FirmaSAT | Command Line

Using From the Command Line

Syntax:

FirmaSAT ACTION [OPTIONS] [-o outfile] [-i] infile

For help on the available actions type

FirmaSAT HELP

> FirmaSAT HELP
Usage: FirmaSAT ACTION [OPTIONS] [-o outfile] [-i] infile
ACTION (one of):
 ASCIIFY        = replace non-ASCII characters with XML character references.
 ATTRIBUTE      = extract a given attribute from XML file.
 CERTSTRING     = get the certificate data as a base64 string.
 EXTRACTDIGEST  = extract the digest from the signature.
 FORMDIGEST     = form the digest of the pipestring.
 GETKEYSTRING   = get the private key as a base64 string.
 HELP           = display this help.
 HELP-OPTIONS   = display help for options.
 INSERTCERT     = insert certificate details into XML file.
 KEYCHECK       = check that key matches certificate.
 LIBINFO        = display DLL library details.
 MAKESIG        = make signature from XML file.
 NEWKEY         = save key file with a new password.
 NUMBERCERT     = get the certificate serial number.
 PIPESTRING     = make pipestring (cadena) from XML file.
 QUERYCERT      = query a certificate for a given value (use -q option).
 RECEIPTVERSION = get receipt version number or file ID.
 SIGNXML        = create the signature and set `sello` field in XML file.
 UTF8FIX        = add UTF-8 byte-order mark to a file.
 UUID           = generate a Universally Unique IDentifier (UUID).
 VERIFYSIG      = verify the signature in XML file.
 WRITEPFX       = create PFX file from private key and certificate.
 XMLOK          = validate XML file.
For help type ``FirmaSAT HELP [KEYWORD]'' (en espanol ``FirmaSAT AYUDA'')
For options ``FirmaSAT HELP-OPTIONS'' (en espanol ``FirmaSAT AYUDA-OPCIONES'')

For help on the options type

FirmaSAT HELP-OPTIONS

> FirmaSAT HELP-OPTIONS
Usage: FirmaSAT ACTION [OPTIONS] [-o outfile] [-i] infile
OPTIONS:
 -a <attribute-name> required for ATTRIBUTE action
 -b process Big files with SIGNXML/VERIFYSIG/FORMDIGEST/MAKESIG
 -c <certfile>       X.509 certificate for VERIFYSIG/SIGNXML/INSERTCERT
 -d show Debug info; -dd show more
 -e <element-name>   required for ATTRIBUTE action
 -f act on tfd:TimbreFiscalDigital node instead of document root element
 -k <keyfile>        required for SIGNXML/KEYCHECK/MAKESIG/NEWKEY
 -l (letter 'ell')   use Loose XML restrictions with XMLOK (default=strict)
 -m output encrypted private key in peM format with GETKEYSTRING/NEWKEY
 -n <newpassword>    new password for WRITEPFX/NEWKEY
 -p <password>       required for <keyfile>
 -q <query>          required for QUERYCERT where <query> is one of
              {rfc|orgName|notAfter|notBefore|serialNumber|sigAlg|keySize}
 -s <statusfile>     default=none; for stdout use ``-s @''
 -t <tracking-info>  optional info for the status file
 -w display output in Windows console font
 -x eXclude BOM in output file with SIGNXML
 -y output XML using emptY-element tags with SIGNXML
 -1 (number 'one')   encode QUERYCERT/ATTRIBUTE in Latin-1 (default=UTF-8)
For help type ``FirmaSAT HELP [KEYWORD]'' (en espanol ``FirmaSAT AYUDA'')
For options ``FirmaSAT HELP-OPTIONS'' (en espanol ``FirmaSAT AYUDA-OPCIONES'')

To get help on an individual action type ``FirmaSAT HELP <action-name>``. For example

FirmaSAT HELP EXTRACTDIGEST

> FirmaSAT HELP EXTRACTDIGEST
FirmaSAT EXTRACTDIGEST [-c <certfile>] [-f] <xmlfile>
 Extracts the message digest from the signature ('sello') in file <xmlfile>.
 * Use the `-c` option to specify a separate X.509 certificate for the public
   key [default = use embedded certificate]
 * Use the `-f` option to extract the digest from the TFD element, if present.
   Requires `-c <certfile>` of the signer
En espanol: Extractos del resumen del mensaje de la firma ('Sello') en un
   archivo XML.

To see the detailed help on all the actions type

FirmaSAT HELP HELP

Example

> FirmaSAT SIGNXML -s @ -k emisor.key -p 12345678a -c emisor.cer -i cfdv40-base.xml -o cfdv40_new-signed.xml
STATUS: 0
ERRORDESCRIPTION: OK
DATETIMECREATED: Sun Aug 18 18:52:36 2023

This takes an input XML file cfdv40-base.xml together with the signer's X.509 certificate file emisor.cer and private key emisor.key with password "12345678a". The signed XML document is output as cfdv40_new-signed.xml.

The input XML is a CFDi v4.0 document with all fields completed except the "Certificado" and "Sello" attributes. The signed output file has these fields completed.

<cfdi:Comprobante xmlns:cfdi="http://www.sat.gob.mx/cfd/4"
Version="4.0" ...
NoCertificado="30001000000300023708"
Certificado=""
Sello=""
...>

→

<cfdi:Comprobante xmlns:cfdi="http://www.sat.gob.mx/cfd/4"
Version="4.0" ...
NoCertificado="30001000000300023708" 
Certificado="MIIE/TCCA+WgAwIBAgIUMzAwMDEwMDAwMD..." 
Sello="Te/+FS80gNruYgYIWu4WXftCSdvSfGI..."
...>

The user obtained the "NoCertificado" from their X.509 certificate using the "QUERYCERT" action.

> FirmaSAT QUERYCERT -q serialNumber emisor.cer
30001000000300023708

For more details on using the SIGNXML action see Sign XML in the FirmaSAT manual.