SDI Certificates

From wiki.ferrari.mo.it
Jump to navigation Jump to search

Files supplied by SDI[edit]

- PHXAT002.FRRFBA78L29B819H.cifra.p12;

- PHXAT002.FRRFBA78L29B819H.firma.p12;

- CAEntrate.pem;

- sogeiunicocifra.pem;

- Sogei_SdI1.pub;

- Sogei_SdI2.pub.

The first 2 files are protected by a password.

Extracting certificates and keys[edit]

openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.firma.p12 -out firma.pem -legacy
(enter supplied password)
(enter new password, 2 times)

openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.cifra.p12 -out cifra.pem -legacy
(enter supplied password)
(enter new password, 2 times)

This operation needs to be done only 1 time.

Sign and crypt a file (test)[edit]

cp /dir/file.xml .
(edit and change CodiceDestinatario)

openssl smime -sign -in file.xml -outform der -binary -nodetach -out file.xml.p7m -signer firma.pem
(enter password created before)

openssl smime -encrypt -in file.xml.p7m -outform der -binary -aes256 -out file.xml.p7m.enc sogeiunicocifra.pem

rm file.xml

rm file.xml.p7m

mv file.xml.p7m.enc /dir/DatiVersoSdITest/

chown sogei:sogei /dir/DatiVersoSdITest/file.xml.p7m.enc

Test codes[edit]

PA[edit]

- FTPTGU;

- FTPKEP;

- FTPVGY.

B2B[edit]

- FTPGGSL;

- FTPGXYI;

- FTPURGT.

Tests[edit]

File FI.EE101944340.2024106.2330.901.xml: 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:FileQuadraturaFTP xmlns:ns2="http://www.fatturapa.it/sdi/ftp/v2.0" versione="2.0">
    <IdentificativoNodo>EE101944340</IdentificativoNodo>
    <DataOraCreazione>2024-04-15T23:30:00</DataOraCreazione>
    <NomeSupporto>FI.EE101944340.2024106.2330.901.zip</NomeSupporto>
    <NumeroFile>
        <File>
            <Tipo>FA</Tipo>
            <Numero>1</Numero>
        </File>
    </NumeroFile>
</ns2:FileQuadraturaFTP>

If you want to sign the file (for files towards public offices signature is mandatory): 

openssl smime -sign -in EE101944340_A0001.xml -outform der -binary -nodetach -out EE101944340_A0001.xml.p7m -signer firma.pem
(insert password)
zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml.p7m

For not-signed files: 

zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml

Then: 

openssl smime -sign -in FI.EE101944340.2024106.2330.901.zip -outform der -binary -nodetach -out FI.EE101944340.2024106.2330.901.zip.p7m -signer firma.pem
(insert password)

openssl smime -encrypt -in FI.EE101944340.2024106.2330.901.zip.p7m -outform der -binary -aes256 -out FI.EE101944340.2024106.2330.901.zip.p7m.enc sogeiunicocifra.pem

chown sogei:sogei FI.EE101944340.2024106.2330.901.zip.p7m.enc

mv FI.EE101944340.2024106.2330.901.zip.p7m.enc /home/sogei/DatiVersoSdITest/FI.EE101944340.2024106.2330.901.zip

For checks: 

https://sdi.fatturapa.gov.it/SdI2FatturaPAWebSpa/AccediAlServizioAction.do?pagina=gestire_canale&l=it

Decrypt[edit]

openssl smime -decrypt -in FO.EE101944340.2024113.1714.901.zip.p7m.enc -inform der -binary -out FO.EE101944340.2024113.1714.901.zip.p7m -recip cifra.pem

openssl smime -verify -in FO.EE101944340.2024113.1714.901.zip.p7m -inform der -binary -out FO.EE101944340.2024113.1714.901.zip -CAfile CAEntrate.pem

unzip FO.EE101944340.2024113.1714.901.zip
Retrieved from "http://wiki.ferrari.mo.it/index.php?title=SDI_Certificates&oldid=335"