The correct digest algorithm to use when signing a CFDiv3.3 document is always SHA-256. FirmaSAT will automatically use the correct SHA-256 digest algorithm when creating a signature for a CFDiv3.3 document unless you specify the SHA-1 algorithm explicitly as an option.
If you think the CFDiv3.3 signature created by FirmaSAT has used SHA-1 by mistake then please check your code.
// WRONG Sat.SignXml(newFile, baseFile, keyFile, password, certFile, HashAlgorithm.Sha1); // DO NOT USE DEPRECATED HASHALGORITHM OPTION // CORRECT Sat.SignXml(newFile, baseFile, keyFile, password, certFile); // OK - use overload with default option
// WRONG Sat_SignXml(strOutputFile, strXmlFile, strKeyFile, strPassword, strCertFile, SAT_HASH_SHA1); // DO NOT USE DEPRECATED SAT_HASH_ OPTION // CORRECT Sat_SignXml(strOutputFile, strXmlFile, strKeyFile, strPassword, strCertFile, 0); // Use default (0)
:: WRONG - DO NOT USE -g OPTION FirmaSAT SIGNXML -s @ -k emisor2048.key -p 12345678a -c emisor2048.cer -i cfdv33-base.xml -o cfdv33-new_signed-1.xml -g sha1
Use the Extract Digest From Signature feature to extract the digest from the signature. Then see how long it is.
A SHA-1 digest will be 40 characters long. A SHA-256 digest will be 64 characters.
> firmasat extractdigest cfdv33-signed-tfd.xml 0FC5C2312270AD4E5E12B757FAA3934DC223CD83292D2D52D96FCED494EC7C85 ; 64 characters => SHA-256 > firmasat extractdigest ejemplo_v32-tfd2015.xml BA41C0F46DCF450B99907F6905AF1127C3118B3F ; 40 characters => SHA-1
To contact us or comment on this page, please send us a message.
This page last updated 15 August 2025.
