Difference between revisions of "SDI Certificates"

From wiki.ferrari.mo.it
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 27: Line 27:
 
This operation needs to be done only 1 time.
 
This operation needs to be done only 1 time.
  
= Sign and crypt a file =
+
= Sign and crypt a file (test) =
  
 
  cp /dir/file.xml .
 
  cp /dir/file.xml .
Line 42: Line 42:
 
   
 
   
 
  mv file.xml.p7m.enc /dir/DatiVersoSdITest/
 
  mv file.xml.p7m.enc /dir/DatiVersoSdITest/
 +
 +
chown sogei:sogei /dir/DatiVersoSdITest/file.xml.p7m.enc
  
 
= Test codes =
 
= Test codes =
Line 60: Line 62:
  
 
- FTPURGT.
 
- FTPURGT.
 +
 +
= Tests =
 +
 +
File FI.EE101944340.2024106.2330.901.xml:
 +
 +
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 +
<ns2:FileQuadraturaFTP xmlns:ns2="http://www.fatturapa.it/sdi/ftp/v2.0" versione="2.0">
 +
    <IdentificativoNodo>EE101944340</IdentificativoNodo>
 +
    <DataOraCreazione>2024-04-15T23:30:00</DataOraCreazione>
 +
    <NomeSupporto>FI.EE101944340.2024106.2330.901.zip</NomeSupporto>
 +
    <NumeroFile>
 +
        <File>
 +
            <Tipo>FA</Tipo>
 +
            <Numero>1</Numero>
 +
        </File>
 +
    </NumeroFile>
 +
</ns2:FileQuadraturaFTP>
 +
 +
If you want to sign the file (for files towards public offices signature is mandatory):
 +
 +
openssl smime -sign -in EE101944340_A0001.xml -outform der -binary -nodetach -out EE101944340_A0001.xml.p7m -signer firma.pem
 +
(insert password)
 +
zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml.p7m
 +
 +
For not-signed files:
 +
 +
zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml
 +
 +
Then:
 +
 +
openssl smime -sign -in FI.EE101944340.2024106.2330.901.zip -outform der -binary -nodetach -out FI.EE101944340.2024106.2330.901.zip.p7m -signer firma.pem
 +
(insert password)
 +
 +
openssl smime -encrypt -in FI.EE101944340.2024106.2330.901.zip.p7m -outform der -binary -aes256 -out FI.EE101944340.2024106.2330.901.zip.p7m.enc sogeiunicocifra.pem
 +
 +
chown sogei:sogei FI.EE101944340.2024106.2330.901.zip.p7m.enc
 +
 +
mv FI.EE101944340.2024106.2330.901.zip.p7m.enc /home/sogei/DatiVersoSdITest/FI.EE101944340.2024106.2330.901.zip
 +
 +
For checks:
 +
 +
https://sdi.fatturapa.gov.it/SdI2FatturaPAWebSpa/AccediAlServizioAction.do?pagina=gestire_canale&l=it
 +
 +
= Decrypt =
 +
 +
openssl smime -decrypt -in FO.EE101944340.2024113.1714.901.zip.p7m.enc -inform der -binary -out FO.EE101944340.2024113.1714.901.zip.p7m -recip cifra.pem
 +
 +
openssl smime -verify -in FO.EE101944340.2024113.1714.901.zip.p7m -inform der -binary -out FO.EE101944340.2024113.1714.901.zip -CAfile CAEntrate.pem
 +
 +
unzip FO.EE101944340.2024113.1714.901.zip

Latest revision as of 17:10, 3 May 2024

Files supplied by SDI[edit]

- PHXAT002.FRRFBA78L29B819H.cifra.p12;

- PHXAT002.FRRFBA78L29B819H.firma.p12;

- CAEntrate.pem;

- sogeiunicocifra.pem;

- Sogei_SdI1.pub;

- Sogei_SdI2.pub.

The first 2 files are protected by a password.

Extracting certificates and keys[edit]

openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.firma.p12 -out firma.pem -legacy
(enter supplied password)
(enter new password, 2 times)

openssl pkcs12 -in PHXAT002.FRRFBA78L29B819H.cifra.p12 -out cifra.pem -legacy
(enter supplied password)
(enter new password, 2 times)

This operation needs to be done only 1 time.

Sign and crypt a file (test)[edit]

cp /dir/file.xml .
(edit and change CodiceDestinatario)

openssl smime -sign -in file.xml -outform der -binary -nodetach -out file.xml.p7m -signer firma.pem
(enter password created before)

openssl smime -encrypt -in file.xml.p7m -outform der -binary -aes256 -out file.xml.p7m.enc sogeiunicocifra.pem

rm file.xml

rm file.xml.p7m

mv file.xml.p7m.enc /dir/DatiVersoSdITest/

chown sogei:sogei /dir/DatiVersoSdITest/file.xml.p7m.enc

Test codes[edit]

PA[edit]

- FTPTGU;

- FTPKEP;

- FTPVGY.

B2B[edit]

- FTPGGSL;

- FTPGXYI;

- FTPURGT.

Tests[edit]

File FI.EE101944340.2024106.2330.901.xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:FileQuadraturaFTP xmlns:ns2="http://www.fatturapa.it/sdi/ftp/v2.0" versione="2.0">
    <IdentificativoNodo>EE101944340</IdentificativoNodo>
    <DataOraCreazione>2024-04-15T23:30:00</DataOraCreazione>
    <NomeSupporto>FI.EE101944340.2024106.2330.901.zip</NomeSupporto>
    <NumeroFile>
        <File>
            <Tipo>FA</Tipo>
            <Numero>1</Numero>
        </File>
    </NumeroFile>
</ns2:FileQuadraturaFTP>

If you want to sign the file (for files towards public offices signature is mandatory):

openssl smime -sign -in EE101944340_A0001.xml -outform der -binary -nodetach -out EE101944340_A0001.xml.p7m -signer firma.pem
(insert password)
zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml.p7m

For not-signed files:

zip FI.EE101944340.2024106.2330.901.zip FI.EE101944340.2024106.2330.901.xml EE101944340_A0001.xml

Then:

openssl smime -sign -in FI.EE101944340.2024106.2330.901.zip -outform der -binary -nodetach -out FI.EE101944340.2024106.2330.901.zip.p7m -signer firma.pem
(insert password)
openssl smime -encrypt -in FI.EE101944340.2024106.2330.901.zip.p7m -outform der -binary -aes256 -out FI.EE101944340.2024106.2330.901.zip.p7m.enc sogeiunicocifra.pem
chown sogei:sogei FI.EE101944340.2024106.2330.901.zip.p7m.enc
mv FI.EE101944340.2024106.2330.901.zip.p7m.enc /home/sogei/DatiVersoSdITest/FI.EE101944340.2024106.2330.901.zip

For checks:

https://sdi.fatturapa.gov.it/SdI2FatturaPAWebSpa/AccediAlServizioAction.do?pagina=gestire_canale&l=it

Decrypt[edit]

openssl smime -decrypt -in FO.EE101944340.2024113.1714.901.zip.p7m.enc -inform der -binary -out FO.EE101944340.2024113.1714.901.zip.p7m -recip cifra.pem
openssl smime -verify -in FO.EE101944340.2024113.1714.901.zip.p7m -inform der -binary -out FO.EE101944340.2024113.1714.901.zip -CAfile CAEntrate.pem
unzip FO.EE101944340.2024113.1714.901.zip