Friday 12 October 2012

Digital signature with INVOIC file

Following to my previous post about digital signature, I have gathered further information.

In Italy digital signature is mainly used with INVOIC files. 

A new friend, Mr. Matteo Maiorano employed at Derwid srl, sent me a very interesting sample: I have post it in the forum for your findings. 

Sunday 7 October 2012

Digital signature

Time ago I received, from an EDI customer, an Interchange proposal concerning COREOR messages with a digital signature.

In the beginning it seemed to me a very good idea: the delivering of import containers is a rather delicate matter and a digital signature can: 
  • Prove that EDI message is created from a known sender; 
  • EDI message is not altered in transit.
Unfortunately, when I saw the sample COREOR  I could not believe my eyes; message looked, more or less, like this: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UNB+UNOA:3+XXXX:ZZ+ITSALSCT:ZZ+120902:1055+3733'
(...)
UNZ+1+3733'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk5gmeYACgkQ3lkq35eQ2s+iowCggEuSTpVW5cxbpz+W9gnVCzU0
UxcAn3t2ZRUCkKIH/ElN/UmVAz0po21d
=aSjJ
-----END PGP SIGNATURE-----

For sure digital signature could be verified manually by means of an external program before processing the message but, at least in my very modest opinion, this was not the way to implement digital signature in an EDI protocol.

I spent some time to found out a consistent documentation and also discussed this issue in a Linkedin's group: I would like to share EANCOM (ie. a subset of UN/EDIFACT) documentation in case you need to handle a similar issue.