Difference between revisions of "SDI Certificates"
Jump to navigation
Jump to search
(→Tests) |
|||
(15 intermediate revisions by the same user not shown) | |||
Line 27: | Line 27: | ||
This operation needs to be done only 1 time. | This operation needs to be done only 1 time. | ||
− | = Sign and crypt a file = | + | = Sign and crypt a file (test) = |
− | + | cp /dir/file.xml . | |
+ | (edit and change CodiceDestinatario) | ||
+ | |||
+ | openssl smime -sign -in file.xml -outform der -binary -nodetach -out file.xml.p7m -signer firma.pem | ||
+ | (enter password created before) | ||
+ | |||
+ | openssl smime -encrypt -in file.xml.p7m -outform der -binary -aes256 -out file.xml.p7m.enc sogeiunicocifra.pem | ||
+ | |||
+ | rm file.xml | ||
+ | |||
+ | rm file.xml.p7m | ||
+ | |||
+ | mv file.xml.p7m.enc /dir/DatiVersoSdITest/ | ||
+ | |||
+ | chown sogei:sogei /dir/DatiVersoSdITest/file.xml.p7m.enc | ||
+ | |||
+ | = Test codes = | ||
+ | |||
+ | == PA == | ||
+ | |||
+ | - FTPTGU; | ||
+ | |||
+ | - FTPKEP; | ||
+ | |||
+ | - FTPVGY. | ||
+ | |||
+ | == B2B == | ||
+ | |||
+ | - FTPGGSL; | ||
+ | |||
+ | - FTPGXYI; | ||
+ | |||
+ | - FTPURGT. | ||
+ | |||
+ | = Tests = | ||
+ | |||
+ | File FI.EE101944340.2024106.2330.901.xml: | ||
+ | |||
+ | <?xml version="1.0" encoding="UTF-8" standalone="yes"?> | ||
+ | <ns2:FileQuadraturaFTP xmlns:ns2="http://www.fatturapa.it/sdi/ftp/v2.0" versione="2.0"> | ||
+ | <IdentificativoNodo>EE101944340</IdentificativoNodo> | ||
+ | <DataOraCreazione>2024-04-15T23:30:00</DataOraCreazione> | ||
+ | <NomeSupporto>FI.EE101944340.2024106.2330.901.zip</NomeSupporto> | ||
+ | <NumeroFile> | ||
+ | <File> | ||
+ | <Tipo>FA</Tipo> | ||
+ | <Numero>1</Numero> | ||
+ | </File> | ||
+ | </NumeroFile> | ||
+ | </ns2:FileQuadraturaFTP> | ||
+ | |||
+ | If you want to sign the file (for files towards public offices signature is mandatory): | ||
+ | |||
+ | openssl smime -sign -in EE101944340_A0001.xml -outform der -binary -nodetach -out EE101944340_A0001.xml.p7m -signer firma.pem | ||
+ | (insert password) | ||
+ | zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml.p7m | ||
+ | |||
+ | For not-signed files: | ||
+ | |||
+ | zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml | ||
+ | |||
+ | Then: | ||
+ | |||
+ | openssl smime -sign -in FI.EE101944340.2024106.2330.901.zip -outform der -binary -nodetach -out FI.EE101944340.2024106.2330.901.zip.p7m -signer firma.pem | ||
+ | (insert password) | ||
+ | |||
+ | openssl smime -encrypt -in FI.EE101944340.2024106.2330.901.zip.p7m -outform der -binary -aes256 -out FI.EE101944340.2024106.2330.901.zip.p7m.enc sogeiunicocifra.pem | ||
+ | |||
+ | chown sogei:sogei FI.EE101944340.2024106.2330.901.zip.p7m.enc | ||
+ | |||
+ | mv FI.EE101944340.2024106.2330.901.zip.p7m.enc /home/sogei/DatiVersoSdITest/FI.EE101944340.2024106.2330.901.zip | ||
+ | |||
+ | For checks: | ||
+ | |||
+ | https://sdi.fatturapa.gov.it/SdI2FatturaPAWebSpa/AccediAlServizioAction.do?pagina=gestire_canale&l=it | ||
+ | |||
+ | = Decrypt = | ||
+ | |||
+ | openssl smime -decrypt -in FO.EE101944340.2024113.1714.901.zip.p7m.enc -inform der -binary -out FO.EE101944340.2024113.1714.901.zip.p7m -recip cifra.pem | ||
+ | |||
+ | openssl smime -verify -in FO.EE101944340.2024113.1714.901.zip.p7m -inform der -binary -out FO.EE101944340.2024113.1714.901.zip -CAfile CAEntrate.pem | ||
+ | |||
+ | unzip FO.EE101944340.2024113.1714.901.zip |
Latest revision as of 17:10, 3 May 2024
Contents
Files supplied by SDI[edit]
- PHXAT002.FRRFBA78L29B819H.cifra.p12;
- PHXAT002.FRRFBA78L29B819H.firma.p12;
- CAEntrate.pem;
- sogeiunicocifra.pem;
- Sogei_SdI1.pub;
- Sogei_SdI2.pub.
The first 2 files are protected by a password.
Extracting certificates and keys[edit]
openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.firma.p12 -out firma.pem -legacy (enter supplied password) (enter new password, 2 times) openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.cifra.p12 -out cifra.pem -legacy (enter supplied password) (enter new password, 2 times)
This operation needs to be done only 1 time.
Sign and crypt a file (test)[edit]
cp /dir/file.xml . (edit and change CodiceDestinatario) openssl smime -sign -in file.xml -outform der -binary -nodetach -out file.xml.p7m -signer firma.pem (enter password created before) openssl smime -encrypt -in file.xml.p7m -outform der -binary -aes256 -out file.xml.p7m.enc sogeiunicocifra.pem rm file.xml rm file.xml.p7m mv file.xml.p7m.enc /dir/DatiVersoSdITest/ chown sogei:sogei /dir/DatiVersoSdITest/file.xml.p7m.enc
Test codes[edit]
PA[edit]
- FTPTGU;
- FTPKEP;
- FTPVGY.
B2B[edit]
- FTPGGSL;
- FTPGXYI;
- FTPURGT.
Tests[edit]
File FI.EE101944340.2024106.2330.901.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:FileQuadraturaFTP xmlns:ns2="http://www.fatturapa.it/sdi/ftp/v2.0" versione="2.0"> <IdentificativoNodo>EE101944340</IdentificativoNodo> <DataOraCreazione>2024-04-15T23:30:00</DataOraCreazione> <NomeSupporto>FI.EE101944340.2024106.2330.901.zip</NomeSupporto> <NumeroFile> <File> <Tipo>FA</Tipo> <Numero>1</Numero> </File> </NumeroFile> </ns2:FileQuadraturaFTP>
If you want to sign the file (for files towards public offices signature is mandatory):
openssl smime -sign -in EE101944340_A0001.xml -outform der -binary -nodetach -out EE101944340_A0001.xml.p7m -signer firma.pem (insert password) zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml.p7m
For not-signed files:
zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml
Then:
openssl smime -sign -in FI.EE101944340.2024106.2330.901.zip -outform der -binary -nodetach -out FI.EE101944340.2024106.2330.901.zip.p7m -signer firma.pem (insert password)
openssl smime -encrypt -in FI.EE101944340.2024106.2330.901.zip.p7m -outform der -binary -aes256 -out FI.EE101944340.2024106.2330.901.zip.p7m.enc sogeiunicocifra.pem
chown sogei:sogei FI.EE101944340.2024106.2330.901.zip.p7m.enc
mv FI.EE101944340.2024106.2330.901.zip.p7m.enc /home/sogei/DatiVersoSdITest/FI.EE101944340.2024106.2330.901.zip
For checks:
https://sdi.fatturapa.gov.it/SdI2FatturaPAWebSpa/AccediAlServizioAction.do?pagina=gestire_canale&l=it
Decrypt[edit]
openssl smime -decrypt -in FO.EE101944340.2024113.1714.901.zip.p7m.enc -inform der -binary -out FO.EE101944340.2024113.1714.901.zip.p7m -recip cifra.pem
openssl smime -verify -in FO.EE101944340.2024113.1714.901.zip.p7m -inform der -binary -out FO.EE101944340.2024113.1714.901.zip -CAfile CAEntrate.pem
unzip FO.EE101944340.2024113.1714.901.zip