-
Notifications
You must be signed in to change notification settings - Fork 18
Signing not working #16
Comments
Hi, since you've used Taxbird before, do you use an unmodified PFX as provided by Elster Online or do you have a stripped down one? Since Taxbird didn't corretly handle PFX containers with both 1024 and 2048 bit keys it was rather popular to remove the 1024 bit version with Mozilla's certutil... however a stripped PFX already caused problems (issue #14) On the other hand the emitted error message is a bit unspecific. Could you please modify the file chrome/content/js/geierlein.js around line 127. There's a try-catch-construct wrapping a call to signer.setKeyFromPkcs12Der which causes the error. In the catch clause you find the error message you mentioned. Please just add another alert statement like
... then try again and provide the emitted message here. cheers, PS: never mind, I'm quite sure you'll not have to start that very VM :-) |
Here is the message: From what I can tell, there is both a "shrouded bag" and a certificate bag named signaturekey in the pfx file. |
please try editing file chrome/content/lib/geierlein/signer.js at line 68. There you should see the line
rewrite it to
It's a bit strange that your PFX has two bags with the friendlyName Therefore another problem might arise, if your PFX file lacks the local-key-id attributes. But let's see :-) |
Now, upon sending a test transmission, I get the following error message:
|
I'm pretty sure that there's something wrong with the PFX file you have. Please try logging into the Elster Online portal and change your password there. This should result in a completely regenerated PFX container file. |
no reply. |
I've just observed this too. Until now I've always done the UStVA using ELSTER Online, but I'm trying to use the Node.js command line version of geierlein. This time I've done it manually again so there is no time pressure or anything. :-) The PFX certificate file is exactly the one I got from ELSTER. I haven't touched the file, and it has always worked fine with ELSTER's applet. I cloned geierlein from github, then installed
Then I modified
At this point I got the exception from the certificate file not having "exactly one bag named signaturekey", although in quite a strange form:
It seems that the exception is handled by node.js in some wrong way, but I think this in unrelated to the issue at hand. Alright, then I made the modification you described above:
After this, there were no exceptions:
However, there is that error message in the protocol file:
One thing I notice in the protocol XML file is that the TransportSchluessel field has a new-line character in it; should its content be all in one line? |
The document that is sent to the fiscal authorities must be ISO-8859-1 (or 15). However Geierlein internally uses UTF-8, especially regarding the result XML. Exception reporting is a bit strange since Node.js expects a string (i.e. error message) to be thrown. However the Forge library throws objects, that contain the error message (and possibly further information). Hence the [object Object] output ;-) Could you please provide the output of cheers |
|
I'm having the same problem. My pfx file (which I downloaded today) looks similar (two entries each for signaturekey and encryptionkey). |
well, that looks really weird. I've got no recently created official PFX, just those test certificates provided with the specs. I'll do the registration process and hope that I'll get such a certificate as well. Have you tried sending the data without signature as a testcase? Does that work or does the data itself maybe cause problems? |
I've just tried the following:
Now, as long as I use the What if I do a normal transmission (no testcase) without the |
oh dear, the test certificate is hard coded in the Node.js version (bin/geierlein file). Completely forgot about that one :( The authentication process itself is completely decoupled from the tax case itself (as far as I know). That is you should be able to send tax cases for any tax number (e.g. one of a friend) with your certificate. It just makes clear who has sent the tax form, not whether she's permitted to do so. Put short you can use your personal certificate for testcases. The test pfx you've found (pincode 123456 by the way) can be used for testcases but need not be. However it must not be used for real world cases for obvious reasons. Signatures are not yet mandatory (before 01.01.2013), hence you can just leave it away (this year). However fiscal authorities might prompt you whether the data was submitted by you (in case you've once sent a tax case with signature). Concerning the "Signature core validation failed" error, you did change bin/geierlein to point to your PFX before, didn't you? I would have supposed this to happen, since the JavaScript code behind the scenes is almost the same. Could you please try out sending the exact same PS: fiscal authorities don't generate confirmation mails for tax cases submitted with Taxbird/Geierlein, just for Elster Online. The transmission you did (probably) was successful (since you've seen the XHTML document). On error no XHTML is written out. |
argh, am I correct that both your names/addresses contain umlauts? If so, could you please test whether everything works correctly if you replace the umlauts? I've never tested with those but can reproduce that it fails if I arbitrarily add ones. |
It's the umlauts. Sending as test case works with both my certificate and the test one if I remove any non-ASCII characters, and it fails in both cases as soon as there is one such character anywhere ("name", "strasse", or "ort"). My input file is encoded in UTF-8, and has the format of the example |
Ok, thanks for testing this. And yes I'm well aware that I need to modify signer.js The problem with the signature is that it's calculated over the UTF-8 encoded string. The Elster clearing server checks the signature against the Latin-1 encoding. The input file to Geierlein must be encoded in UTF-8 |
Hi, could you please give the Git-version auf Geierlein a try? The GUI version should work now, haven't yet cared for the command line version. cheers, |
I've tried with the command line version as the files you modified are common to both, and sending my data with my signature as test case with Thanks! |
I've tried with the GUI version and sending my data as a test case with signature works fine now! Thanks! P.S. curiously neither my name nor my address contains umlauts or other non-ASCII characters... |
There were two independent problems:
Now both things are solved. |
Ah, of course! Thanks. |
Hi there.
I tried doing my "Umsatzsteuer-Voranmeldung" with geierlein for the first time today. I used taxbird until last month, but on my new system, I thought I'd give the future a chance. ^^
After entering all my data, I tried sending a test case. I selected my certificate and entered the pin and got the message, that either the file or the pin are wrong.
I tried sending a non-test transmission, same thing.
I checked the pfx-file using openssl pkcs12. It contains a key named "signaturekey" and the pin is working as well.
So for, I have not been able to either get geierlein to sign the transmission or let me debug the problem.
Any help would be greatly appreciated, I really don't want to start my Wind$$s VM every month just to use elsteronline.de
Thanks in advance. :-)
The text was updated successfully, but these errors were encountered: