Most Powerful Open Source ERP

Notes on Digital Signature

info on use of digital signature for documenting decision making process
  • Last Update:2017-01-20
  • Version:001
  • Language:en

Digital Signature can be used prove that certain decisions were taken with knowledge by well identified users of ERP5.

Table of Contents

The goals of digital signature

Digital Signature can be used prove that certain decisions were taken knowlingly by well identified users of ERP5. The use of X509 certificates as part of the authentication process is sufficient to implement the "well identified" requirement.

The use of time stamping and/or archiving of HTTP frames in relation with workflow actions is sufficient to implement the "proof" requirement. The main issue thus remains in the "knowingly" requirement of digital signature.

Knowingly

Web browsers include X509 signature extensions which can be used through javascript. In Firefox, it can be used to sign text messages, nothing much. It is not sufficient for example to sign HTML content in WYSIWYG mode. This solution therefore does not fullfil the "knowingly" requirement for HTML content. Open Source solutions based on a Java applet can provide a way to sign text or files. However, there is no user friendly way to verify that the signed file is what it is supposed to be. This solution therefore does not fullfil the "knowingly" requirement for HTML content or other content (ex. PDF). At this stage, we found only 4 solutions to provide digital signature in ERP5 in a somhow reasonable way:

  • Use FireGPG to sign workflow transitions (ie. an HTML representation of content). This is probably the most elegant way. FireGPG can even be used for authentication with GPGAuth.
  • Use OpenOffice digital signature features. Generate an ODF representation of an ERP5 document using the ODT or ODS skin and add a OOBasic based button to it named "Sign" which drives the user through the signature process then uploads the signed document and triggers the workflow action.
  • Use a "sign by email" approach by asking users to send an email with some HTML content and sign it. MD5 checksums can be used to make sure that the signed content is the same as the one generated by ERP5.
  • Make a new applet based on JPedal and OpenOCES so that PDF files which are signed can be displayed before being sent.

Related Articles