Dear friends,
Thank you for reading this post.
Please download files here:
http://www.idanfe.com/dl/files.zip
This is my problem:
I have to sign a file like my teste1.txt
One sample signed file is example.txt
I am also including a private key I generated called private.pem, and its public key: public.pem
Please notice at the end of the example.txt file the string:
EAD4D714CF40A31A2AE3A26A5295082089EC554B51A4B307F044AC84BEC9A34223A11A3B64BE4DB4DE7DDBFF06D3394499A6 A55C74D0AB24343589FCDE9CB0AC989AE451B2C15AFF7689368A16499C67DC9076A69DACCA38A73B4EDCA3ACA15AD06800EE 74CCEB36864C408C0CAB46593774F1979A8345B4327A55C19D1C4D4EEBD
Please notice that the "EAD" is present in all files and is not part of the signature, I have to place the signature as "EAD" + signature.
These are the instructions I have from the standart written by the brazilian taxing department:
---- begins Google translation ----
TECHNICAL DATA FOR THE GENERATION OF DIGITAL SIGNATURE
The digital signature should be generated by the following:
1 - apply the MD5 one-way function only once in the entire file, except for the EAD record. The result is a code of 128 bits or 16 ASCII characters, corresponding to a 32-digit hexadecimal numbers. Should be used in the calculations the hexadecimal number, considering it as a single block;
2 - create a private key of 1024 bits, equivalent to a 256-digit hexadecimal number, known only to the company developing the PAF-ECF;
3 - encrypt the hexadecimal code generated as provided in item 1, using the key referred to in item 2, the RSA public key algorithm;
---- ends google translation -----
(ITEM 1)
I think I have been able to generate item 1 by submitting to shell the following command:
md5 teste1.txt
And as a result I have:
867af78828b9dfdc8cfc52211571399e
I have a GUI tool given to me running under windows to do the job, and it results in:
867AF78828B9DFDC8CFC52211571399E
So, I guess I am correct on item number 1.
(ITEM 2)
I ran this command on shell:
openssl rsa -in private.pem -modulus -out modulo.txt
It resulted me the string:
A01386F3AB113FABC633EE9E95B0E4B5BB1057D3AEFCE7CF859D03FA9B356B902550A6BDFBBA55480CBA99D0C487CE4B7421 4757BBBD596D5B8F41E84E158C110150F42F107FBECFB774F6A8FDF853DE70516BC088F551B020AB9B921A270D8038AB7722 7545FBC28331906FBAEEDD2CC1848455524D874762ABD90128BD60E3
So I think, I have done step 2 so far...
(ITEM 3)
I simply am stuck here, don't know what to do now.
I have a tool running under windows that when I submit my private key and teste1.txt to it, and gives me:
953F2F56387ACBF724A7D6BF565A4FAA274214CBC70190330FD9FED7F65474306A3356E6129444A0971DA561282BC1786FFC 0C968EBB4411053A3265EC6C1A683CDD0D4BD21862A4DB29D4F2B7F628BAC0354F9B04174952287E51CA48993DB3C1292310 AEF0419FD55162B41145A3F77ACFD0FC889E778E0A1A21A661C3786E
Can someone be so kind to help me with this?
How can I obtain the same string using openssl?
I understand I have to use the md5 result from teste1.txt and the modulus result, but have no idea on what command to send to shell.
Thank you for reading this,