Digital Signature of Invoices

7/30/2019 Digital Signature of Invoices

http://slidepdf.com/reader/full/digital-signature-of-invoices 1/15

Dig i ta l Sig na tu re o f Invo i ces



(C) SAP AG 2

Copyright

©Copyright 2010 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose

without the express permission of SAP AG. The information contained herein may bechanged without prior notice.Some software products marketed by SAP AG and its distributors contain proprietarysoftware components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of MicrosoftCorporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x,System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM,z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM,Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower,PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2

Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner,WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBMCorporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registeredtrademarks of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin aretrademarks or registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, WorldWide Web Consortium, Massachusetts Institute of Technology.

J ava is a registered trademark of Sun Microsystems, Inc.

J avaScript is a registered trademark of Sun Microsystems, Inc., used under license fortechnology invented and implemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAPBusinessObjects Explorer and other SAP products and services mentioned herein as well as

their respective logos are trademarks or registered trademarks of SAP AG in Germany andother countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, CrystalDecisions, Web Intelligence, Xcelsius, and other Business Objects products and servicesmentioned herein as well as their respective logos are trademarks or registered trademarks of SAP France in the United States and in other countries.

All other product and service names mentioned are the trademarks of their respectivecompanies. Data contained in this document serves informational purposes only. Nationalproduct specifications may vary.

These materials are subject to change without notice. These materials are provided by SAPAG and its affiliated companies ("SAP Group") for informational purposes only, withoutrepresentation or warranty of any kind, and SAP Group shall not be liable for errors or



(C) SAP AG 3

omissions with respect to the materials. The only warranties for SAP Group products andservices are those that are set forth in the express warranty statements accompanying suchproducts and services, if any. Nothing herein should be construed as constituting anadditional warranty



(C) SAP AG 4

Icons in Body Text

Icon Meaning

Caution

Example

Note

Recommendation

Syntax

Additional icons are used in SAP Library documentation to help you identify different types of information at a glance. For more information, see Help on Help General InformationClasses and Information Classes for Business Information Warehouse on the first page of anyversion of SAP Library.

Typographic Conventions

Type Style Description

Example text Words or characters quoted from the screen. These include fieldnames, screen titles, pushbuttons labels, menu names, menu paths,and menu options.

Cross-references to other documentation.

Exampl e text Emphasized words or phrases in body text, graphic titles, and tabletitles.

EXAMPLE TEXT Technical names of system objects. These include report names,program names, transaction codes, table names, and key concepts of aprogramming language when they are surrounded by body text, forexample, SELECT and INCLUDE.

Exampl e t ext Output on the screen. This includes file and directory names and theirpaths, messages, names of variables and parameters, source text, andnames of installation, upgrade and database tools.

Exampl e text Exact user entry. These are words or characters that you enter in thesystem exactly as they appear in the documentation.

<Exampl e t ext > Variable user entry. Angle brackets indicate that you replace thesewords and characters with appropriate entries to make entries in thesystem.

EXAMPLE TEXT Keys on the keyboard, for example, F2 orENTER.



(C) SAP AG 5

Table of Contents

Digital Signature of Invoices .................................................................................................. 6 Acquisition of SAP Encryption Keys ................................................................................... 7

Downloading PSE Files for Digital Signature................................................................... 9 Uploading PSE Files for Digital Signature ..................................................................... 10 Customizing for Digital Signature of Invoices ................................................................ 11 Customizing for Digital Signature Data in Printed Invoices ............................................ 12

Digital Signature Generation ............................................................................................ 13 Digital Signature Data in Printed Invoices ......................................................................... 15



(C) SAP AG 6

Digital Signature of Invoices

According to legal requirements in Portugal, as of J anuary 1, 2011, software that is used tocreate invoices must be able to digitally sign the data using an RSA algorithm. SAP ERPallows you to fulfill these legal requirements (outlined in Portaria n.º 363/2010 de 23 de

Junho) for invoices created using automatic and manual processes in the Flexible Real EstateManagement (RE-FX) component.

SAP’s software has been certified by the tax authorities in Portugal (Direcção Geral dosImpostos, DGCI) with a private/public encryption key. Once you have uploaded privateencryption keys to your SAP ERP production systems, each system uses its key to digitallysign the printout of real estate invoices and credit memos for a Portuguese company codecreated in RE-FX.

The tax authorities can then use SAP’s public key to check the authenticity of the digitalsignatures on your invoices and credit memos.



(C) SAP AG 7

Acquisition of SAP Encryption Keys

SAP’s software has been certified by the tax authorities in Portugal (Direcção Geral dosImpostos, DGCI) with a private/public encryption key. This private encryption key is needed to

encrypt data and digitally sign the printout of real estate invoices and credit memos. You canobtain certificates from SAP that include the SAP private encryption key from the SAP ServiceMarketplace. This information is stored in a PSE file that you have to download to your localPC and then upload to a production system.

Prerequisites

You have an S-User and password for access to the SAP Service Marketplace.

Process

1. You install the latest version of the SAP Cryptographic Library (SAPCRYPTOLIB) oneach production system. You can download SAPCRYPTOLIB from the SAP Service

Marketplace at https://service.sap.com/swdc. SAPCRYPTOLIB provides the functionsfor creating and verifying digital signatures within SAP systems. For more informationabout how to download SAPCRYPTOLIB, see SAP Note 455033.

The distribution of the SAP Cryptographic Library is subject to and controlledby German export regulations and is not available to all customers. Inaddition, the library may be subject to local regulations of your own countrythat may further restrict the import, use and (re-)export of cryptographicsoftware. If you have any further questions on this issue, contact your localSAP subsidiary.

2. You apply the necessary Kernel patch as required for your Release level. For moreinformation, see SAP Note 1526521. For more information about downloading andinstalling the patch, see SAP Note 19466.

3. You implement the other technical requirements explained in SAP Note 1484221,SAP Note 1517894, and SAP Note 1520970.

4. You download PSE files that contain the certification information and the encryptionkey from the SAP Service Marketplace to your local PC. You must download onePSE file for each of your production systems in which you create invoices and creditmemos in the Flexible Real Estate Management (RE-FX) component with aPortuguese company code.

SAP also provides you with a test certificate including a test encryption keyfor non-production systems as an attachment to SAP Note 1517894. Beaware that due to security reasons, the digital signatures created with the testencryption key differ from those that are created using the SAP privateencryption key for production systems that you download from the SAPService Marketplace.

For more information, see Downloading PSE Files for Digital Signatures [Page 9].

5. You upload a PSE file to each of your production systems. For more information, seeUploading PSE Files for Digital Signatures [Page 10].

6. Your SAP systems read the PSE file and store the certificate with the privateencryption key in the database.



(C) SAP AG 8

7. You make the necessary settings in Customizing in each of your production systems.For more information about these settings, see Customizing for Digital Signature of Invoices [Page 11] and Customizing for Digital Signature in Printed Invoices [Page12].

Result

When you create an invoice or credit memo for a Portuguese company code in an SAP ERPsystem that has the private encryption key, the system generates a digital signature for eachdocument and stores it in the database. For more information, see Digital SignatureGeneration [Page 13].

When you print an invoice or credit memo that requires a digital signature, the system caninclude digital signature information in the printout as required by law. For more information,see Digital Signature Data in Printed Invoices [Page 15].



(C) SAP AG 9

Downloading PSE Files for Digital Signature

Before you can digitally sign real estate invoices and credit memos in your SAP ERP system,you must obtain a PSE file including the private encryption key from the SAP ServiceMarketplace for each of your production systems, that is, the systems whose client role isProduct i on. You can see the client role for a system using the SCC4 transaction.

Prerequisites

You have an S-User and password for SAP Service Marketplace.

You have registered all your production systems and the corresponding Netweaverreleases on the SAP Service Marketplace.

Procedure

1. Open the Portugal page on the SAP Service Marketplace athttps://service.sap.com/globalizationby choosing Multinational Issues Country

Information Portugal .

2. Under Additional Solution Information, click on the link for downloading the PSE files.

3. Search for the production systems for which you need to obtain a PSE file.

The results list displayed only contains your production systems.

4. For each production system, click on the system ID.

5. Start the download.

6. Save the PSE file to your local PC.

We recommend that you do not change the default name of the PSE filebefore saving it.



(C) SAP AG 10

Uploading PSE Files for Digital Signature

Before your SAP production systems can start digitally signing real estate invoices and creditmemos, you must upload the SAP private encryption key to each system that you use forPortuguese company codes. The SAP private encryption key is included in the PSE files thatyou download from the SAP Service Marketplace.

Prerequisites

You have downloaded one PSE file for each combination of your production systemand Netweaver release from the SAP Service Marketplace. For more information, seeDownloading PSE Files for Digital Signatures [Page 9].

Your user has the S_RZL_ADM authorization object.

You have completed all of the steps in the process for acquiring an SAP encryptionkey, including the installation of SAPCRYPTOLIB and the necessary Kernel patch.For the process steps, see Acquisition of SAP Encryption Key [Page 7].

Procedure

For each production system, proceed as follows:

1. Start the SI PT_SAFT_STORE_PSE program in the SE38 transaction.

2. Browse to the location on your local PC where the PSE file is stored.

3. Run the program.

Result

Your SAP system uploads the PSE file from your local PC and stores it in a secure area of your servers. Note that the uploaded PSE file is not visible in the STRUST transaction.

Each time your system needs to digitally sign a document, it accesses this information. Formore information, see Digital Signature Generation [Page 13].



(C) SAP AG 11

Customizing for Digital Signature of Invoices

To make settings for Portuguese company codes to determine which invoices and creditmemos should be digitally signed to fulfill legal requirements, proceed as follows inCustomizing for Flexible Real Estate Management (RE-FX) under:

Accounting Rent Invoice Company-Code-Dependent Settings for Invoice

You assign the number range interval of invoices and credit memos to the relevantcompany code.

Country-Specific Settings Portugal Digital Signature Define Settings for

Digital Signature Generation

You define settings that the system uses as input to digital signature generation.

Activities

Record number range intervals for Portuguese company codes that you use for creatingbilling documents and manual invoices. Mark each number range interval that is relevant fordigital signature, and enter a leading document type and a series.

The system uses the leading document type and the series as input for digital signaturegeneration. According to law, an invoice number must be part of the input for signaturegeneration. The law also specifies that the system must create this invoice number in thesame way as the value for the 4.1.4.1. field in the SAF-T (InvoiceNo).

The specifications for this field are as follows:

XX 1/100000008

where XX is an internal code, followed by a space, followed by the number of the numberrange series, followed by a slash (/), followed by the sequential invoice number.

SAP uses the code of the leading document type as the internal code. You must enter aleading document type for each number range interval. This is particularly important when youuse one number range interval for documents with different document types. In this case, youshould select one type as the leading document type. The system then uses this documenttype as the leading document type for signature generation for documents of all types usingthis number range interval. Alternatively, you can enter a document type that exists in yoursystem but is not used for document creation. The system then uses this leading documenttype as the internal code as input for the signature for all document types in this numberrange interval.

According to the law, the number range series must also be part of the invoice number that isinput for the digital signature (see the description of SAF-T field 4.1.4.1. in previous text). Youmust enter a series for each number range interval in Customizing. We recommend that youuse different series for different number range intervals for the same document type.

The series is not an SAP concept. The information in this field is not validated by your SAPsystem; you can use the series to best meet your own requirements. For example, if for somereason, a large gap occurs in the sequential numbering for a number range interval for acompany code in a fiscal year, you could continue to use the number range interval but with adifferent series.

For more information, see Digital Signature Generation [Page 13].



(C) SAP AG 12

Customizing for Digital Signature Data in PrintedInvoices

SAP delivers a template invoice (RE_CN_120_PT) in a PDF-based form and a Smart Form.

Procedure

To print the real estate invoices with a digital signature, make settings in Customizing forFlexible Real Estate Management (RE-FX) under Correspondence PDF-Based Forms

(Mass Print and Single Print) :

1. Forms Define Forms

You can use the delivered form, or you can create a new one. If you create a newone, enter the technical name of the newly created form object in the Form Object column.

2. Correspondence Activities and Applications Define Correspondence Activities

If you created a new form as described in step 1, select the P520 (Invoice withDig.Signature (PT)) correspondence activity, and assign the form to it.

3. Correspondence Activities and Applications Define Correspondence Applications

and Assign Correspondence Activities

Select the A520 (Invoice) row and assign the P520 (Invoice with Dig. Signature (PT)) correspondence activity to it on the Correspondence Activities screen.



(C) SAP AG 13

Digital Signature Generation

To fulfill legal requirements, your system uses the following data as input to digitally signinvoices:

Invoice Data Format Example

Invoice date YYYY-MM-DD 2010-03-11

Invoice number

Comprises the following insequence:

1. Code for theaccountingdocument type,followed by a space

2. Series of thenumber rangeinterval to which thedocument belongs,followed by a slash(/)

3. Sequential numberwithin the numberrange series that isassigned to thedocument

F2 1/0090100084

Gross amount inthe document

Numeric field withtwo decimal places

No thousandsseparator

Decimal separator isthe period (.)

1200.00

Signature of thepreviousdocument in thesame number

range series(empty when thedocument is thefirst document inthe series)

Base64

mYJ Ev4iGwLcnQbRD7dPs2uD1mX08XjXIKcGg3GEHmwMhmmGYusffIJ jTdSITLX+uujTwzqmL/U5nvt6S9s8ijN3LwkJ XsiEpt099e1MET/J8y3+Y1bN+K+YPJ QiVmlQS0fXETsOPo8SwUZdBALt0vTo1VhUZKejACcjEYJ 9G6nI=

The system concatenates this invoice data, separating the parts by semicolons (;) and uses itas input for the RSA algorithm that generates digital signatures. Each signature contains 172bytes, without any line separator characters.

Prerequisites

You have made all the settings as described in Customizing for Digital Signature of Invoices

[Page 11].



(C) SAP AG 14

Features

A digital signature is generated when you create an invoice with the Create Invoices (RERAI V) program.

Since different users may create documents for the same number range interval, performance

issues could occur if the system always has to wait for the generation of the previous digitalsignature before creating the next one. To avoid this, your system checks in the documentdatabase if a document with a previous signature already exists. If it does, the systemgenerates the new signature for the new document and stores the document in the database.If it does not exist, the system stores all of the other necessary data from the document in thedatabase.



(C) SAP AG 15

Digital Signature Data in Printed Invoices

This function enables you to meet legal requirements in Portugal when printing invoices orcredit memos that have digital signatures.

Prerequisites

You have made all the settings as described in Customizing for Digital Signature Data inPrinted Invoices [Page 12].

In the Form Builder (SFP) transaction, you have assigned the RE_CN_120_PT interface toyour PDF form.

Features

When you print an invoice or credit memo with the Print Invoices (RECPA520) program, theprintout should include the following data:

Signature information (hash control) as specified by law, that is the following positionsof the signature: 1st, 11th, 21st, and 31st positions

SAP’s certification number

This data can be included in a printout from a Smart Form or a PDF form.

Activi ties

Include the following legal text in your invoicing forms:

XXXX – Processed by a certified software ZZZZ/DGCI

where “XXXX” is the hash control (print characters) and “ZZZZ” is the certification number. The hash control is stored in the PRI NT_CHAR field and the certification number in theCERT_I Dfield in the Digital Signature for Invoices (VI XCPTSI PT) table.

Documents

Digital Signature of Invoices