Lệnh này dùng để ký số tệp XML với CKS từ certificate X509.
Để kiểm tra tài liệu đã ký. Ta có thể dùng lệnh SPC.Crypto.Commands.VerifyXml.
Sơ đồ nguyên tắc ký số cho tệp dữ liệu
SPC.Crypto.Commands.SignXmlFile?$SigningId=SigningData&$SignatureElement=DSCKS/NBan
Thành phần trong tài liệu XML, nơi chứa CKS sau khi ký. Nếu không chỉ định, CKS sẽ được thêm vào cuối tài liệu.
Hãy xem ví dụ tệp xml được ký số như bên dưới
<?xml version="1.0" encoding="UTF-8"?>
<HDon>
<DLHDon Id="SigningData">
<TTChung>
<PBan>1.0.0</PBan>
<THDon>Hóa đơn giá trị gia tăng</THDon>
<KHMSHDon>BOOK6</KHMSHDon>
<KHHDon>SER6</KHHDon>
<SHDon>0000062</SHDon>
<TDLap>2021-04-27</TDLap>
<DVTTe>VND</DVTTe>
<TGia>1</TGia>
</TTChung>
<NDHDon>
<NBan>
<Ten>Cty CP CN San Phú</Ten>
<MST>TEST0303430876</MST>
<DChi>67 Mai Chí Thọ.</DChi>
</NBan>
<NMua>
<Ten>Cty ABC</Ten>
<MST>0303430876</MST>
<DChi>67 Mai Chi Tho</DChi>
</NMua>
<DSHHDVu>
<HHDVu>
<TChat>1</TChat>
<STT>1</STT>
<Ten>01-1AIE11Z. Academic IELTS Extra Assignmen</Ten>
<DVTinh />
<SLuong>1.00000</SLuong>
<DGia>111111.0000</DGia>
<TLCKhau>0</TLCKhau>
<STCKhau>0</STCKhau>
<ThTien>111111.00</ThTien>
<TSuat>10</TSuat>
<TThue>11111</TThue>
<ThTCThue>122222</ThTCThue>
</HHDVu>
</DSHHDVu>
<TToan>
<THTTLTSuat>
<LTSuat>
<TSuat>0%</TSuat>
<TThue>0</TThue>
<ThTien>0</ThTien>
</LTSuat>
<LTSuat>
<TSuat>5%</TSuat>
<TThue>0</TThue>
<ThTien>0</ThTien>
</LTSuat>
<LTSuat>
<TSuat>10%</TSuat>
<TThue>11111</TThue>
<ThTien>122222</ThTien>
</LTSuat>
</THTTLTSuat>
<TgTCThue>111111.00</TgTCThue>
<TgTThue>11111.00</TgTThue>
<DSLPhi />
<TTCKTMai>0</TTCKTMai>
<TgTTTBSo>122222.00</TgTTTBSo>
<TgTTTBChu>Một trăm hai mươi hai nghìn, hai trăm hai mươi hai đồng chẵn</TgTTTBChu>
</TToan>
</NDHDon>
<SignDate>2021-04-27</SignDate>
</DLHDon>
<MCCQT />
<DSCKS>
<NBan>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#SigningData">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>vDnRLvIxgIQ6/Ua9HoRXCIhKmXGUrgS9NXPr1OeOsHE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>h06EEh1OeWf0ikRHhDBKRpy3vvKAlP0aFNeSundCsB3vW0/YqiWQBpc84+ihFISc3n5yRAzPTNv+vTsNV6I27T1wPOUwHBa7ies4QTNK2ih1kmhkFBFnMxiPaQvG7L7JWmA3gtBEsFimYMeJYnHsjayQr7cVtCoZYgxRjEgCDvwpaw1MEB2oiBUJcBPmV8W9tOcNY/tTzWQTpvh/t1H0t2ZDO+Yp9ujg9ayDogWBgQCcp95EkpcIFVmxb3NTG73aLQwcLxQ3/IoNGPsE5/s62pk7DhWra5cuXcSXCw5ScbBFRR/DhF8sdMkv3QN+EMXPmnRwEa3lryalrYy1gmRA1g==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIFKDCCBBCgAwIBAgIQDiyqbO3XncxhqUPqvC7sbDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTE4MDcyNDAwMDAwMFoXDTIxMDcyODEyMDAwMFowZTELMAkGA1UEBhMCVk4xFDASBgNVBAcTC0hvIENoaSBNaW5oMR8wHQYDVQQKExZTQU4gUEhVIFRFQ0hOT0xPR1kgSlNDMR8wHQYDVQQDExZTQU4gUEhVIFRFQ0hOT0xPR1kgSlNDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIZC785enJT1oHyvxOh1RIyIE0o/sg3lz/87DC9iXcpl3R6kBfGgQHsmfMKdc1W5dUYX19EpT8pTvl2ks4TTPYhwVU+vDigXXbjMYyNRAQkuE8MNNsl+ZuMxwev8nQIAlK3te5i1Vnp5LwQeN2kVflCmkSXgwuXQVc1+U7hoQ3k7XqhANx4+mc7yeuWSROYlg26cuoGdxS33f6IRy9S3G5JzUcnIvu2j+F1hhdC4GaPiNAZBU1lrzvj9tRm649P+wB3J50DNRn5rPBQ1wpyaBK1WNy4ibMt9frH4SIh2QdUC4L5Qwx8BRid3r7jRnlFQ3Ru41wRuZGOpW0032sq/LwIDAQABo4IBxTCCAcEwHwYDVR0jBBgwFoAUWsS5eyoKo6XqcQPAYPkt9mV1DlgwHQYDVR0OBBYEFOMDaEx0YAJZwiQbDd0EKjai+d4FMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLWNzLWcxLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBBAEwgYQGCCsGAQUFBwEBBHgwdjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME4GCCsGAQUFBzAChkJodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJlZElEQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEA9yOCQxYthgkSDt5DL6eA2KsbZ2jOt0UBlpFoSch2Pe9PbeqMiuYma1gZ7+rFu6zfa0jygpndAmTjXhiFCvH+dDYcF2Iv7FdOC1DSGrLUOttMkFskCaXItvE9LpvRa77kJbEctCNNq3bcOUG7XS2J0b/GbsdEskdRJf6brushLu6CdTdH2+LVUVgFMOb1/o8WQK9nVQmzCLflQtIBL7z6MeF4tQp3FbQNWZcNmgn2BlPP5+MPUFz0BRT6ebtAiC6JXlOe8iCkyraWVNor4PO1fxEdmv+AeulR82C0ek8cfprE3MNedP5MGpCEdvQK1Lz5komIykyT8KIXA+4VNPMO/w==</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wIZC785enJT1oHyvxOh1RIyIE0o/sg3lz/87DC9iXcpl3R6kBfGgQHsmfMKdc1W5dUYX19EpT8pTvl2ks4TTPYhwVU+vDigXXbjMYyNRAQkuE8MNNsl+ZuMxwev8nQIAlK3te5i1Vnp5LwQeN2kVflCmkSXgwuXQVc1+U7hoQ3k7XqhANx4+mc7yeuWSROYlg26cuoGdxS33f6IRy9S3G5JzUcnIvu2j+F1hhdC4GaPiNAZBU1lrzvj9tRm649P+wB3J50DNRn5rPBQ1wpyaBK1WNy4ibMt9frH4SIh2QdUC4L5Qwx8BRid3r7jRnlFQ3Ru41wRuZGOpW0032sq/Lw==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</NBan>
<NMua />
</DSCKS>
</HDon>
Trong ví dụ trên khi ký hóa đơn ta chỉ ký phần của thẻ có id là SigningData. Sau khi ký, bất kỳ thay đổi nào của thẻ này sẽ làm Chữ ký số mất giá trị.
<DLHDon Id="SigningData">
...
</DLHDon>
Certificate của người ký (khóa công khai) được đính kèm vào nội dung dữ liệu ở thẻ
<KeyInfo>
<X509Data>
<X509Certificate>MIIFKDCCBBCgAwIBAgIQDiyqbO3XncxhqUPqvC7sbDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTE4MDcyNDAwMDAwMFoXDTIxMDcyODEyMDAwMFowZTELMAkGA1UEBhMCVk4xFDASBgNVBAcTC0hvIENoaSBNaW5oMR8wHQYDVQQKExZTQU4gUEhVIFRFQ0hOT0xPR1kgSlNDMR8wHQYDVQQDExZTQU4gUEhVIFRFQ0hOT0xPR1kgSlNDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIZC785enJT1oHyvxOh1RIyIE0o/sg3lz/87DC9iXcpl3R6kBfGgQHsmfMKdc1W5dUYX19EpT8pTvl2ks4TTPYhwVU+vDigXXbjMYyNRAQkuE8MNNsl+ZuMxwev8nQIAlK3te5i1Vnp5LwQeN2kVflCmkSXgwuXQVc1+U7hoQ3k7XqhANx4+mc7yeuWSROYlg26cuoGdxS33f6IRy9S3G5JzUcnIvu2j+F1hhdC4GaPiNAZBU1lrzvj9tRm649P+wB3J50DNRn5rPBQ1wpyaBK1WNy4ibMt9frH4SIh2QdUC4L5Qwx8BRid3r7jRnlFQ3Ru41wRuZGOpW0032sq/LwIDAQABo4IBxTCCAcEwHwYDVR0jBBgwFoAUWsS5eyoKo6XqcQPAYPkt9mV1DlgwHQYDVR0OBBYEFOMDaEx0YAJZwiQbDd0EKjai+d4FMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLWNzLWcxLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBBAEwgYQGCCsGAQUFBwEBBHgwdjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME4GCCsGAQUFBzAChkJodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJlZElEQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEA9yOCQxYthgkSDt5DL6eA2KsbZ2jOt0UBlpFoSch2Pe9PbeqMiuYma1gZ7+rFu6zfa0jygpndAmTjXhiFCvH+dDYcF2Iv7FdOC1DSGrLUOttMkFskCaXItvE9LpvRa77kJbEctCNNq3bcOUG7XS2J0b/GbsdEskdRJf6brushLu6CdTdH2+LVUVgFMOb1/o8WQK9nVQmzCLflQtIBL7z6MeF4tQp3FbQNWZcNmgn2BlPP5+MPUFz0BRT6ebtAiC6JXlOe8iCkyraWVNor4PO1fxEdmv+AeulR82C0ek8cfprE3MNedP5MGpCEdvQK1Lz5komIykyT8KIXA+4VNPMO/w==</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wIZC785enJT1oHyvxOh1RIyIE0o/sg3lz/87DC9iXcpl3R6kBfGgQHsmfMKdc1W5dUYX19EpT8pTvl2ks4TTPYhwVU+vDigXXbjMYyNRAQkuE8MNNsl+ZuMxwev8nQIAlK3te5i1Vnp5LwQeN2kVflCmkSXgwuXQVc1+U7hoQ3k7XqhANx4+mc7yeuWSROYlg26cuoGdxS33f6IRy9S3G5JzUcnIvu2j+F1hhdC4GaPiNAZBU1lrzvj9tRm649P+wB3J50DNRn5rPBQ1wpyaBK1WNy4ibMt9frH4SIh2QdUC4L5Qwx8BRid3r7jRnlFQ3Ru41wRuZGOpW0032sq/Lw==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
Tạo bởi nội dung ký và khóa bí mật (private key) của Certificate:
<SignatureValue>h06EEh1OeWf0ikRHhDBKRpy3vvKAlP0aFNeSundCsB3vW0/YqiWQBpc84+ihFISc3n5yRAzPTNv+vTsNV6I27T1wPOUwHBa7ies4QTNK2ih1kmhkFBFnMxiPaQvG7L7JWmA3gtBEsFimYMeJYnHsjayQr7cVtCoZYgxRjEgCDvwpaw1MEB2oiBUJcBPmV8W9tOcNY/tTzWQTpvh/t1H0t2ZDO+Yp9ujg9ayDogWBgQCcp95EkpcIFVmxb3NTG73aLQwcLxQ3/IoNGPsE5/s62pk7DhWra5cuXcSXCw5ScbBFRR/DhF8sdMkv3QN+EMXPmnRwEa3lryalrYy1gmRA1g==</SignatureValue>
Ở quá trình kiểm tra nội dung ký sẽ được hash và so sánh với kết quả giải mã kết hợp khóa công khai ở thẻ KeyInfo và SignatureValue bên trên.
Nếu trùng nhau thì dữ liệu là toàn vẹn và không thay đổi gì từ thời điểm ký. Điều này chứng minh :
Updated on : 2021-07-10 06:53:52. by : . at T470-01.
Topic : . spc.crypto.commands.signxmlfile