Administrator Guide - eSign Interface Definition
With eSign, the innovative and complete solution for electronic invoicing and receipt, Retarus offers a transactional and legally-compliant solution for your company. The entire end-to-end business process of invoicing is simplified, accelerated, and, additionally, becomes more secure for both the sender and the recipient. In this way, Retarus addresses the processes of invoice transmission.
In addition to fulfillment of all taxation and legal requirements, Retarus eSign enables seamless transfer of all invoice data and thus the complete electronic mapping of the entire billing process.
The audience for this document is our customers’ project managers, developers, and consultants, to whom the technical implementation of this service is entrusted. Descriptions of all standard parameters and additional options are provided, and, furthermore, this document also deals with the possibilities for secure data transmission for this service and contains an overview of supplementary options.
Signature Generation
A so-called signature key pair is used to generate an electronic signature. It consists of two associated keys: a signature key (private key), and a certificate-affiliated test key (public key). The certificate contains information about the bearer of the signature key. During signature provision, an electronic document (i.e., a file) is signed using the private key. For this signature, a checksum (a hash value) is determined from the file to be signed (signature object). As long as the file’s contents remain unmodified, this calculation will always generate an identical result. The hash value is encrypted by the signature key and stored with the signatory’s certificate and the signature object.
Signature Verification
The public key (key or public key) is required for the verification of electronic signatures. After the checksum is decrypted, a hash value is determined from the signature object. If the two checksums do not match when compared, you can assume that the signed document was modified after the signature was completed. In addition, the certificate’s validity at the time the signature was generated is checked via an online inquiry to the certifying authority (trust center).
The optional, automatic verification of a PDF document after it is signed increases recipient acceptance of electronically signed invoices because invoice validation has already been peformed for them. Retarus eSign service adds a corresponding verification report to the PDF document. This report is saved in a separate version of the document, which leaves the original document intact.