Sunday, 7 October 2012

Digital signature

Time ago I received, from an EDI customer, an Interchange proposal concerning COREOR messages with a digital signature.

In the beginning it seemed to me a very good idea: the delivering of import containers is a rather delicate matter and a digital signature can: 
  • Prove that EDI message is created from a known sender; 
  • EDI message is not altered in transit.
Unfortunately, when I saw the sample COREOR  I could not believe my eyes; message looked, more or less, like this: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UNB+UNOA:3+XXXX:ZZ+ITSALSCT:ZZ+120902:1055+3733'
(...)
UNZ+1+3733'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk5gmeYACgkQ3lkq35eQ2s+iowCggEuSTpVW5cxbpz+W9gnVCzU0
UxcAn3t2ZRUCkKIH/ElN/UmVAz0po21d
=aSjJ
-----END PGP SIGNATURE-----

For sure digital signature could be verified manually by means of an external program before processing the message but, at least in my very modest opinion, this was not the way to implement digital signature in an EDI protocol.

I spent some time to found out a consistent documentation and also discussed this issue in a Linkedin's group: I would like to share EANCOM (ie. a subset of UN/EDIFACT) documentation in case you need to handle a similar issue.

1 comment:

  1. Digital signature do serves so many purpose and is a great means to authenticate the sender of information and also to secure the information. I am studying about this technique and read so much about it so far. Thanks to you also for this valuable information.
    digital signature FAQ

    ReplyDelete