7dGEw/MY20dIRUFy3rCSI=
Signature returned by signxml (the correct one accepted on the web server) :
qOUx5ZV61ro56do4kER/q5CTj0eieIA4+1rPluK8Ooqjqnubg55JyopMFGOG+qivxfOIxpENX05iTD2W
kMs0E8cvEBfJ3jDeTezszswd14xJbBECo2LD9T5pNn7KHtQ1rjdSxVjLMXzP7Rks6rVobCCldU6+kfaN
KBLEugcW2q/yc0/kX4q4dsjjA/sTvoO6nAZsuBKbdMG+KQPYpOo46JjlBfR7RFLyAfjQX8FDnnDhILxX
bHeMcEfD6BnWuYye9dwWT5sX30h+kttfhZe3qZalaxT6JMjS7ANUoZOFijO4P/1sRGUvHyU0qPvJVNEr
WisSDNLaC4AMdV0cnGbMYQ==
DigestValue -> F7W2fq7dGEw/MY20dIRUFy3rCSI=
Hello,
A help to understand the difference in signatures between xmlsec and signxml, using the same pattern:
signature_algorithm="rsa-sha1"
digest_algorithm='sha1',
xmlsec signature code:
Signature returned by xmlsec :
GVqoQRprIOpMwg4+f56aS7iKLfxOzQR62GBsz2Ix4EoYsty9KAWbmr2Nq2Nf3g2/
buY4OhJIdvpkrZ0ogLKCcBeGYssBIWprFPsuHWmwzvnQajn3qGYKiUWCs4Cd1G8M
i95DTBrN+NdbE3bNoWgsJbTiPEAjiDcnhgkpOKH6WfCq7cCNYwOoflV+7/7Zw791
qxtk3nh8/qLCbLpQajUbvXfwz/GqDducdLnyKQSkENzC+mNuVPx+A8B+g02jXn+4
dXlGVZo7eAGDiieX6smhlxbTt/x1Fu0QZgE1Odic6fWHApiKWMdjg+D2GJoXbw28
U0mF0M9FcpoJtDoqtskBvw==
DigestValue:
F7W2fq7dGEw/MY20dIRUFy3rCSI=
Signature returned by signxml (the correct one accepted on the web server) :
qOUx5ZV61ro56do4kER/q5CTj0eieIA4+1rPluK8Ooqjqnubg55JyopMFGOG+qivxfOIxpENX05iTD2W
kMs0E8cvEBfJ3jDeTezszswd14xJbBECo2LD9T5pNn7KHtQ1rjdSxVjLMXzP7Rks6rVobCCldU6+kfaN
KBLEugcW2q/yc0/kX4q4dsjjA/sTvoO6nAZsuBKbdMG+KQPYpOo46JjlBfR7RFLyAfjQX8FDnnDhILxX
bHeMcEfD6BnWuYye9dwWT5sX30h+kttfhZe3qZalaxT6JMjS7ANUoZOFijO4P/1sRGUvHyU0qPvJVNEr
WisSDNLaC4AMdV0cnGbMYQ==
DigestValue -> F7W2fq7dGEw/MY20dIRUFy3rCSI=