[xmlsec] RES: RES: RES: Trying to check sign

Thu Jun 7 13:49:57 PDT 2012

You can specify the trusted certificate to xmlsec with --trusted
option. But you must make sure that the "trusted" cert is indeed
in the chain from the certificate you used for signature.

Aleksey

On 6/7/12 12:53 PM, Renato Tegon Forti wrote:
> Thanks for response.
> 
> Only one doubt: this mean that I don't have this  "trusted" certificate
> installed in my machine (that I run xmlsec1 tool), this is a root cert?
> I am reading "Secure XML" from Donald E. , but all it is new to me (than
> very complex)
> 
> Thanks for help!
> 
> -----Mensagem original-----
> De: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Enviada em: quinta-feira, 7 de junho de 2012 16:43
> Para: Renato Tegon Forti
> Cc: xmlsec at aleksey.com
> Assunto: Re: RES: [xmlsec] RES: Trying to check sign
> 
> You might want to find a good book on cryptography.
> 
> Shortly, the certificate verification is based on the verification of the
> previous certificate in the chain until one finds a "trusted"
> certificate. The errors you are getting indicate that xmlsec/openssl can not
> build the certificate chain and find a "trusted" cert.
> 
> 
> Aleksey
> 
> On 6/7/12 12:29 PM, Renato Tegon Forti wrote:
>> Hi Aleksey,
>>
>> Thanks for your help! Really thanks a lot! If you have time to help-me 
>> again!
>>
>> I am a really confusing, I am trying understand what I need to check 
>> if one signature is valid using your xmlsec1 tool, and then implement 
>> this on C code!
>>
>> My signed document has these properties (mt.xml):
>>
>> Transform Algorithm: Enveloped
>> Algorithm: xmldsig#sha1
>>
>> I'd try a lot of things, but all of it return me: "err=20;msg=unable 
>> to get local issuer certificate"
>>
>> For sampe:
>>
>> I try this: 
>> xmlsec1 --verify --id-attr:Id infNFe --trusted-der mt.der.cer mt.xml 
>> but "mt.der.cer" is cert that is on : 
>> <KeyInfo><X509Data><X509Certificate>
>>
>> So I thought the problem was the root certificate, because I already 
>> have the certificate of the user in <X509Certificate>, then I tried:
>>
>> xmlsec1 --verify --id-attr:Id infNFe --trusted-der 
>> Autoridade_Certificadora_da_Raiz_Brasileira_v2.der.cer mt.xml Some 
>> error "err=20;msg=unable to get local issuer certificate "
>>
>> Then I tried a variation, only to check result: (--untrusted-der)
>>
>> xmlsec1 --verify --id-attr:Id infNFe --untrusted-der 
>> Autoridade_Certificadora_da_Raiz_Brasileira_v2.der.cer mt.xml the 
>> error change to: err=18;msg=self signed certificate
>>
>> I tried too:
>>
>> xmlsec1 --verify --id-attr:Id infNFe --trusted-der 
>> SERASA_Autoridade_Certificadora_Principal_v2.der.cer mt.xml
>> xmlsec1 --verify --id-attr:Id infNFe --trusted-der 
>> SERASA_Autoridade_Certificadora_Digital_v2.der.cer mt.xml
>>
>> Some error "err=20;msg=unable to get local issuer certificate "
>>
>> Reading a book I understood that to verifying an XML Signature:
>>
>> 1.
>> Verify the signature of the <SignedInfo> element. -> To do so, 
>> recalculate the digest of the <SignedInfo> element (using the digest 
>> algorithm specified in the <SignatureMethod> element) and use the 
>> public verification key to verify that the value of the 
>> <SignatureValue> element is correct for the digest of the <SignedInfo>
> element.
>>
>> The public key (public verification key)  in my case is: 
>> <X509Certificate> OK?
>>
>> 2.
>> If this step passes, recalculate the digests of the references 
>> contained within the <SignedInfo> element and compare them to the 
>> digest values expressed in each <Reference> element's corresponding
> <DigestValue> element.
>>
>>
>> Please see attached files! (meta.zip)
>>  -> mt.xml [file that I want check signature]
>> -> chain.png [cert chains]
>> -> Autoridade_Certificadora_da_Raiz_Brasileira_v2.der.cer [root cert 
>> -> in der
>> format]
>> -> SERASA_Autoridade_Certificadora_Principal_v2.der.cer ->
>> SERASA_Autoridade_Certificadora_Digital_v2.der.cer -> mt.der.cer [all 
>> other certs in chain ]
>>
>> What am I doing wrong? What I misunderstood?
>> Thanks a lot!
>>
>>
>>
>> -----Mensagem original-----
>> De: Aleksey Sanin [mailto:aleksey at aleksey.com] Enviada em: 
>> quarta-feira, 6 de junho de 2012 16:15
>> Para: Renato Tegon Forti
>> Cc: xmlsec at aleksey.com
>> Assunto: Re: [xmlsec] RES: Trying to check sign
>>
>> It's not on the website but it is in the examples folder.
>>
>> Aleksey
>>
>> On 6/6/12 4:42 AM, Renato Tegon Forti wrote:
>>>>> This means that xmlsec (or to be precise, openssl) needs to verify 
>>>>> the
>>> certificate and it can't find the next certificate in the chain.
>>>
>>> Thanks for answer. 
>>>
>>> One more question: what is the example
>>> (http://www.aleksey.com/xmlsec/api/xmlsec-examples.html) that 
>>> implement "Online XML Digital Signature Verifer"?
>>> I want study code implementation of it!
>>>
>>> Thanks
>>>
>>> -----Mensagem original-----
>>> De: Aleksey Sanin [mailto:aleksey at aleksey.com] Enviada em: 
>>> terça-feira, 5 de junho de 2012 23:51
>>> Para: Renato Tegon Forti
>>> Cc: xmlsec at aleksey.com
>>> Assunto: Re: [xmlsec] Trying to check sign
>>>
>>> This means that xmlsec (or to be precise, openssl) needs to verify 
>>> the certificate and it can't find the next certificate in the chain.
>>>
>>> Aleksey
>>>
>>> On 6/5/12 1:58 PM, Renato Tegon Forti wrote:
>>>> Hi,
>>>>
>>>>  
>>>>
>>>> I have one file that I want check sig (using KEYINFO node), I know 
>>>> that the signature is valid, but tool returns me:
>>>>
>>>>  
>>>>
>>>> I use DTD, see xml below, please!
>>>>
>>>>  
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --------------------------
>>>>
>>>>  
>>>>
>>>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-s
>>>> t o re:subj=X509_verify_cert:error=4:crypto
>>>> library function failed:subj=/C=BR/O=ICP-Brasil/OU=ID - 
>>>> 1083312/OU=Autenticado por Certisign Certificadora 
>>>> Digital/OU=Assinatura Tipo A1/OU=(EM BRANCO)/OU=(EM 
>>>> BRANCO)/CN=MEDIATECH INFORMATICA 
>>>> LTDA/emailAddress=contato at tecnomidia.com.br;err=20;msg=unable
>>>> <mailto:LTDA/emailAddress=contato at tecnomidia.com.br;err=20;msg=unabl
>>>> e
>>>>>
>>>> to get local issuer certificate
>>>>
>>>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-s
>>>> t
>>>> o
>>>> re:subj=unknown:error=71:certificate
>>>> verification failed:err=20;msg=unable to get local issuer 
>>>> certificate
>>>>
>>>> func=xmlSecOpenSSLEvpSignatureVerify:file=signatures.c:line=346:obj=
>>>> r s a-sha1:subj=EVP_VerifyFinal:error=18:data
>>>> do not match:signature do not match
>>>>
>>>> RESULT: Signature is INVALID
>>>>
>>>> ---------------------------------------------------
>>>>
>>>> = VERIFICATION CONTEXT
>>>>
>>>> == Status: invalid
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == Key Info Read Ctx:
>>>>
>>>> = KEY INFO READ CONTEXT
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled key data: all
>>>>
>>>> == RetrievalMethod level (cur/max): 0/1
>>>>
>>>> == TRANSFORMS CTX (status=0)
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled transforms: all
>>>>
>>>> === uri: NULL
>>>>
>>>> === uri xpointer expr: NULL
>>>>
>>>> == EncryptedKey level (cur/max): 0/1
>>>>
>>>> === KeyReq:
>>>>
>>>> ==== keyId: rsa
>>>>
>>>> ==== keyType: 0x00000001
>>>>
>>>> ==== keyUsage: 0x00000002
>>>>
>>>> ==== keyBitsSize: 0
>>>>
>>>> === list size: 0
>>>>
>>>> == Key Info Write Ctx:
>>>>
>>>> = KEY INFO WRITE CONTEXT
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled key data: all
>>>>
>>>> == RetrievalMethod level (cur/max): 0/1
>>>>
>>>> == TRANSFORMS CTX (status=0)
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled transforms: all
>>>>
>>>> === uri: NULL
>>>>
>>>> === uri xpointer expr: NULL
>>>>
>>>> == EncryptedKey level (cur/max): 0/1
>>>>
>>>> === KeyReq:
>>>>
>>>> ==== keyId: NULL
>>>>
>>>> ==== keyType: 0x00000001
>>>>
>>>> ==== keyUsage: 0xffffffff
>>>>
>>>> ==== keyBitsSize: 0
>>>>
>>>> === list size: 0
>>>>
>>>> == Signature Transform Ctx:
>>>>
>>>> == TRANSFORMS CTX (status=2)
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled transforms: all
>>>>
>>>> === uri: NULL
>>>>
>>>> === uri xpointer expr: NULL
>>>>
>>>> === Transform: c14n
>>>> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>>>>
>>>> === Transform: rsa-sha1
>>>> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>>>>
>>>> === Transform: membuf-transform (href=NULL)
>>>>
>>>> == Signature Method:
>>>>
>>>> === Transform: rsa-sha1
>>>> (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>>>>
>>>> == Signature Key:
>>>>
>>>> == KEY
>>>>
>>>> === method: RSAKeyValue
>>>>
>>>> === key type: Private
>>>>
>>>> === key name: test-rsa
>>>>
>>>> === key usage: -1
>>>>
>>>> === rsa key: size = 1024
>>>>
>>>> == SignedInfo References List:
>>>>
>>>> === list size: 1
>>>>
>>>> = REFERENCE VERIFICATION CONTEXT
>>>>
>>>> == Status: succeeded
>>>>
>>>> == URI: "#NFe35101003593968000167550030000101640000000003"
>>>>
>>>> == Reference Transform Ctx:
>>>>
>>>> == TRANSFORMS CTX (status=2)
>>>>
>>>> == flags: 0x00000000
>>>>
>>>> == flags2: 0x00000000
>>>>
>>>> == enabled transforms: all
>>>>
>>>> === uri:
>>>>
>>>> === uri xpointer expr: 
>>>> #NFe35101003593968000167550030000101640000000003
>>>>
>>>> === Transform: xpointer
>>>> (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
>>>>
>>>> === Transform: enveloped-signature
>>>> (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
>>>>
>>>> === Transform: c14n
>>>> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>>>>
>>>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>>
>>>> === Transform: membuf-transform (href=NULL)
>>>>
>>>> == Digest Method:
>>>>
>>>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>>
>>>> == Manifest References List:
>>>>
>>>> === list size: 0
>>>>
>>>>  
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --------------------------
>>>>
>>>>  
>>>>
>>>> Anyone can help-me to understand what I make wrong!
>>>>
>>>> What this exactly can mean: “unable to get local issuer certificate”
>>>>
>>>>  
>>>>
>>>> This is my xml file ( the DTD is correct?):
>>>>
>>>>  
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --------------------------
>>>>
>>>>  
>>>>
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>
>>>> <!DOCTYPE test [
>>>>
>>>> <!ATTLIST infNFe Id ID #IMPLIED>
>>>>
>>>> ]>
>>>>
>>>> <nfeProc xmlns="http://www.portalfiscal.inf.br/nfe" versao="1.10">
>>>>
>>>> <NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> Id="NFe35101003593968000167550030000101640000000003"
>>>> versao="1.10"><ide><cUF>35</cUF><cNF>000000000</cNF><natOp>VENDA 
>>>> MERC C/ PGTO ST C/ 
>>>> SUBSTITUIDO</natOp><indPag>1</indPag><mod>55</mod><serie>3</serie><n
>>>> N
>>>> F
>>>>> 10164</nNF><dEmi>2010-10-20</dEmi><dSaiEnt>2010-10-20</dSaiEnt><tpN
>>>>> F
>>>>>>
>>>> 1</tpNF><cMunFG>3550308</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><c
>>>> D
>>>> V
>>>>> 3</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verPr
>>>>> o
>>>>> c
>>>>> 1.4.0</verProc></ide><emit><CNPJ>03593968000167</CNPJ><xNome>Mediat
>>>>> e
>>>>> c
>>>> h Informatica LTDA</xNome><xFant>Mediatech Informatica 
>>>> LTDA</xFant><enderEmit><xLgr>CORREIA DE 
>>>> MELO</xLgr><nro>085</nro><xBairro>BOM
>>>> RETIRO</xBairro><cMun>3550308</cMun><xMun>SAO
>>>> PAULO</xMun><UF>SP</UF><CEP>01123020</CEP><cPais>1058</cPais><xPais>
>>>> B
>>>> R
>>>> ASIL</xPais><fone>1133521199</fone></enderEmit><IE>115633812110</IE>
>>>> <
>>>> /
>>>> emit><dest><CNPJ>11253910000100</CNPJ><xNome>AYSSO
>>>> SYSTEMS LTDA EPP</xNome><enderDest><xLgr>RUA DOZE DE 
>>>> NOVEMBRO</xLgr><nro>180</nro><xCpl>APT
>>>> 183</xCpl><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICA
>>>> N
>>>> A
>>>> </xMun><UF>SP</UF><CEP>13465490</CEP><cPais>1058</cPais><xPais>BRASI
>>>> L < /xPais><fone>1936459994</fone></enderDest><IE/></dest><det
>>>> nItem="1"><prod><cProd>1160900000000001720000</cProd><cEAN/><xProd>M
>>>> I
>>>> D
>>>> IA
>>>> DIGITAL
>>>> CD/DVD</xProd><NCM>85234011</NCM><CFOP>5405</CFOP><uCom>PC.</uCom><q
>>>> C
>>>> o
>>>> m>100.0000</qCom><vUnCom>2.1500</vUnCom><vProd>215.00</vProd><cEANTr
>>>> m>i
>>>> m>b
>>>> /><uTrib>PC.</uTrib><qTrib>100.0000</qTrib><vUnTrib>2.1500</vUnTrib>
>>>> <
>>>> v
>>>> Frete>20.00</vFrete></prod><imposto><ICMS><ICMS60><orig>0</orig><CST
>>>> Frete>>
>>>> Frete>6
>>>> 0</CST><vBCST>215.00</vBCST><vICMSST>0.00</vICMSST></ICMS60></ICMS><
>>>> I
>>>> P
>>>> I><cEnq>999</cEnq><IPINT><CST>53</CST></IPINT></IPI><PIS><PISAliq><C
>>>> I>S
>>>> I>T
>>>>> 01</CST><vBC>215.00</vBC><pPIS>0.65</pPIS><vPIS>1.40</vPIS></PISAli
>>>>> q
>>>>>>
>>>> </PIS><COFINS><COFINSAliq><CST>01</CST><vBC>215.00</vBC><pCOFINS>3.0
>>>> 0
>>>> <
>>>> /pCOFINS><vCOFINS>6.45</vCOFINS></COFINSAliq></COFINS></imposto></de
>>>> t
>>>>>
>>>> <total><ICMSTot><vBC>20.00</vBC><vICMS>0.00</vICMS><vBCST>0.00</vBCS
>>>> T
>>>>>
>>>> <vST>0.00</vST><vProd>215.00</vProd><vFrete>20.00</vFrete><vSeg>0.00
>>>> <
>>>> /
>>>> vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>1.40</
>>>> vSeg>v
>>>> vSeg>P
>>>> IS><vCOFINS>6.45</vCOFINS><vOutro>0.00</vOutro><vNF>235.00</vNF></IC
>>>> IS>M
>>>> IS>S
>>>> Tot></total><transp><modFrete>0</modFrete><transporta><CNPJ>07281886
>>>> Tot>0
>>>> Tot>0
>>>> 0138</CNPJ><xNom
>>>  e
>>>> Correio
>>>> - Sedex</xNome><IE>ISENTO</IE><xEnder>Rua Correia de Melo, 
>>>> 111</xEnder><xMun>Sao
>>>>
>>> Paulo</xMun><UF>SP</UF></transporta><vol><qVol>1</qVol><esp>CX.</esp>
>>> <
>>> pesoL> 
>>> 1.000</pesoL><pesoB>1.000</pesoB></vol></transp><cobr><fat><nFat>1016
>>> 4
>>> </nFat
>>>> <vOrig>235.00</vOrig><vLiq>235.00</vLiq></fat><dup><nDup>001</nDup><
>>>> d
>>>> Venc>2
>>>
> 010-10-20</dVenc><vDup>235.00</vDup></dup></cobr><infAdic><infCpl>Pedidos:
>>>> 48033</infCpl></infAdic></infNFe><Signature
>>>>
>>>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><Canonicaliza
>>>> t
>>>> io
>>>> nMethod
>>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><Signat
>>>> u
>>>> re
>>>> Method
>>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
>>>>
>>>> URI="#NFe35101003593968000167550030000101640000000003"><Transforms><
>>>> T
>>>> ra
>>>> nsform
>>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><
>>>> T
>>>> ra
>>>> nsform
>>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Trans
>>>> f
>>>> or
>>>> ms><DigestMethod
>>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vj4
>>>> p
>>>> 6F
>>>> tqkZen6fsHlcyag8R2hF0=</DigestValue></Reference></SignedInfo><Signat
>>>> u
>>>> re
>>>> Value>Jymbikn/5F8aUYQA6CaZmLYY9plO4KNfyu/M4TZP5l+3fy/pjwpkIsaeV1LXXy
>>>> Value>o
>>>> Value>7n
>>>> WLdpvruhCXy
>>>>
>>>> ID2ptAjzIWOJ/vp1YW94e0Yy7yfBijQNkew+FI1G7GKKt7T/UUIPRrXqWwo7EA8ZpCYS
>>>> o
>>>> W
>>>> ktWqHZ
>>>>
>>>> iU7j7iJone1nLdNJNjY=</SignatureValue><KeyInfo><X509Data><X509Certifi
>>>> c
>>>> a
>>>> te>MIIGuzCCBaOgAwIBAgIQCbCeZ64fHJPeNqAkc06I8TANBgkqhkiG9w0BAQUFADB0M
>>>> te>Q
>>>> te>s
>>>> wCQYDVQQG
>>>>
>>>> EwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEtMCsGA1UECxMkQ2VydGlzaWduIENlcnRp
>>>> Z
>>>> m
>>>> ljYWRv
>>>>
>>>> cmEgRGlnaXRhbCBTLkEuMSEwHwYDVQQDExhBQyBDZXJ0aXNpZ24gTXVsdGlwbGEgRzMw
>>>> H
>>>> h
>>>> cNMTAw
>>>>
>>>> NzI5MDAwMDAwWhcNMTEwNzI4MjM1OTU5WjCCAQsxCzAJBgNVBAYTAkJSMRMwEQYDVQQK
>>>> F
>>>> A
>>>> pJQ1At
>>>>
>>>> QnJhc2lsMRUwEwYDVQQLFAxJRCAtIDEwODMzMTIxODA2BgNVBAsUL0F1dGVudGljYWRv
>>>> I
>>>> H
>>>> BvciBD
>>>>
>>>> ZXJ0aXNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFsMRswGQYDVQQLFBJBc3NpbmF0dXJh
>>>> I
>>>> F
>>>> RpcG8g
>>>>
>>>> QTExFDASBgNVBAsUCyhFTSBCUkFOQ08pMRQwEgYDVQQLFAsoRU0gQlJBTkNPKTEjMCEG
>>>> A
>>>> 1
>>>> UEAxMa
>>>>
>>>> TUVESUFURUNIIElORk9STUFUSUNBIExUREExKDAmBgkqhkiG9w0BCQEWGWNvbnRhdG9A
>>>> d
>>>> G
>>>> Vjbm9t
>>>>
>>>> aWRpYS5jb20uYnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8txkPNL6gjEjSW
>>>> 4
>>>> T
>>>> umyO0w
>>>>
>>>> zBGmxNtCqU9DFNWQD1TWIbXaYduxoxnYEwNXrehla2YDslXUiM45SWvlmjlWoVV9T7F0
>>>> 7
>>>> a
>>>> OGGysP
>>>>
>>>> aNLJW/y3CMq7Qrvsh+h30INqV8WWYXKHlmfLz4eNf8Di4xQvgm+7yxvkGHXXjxkWn6ut
>>>> B
>>>> W
>>>> tJAgMB
>>>>
>>>> AAGjggMyMIIDLjCBrQYDVR0RBIGlMIGioDgGBWBMAQMEoC8ELTE5MDExOTY3MTEyMDk3
>>>> M
>>>> z
>>>> g4MDUw
>>>>
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+g
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+G
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+Q
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+Y
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+F
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+Y
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+E
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+w
>>>> MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMKAXBgVgTAEDAqAOBAxKQUlSIFNaQVBJUk+B
>>>>
>>>> AwOgEAQOMDM1OTM5NjgwMDAxNjegFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgRljb250
>>>> Y
>>>> X
>>>> RvQHRl
>>>>
>>>>
>>>
>>
> Y25vbWlkaWEuY29tLmJyMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUhLBCMzSjQiWlKJc+g+t38OhP
>>>>
>>>> wlQwDgYDVR0PAQH/BAQDAgXgMFUGA1UdIAROMEwwSgYGYEwBAgELMEAwPgYIKwYBBQUH
>>>> A
>>>> g
>>>> EWMmh0
>>>>
>>>> dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vZHBjMIIB
>>>> J
>>>> Q
>>>> YDVR0f
>>>>
>>>> BIIBHDCCARgwXKBaoFiGVmh0dHA6Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIv
>>>> c
>>>> m
>>>> Vwb3Np
>>>>
>>>> dG9yaW8vbGNyL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBX
>>>> h
>>>> l
>>>> VodHRw
>>>>
>>>> Oi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDQ2Vy
>>>> d
>>>> G
>>>> lzaWdu
>>>>
>>>> TXVsdGlwbGFHMy9MYXRlc3RDUkwuY3JsMFugWaBXhlVodHRwOi8vcmVwb3NpdG9yaW8u
>>>> a
>>>> W
>>>> NwYnJh
>>>>
>>>> c2lsLmdvdi5ici9sY3IvQ2VydGlzaWduL0FDQ2VydGlzaWduTXVsdGlwbGFHMy9MYXRl
>>>> c
>>>> 3
>>>> RDUkwu
>>>>
>>>> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCBoAYIKwYBBQUHAQEEgZMw
>>>> g
>>>> Z
>>>> AwKAYI
>>>>
>>>> KwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmNlcnRpc2lnbi5jb20uYnIwZAYIKwYBBQUHMAKG
>>>> W
>>>> G
>>>> h0dHA6
>>>>
>>>> Ly9pY3AtYnJhc2lsLmNlcnRpc2lnbi5jb20uYnIvcmVwb3NpdG9yaW8vY2VydGlmaWNh
>>>> Z
>>>> G
>>>> 9zL0FD
>>>>
>>>> X0NlcnRpc2lnbl9NdWx0aXBsYV9HMy5wN2MwDQYJKoZIhvcNAQEFBQADggEBAGI9MCc6
>>>> W
>>>> V
>>>> mz919C
>>>>
>>>> QLDB8E0R8HxfGyiz2uB14lPBDsueTJmJmlykQdnboMiyMGTocprEGsQxeI7a57BEUDVc
>>>> 0
>>>> f
>>>> SzNCCb
>>>>
>>>> SOnQOp9Uswri8pTw8fQG9OAkh1LCC9haTsNNMKbTHCciO7MUh34XkHuj4A0NIWG1aCyn
>>>> w
>>>> s
>>>> tRFWb8
>>>>
>>>> 97OZJJCc0IRvDs7yDJhgOwPmv3trFmwlfMU7n20pXtM9hKiI8o6h/0GwR6SyA1Yj4fZX
>>>> f
>>>> X
>>>> xVENH4
>>>>
>>>> EjhIHR8Yrmre2JE2I+hFjyQaNPnAEztQEa0Cae2l3O0Q0tkM1x8EkiKFrnDggpc7gSwt
>>>> EjhIHR8Yrmre2JE2I+L
>>>> EjhIHR8Yrmre2JE2I+C
>>>> EjhIHR8Yrmre2JE2I+wrkQBu
>>>>
>>>> jhie131VyDTuXLx9k082PLs=</X509Certificate></X509Data></KeyInfo></Sig
>>>> n
>>>> a
>>>> ture></NFe>
>>>>
>>>>  
>>>>
>>>> <protNFe
>>>> versao="1.10"><infProt><tpAmb>1</tpAmb><verAplic>SP_NFE_PL_005e</ver
>>>> A
>>>> p
>>>> lic><chNFe>35101003593968000167550030000101640000000003</chNFe><dhRe
>>>> lic>c
>>>> lic>b
>>>> to>2010-10-20T17:48:15</dhRecbto><nProt>135100546996360</nProt><digV
>>>> to>a
>>>> to>l
>>>>> vj4p6FtqkZen6fsHlcyag8R2hF0=</digVal><cStat>100</cStat><xMotivo>Aut
>>>>> o
>>>>> r
>>>> izado o uso da NF-e</xMotivo></infProt></protNFe>
>>>>
>>>> </nfeProc>
>>>>
>>>>  
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --------------------------
>>>>
>>>>  
>>>>
>>>> Thanks a lot
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
> 