What is the legal requirement for document verification using digital signatures? How does SAP store the digital signatures created for electronic documents by external systems? We will look into the aspect of integrating SAP S4 HANA with externally-generated digital signatures.
What is a Digital Signature?
A digital signature is an algorithm that verifies the authenticity of digital documents. Each document sender and receiver in a trusted network must generate two Keys: a Private Key and a Public Key. The parties must then exchange their Public Keys with each other before they can exchange documents or messages. The document sender signs the document with his/her Private Key, the message receiver then verifies the authenticity of the document using the Public Key of the sender.
Legal Requirment of Digital Signature for Portugal Invoices
According to regulations established by the Portugal government, software that issues invoices and billing documents should digitally sign the documents. The Portaria n.º 363/2010 de 23 de Junho outlines this legal requirement. Software that signs the documents should be certified by the Portugal tax authority Direcção Geral dos Impostos, DGCI).
Billing documents such as invoices, proforma invoices, debit memos, and credit memos that belong to Portugal sales organization, or accounting documents such as invoices, debit memos, and credit memos that belong to Portugal company code should be digitally signed.
Printed documents of the invoices and billing documents must include the digital signature.
The RSA algorithm should generate the digital signature.
S4 HANA Integration Architecture of Externally-Generated Digital Signatures
Let’s assume the following scenario. Customers place orders through an Order Management tool external to SAP S4 HANA. Order Management System (OMS) issues the necessary invoice directly to the customer at the time of order placement. Then the OMS transfers the order information to SAP S4 HANA system. The SAP system then creates the SAP sales order, SAP invoice, and other documents in the process flow.
In such cases, the OMS should digitally sign the invoice issued to the customer. SAP, as the backend ERP, should store the digital signature generated by OMS. When SAP creates its accounting documents from billing documents, a valid digital signature should be available for each and every billing document. The printed version (printed outputs) of these billing documents must display the digital signature.
Technical Information Related to Digital Signature in S4 HANA
The table SIPT_IF_VBRK stores the digital signatures created for external documents under Portugal company code/sales organization. Developers can use the standard function module SIPT_POST_EXT_DOC_SD as an interface to update the table SIPT_IF_VBRK.
Field OUR_VBELN holds the SAP billing document number corresponding to SAP billing document VBRK-VBELN. Field SIGNATURE holds the complete hash code of the digital signature.
Function Module SIPT_POST_EXT_DOC_SD
The point at which the digital signature should be updated on SIPT_IF_VBRK depends on the business process. In our example, OMS system could send the digital signature information with the order information. In that case, you can use the Function Module SIPT_POST_EXT_DOC_SD directly in the interface program to store the information in the table.
Or, you can also use the method CL_SIPT_DIG_SIGN_SD->GET_DIGI_SIGN of BADI EI_BADI_SIPT_DIGITAL_SIGN_S to read the digital signature from OMS system (external system) at the point of invoice document creation in SAP.
If you have any questions on the digital signature business process, integration architecture of digitally-signed documents for Portugal, table SIPT_IF_VBRK, Function Module SIPT_POST_EXT_DOC_SD or BADI EI_BADI_SIPT_DIGITAL_SIGN_S, please leave a comment below.
If you’d like to read more about encryption, decryption, and digital signatures, you can refer to linked posts.