Time ago I received, from an EDI customer, an Interchange proposal concerning COREOR messages with a digital signature.
In the beginning it seemed to me a very good idea: the delivering of import containers is a rather delicate matter and a digital signature can:
- Prove that EDI message is created from a known sender;
- EDI message is not altered in transit.
Unfortunately, when I saw the sample COREOR I could not believe my eyes; message looked, more or less, like this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
UNB+UNOA:3+XXXX:ZZ+ITSALSCT:ZZ+120902:1055+3733'
(...)
UNZ+1+3733'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAk5gmeYACgkQ3lkq35eQ2s+iowCggEuSTpVW5cxbpz+W9gnVCzU0
UxcAn3t2ZRUCkKIH/ElN/UmVAz0po21d
=aSjJ
-----END PGP SIGNATURE-----
For sure digital signature could be verified manually by means of an external program before processing the message but, at least in my very modest opinion, this was not the way to implement digital signature in an EDI protocol.
I spent some time to found out a consistent documentation and also discussed this issue in a Linkedin's group: I would like to share EANCOM (ie. a subset of UN/EDIFACT)
documentation in case you need to handle a similar issue.
