EDIFACT - signed messages

[Manuel Abadia]

Hi,

I have succesfully used BOTS 3.0.0.0 to handle EDIFACT ORDERS messages. Last EDI implementation I made was some years ago was way more elaborated because I had to made my own parser based on ANTLR and little differences in EDI messages were more difficult to implement. Thank you guys for this excellent program, it was a piece of cake with BOTS.

Now I'm looking at INVOIC messages. However, here in Spain (I don't know if this apply in other countries), the INVOIC messages can be digitally signed in order to be a legal invoice without having to send the invoice in paper. I have seen a few signed INVOIC messages and they use USH and UST segments (with USA, USC, USR, etc segments) and the usual INVOIC segments. 

I haven't seen any support for this in BOTS, either at the cryptographic level or at the grammar level. Is there any support planned for this or am I on my own?

Best regards,

Manu

[henk-jan ebbers]

hi Manuel,

Thank you!

I tried ANTLR myself, when I was examining how to build Bots.
It is very good software, but not suited for EDI, i found. Their 'parsing' is somehow a different thing.

Have seen lately more of these signed invoices.
at least it needs additional segments to the grammar, but that should not be a problem.
I have never looked at the detail of the encryption, but I strongly got the idea it should be do-able.

if I can be of any help, just let me know.

kind regards,
henk-jan

> --
> You received this message because you are subscribed to the Google Groups "Bots Open Source EDI Translator" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to botsmail+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[BikeMike]

I don't know what type of encryption is required, but I have used gnupg for decryption of incoming files (preprocessing routescript). In your case there will be some encrypted data within some segment(s) of the edifact document? This could be managed similarly in a mapping.

I have added my routescript as an example in the wiki to help get you started.
http://code.google.com/p/bots/wiki/RouteScriptsExample

Kind Regards,
Mike

[Manuel Abadia]

henk-jan,

yeah, EDI parsing needs a lot of flexibility.

I have read that there are 2 ways to implement digital signatures: AUTACK messages or attaching security headers and trailers inside the message. I have only seen signed messages using the second method. I guess that changing the envelope to support this optional headers should made the trick.

BikeMike,

in my case, it seems that the digital signature is just SHA1 + RSA with padding:

USH+1+768+2+1+6+2+1+1::XXXXXXXXXXXXX::9+2::XXXXXXXXXXXXX::9++1:20110404:192537' -> security header

    1 = Non-repudiation of origin

    768 = Security reference number

    2 = Scope of security application (From security header to security trailer)

    1 = Response type, coded (No AUTACK acknowledgement message expected)

    6 = Filter function, coded (UN/EDIFACT EDC filter. Filter function for UN/EDIFACT character set repertoire A as described in Part 5 of ISO 9735)

    2 = Original character set encoding, coded (ASCII 8 bit)

    1 = Role of security provider, coded (Issuer)

    1 = Security party qualifier (Message Sender)

USA+1:::16:1' -> security algorithm

    1 = Use of algorithm, coded (owner hashed)

    16 = Algorithm coded (SHA1)

    1 = Algorithm code list identifier (UN/CEFACT)

USC+3CB382EF' -> certificate reference (3CB382EF)

USA+6:16:1:10:1:7+14:1024+12:ZÞÝ~~óbsåÕï}órLüJöJpñIÆÖGÉï\ofSÐÍÙpûCQEpÅÊVgÔìdÂcHÔvÛåØÙÍWÎüY`mbUvïêSpIïÂLÌVÖmuçkÍtbúÈMgeìÁÅEÍêdiÛIaÂÂÆ\\zì^dÛ]÷tS^cùltuÉçcû|ËxÚÊàhQGÛäßs|ÓÍV]UÑ`àÍ+13:ðA@A'

    Security algorithm

        6 = Owner signing

        16 = Cryptographic mode of operation, coded (DSMR)

        1 = Mode of operation code list identifier (UN/CEFACT)

        10 = Algorith, Coded (RSA) 

        7 = Padding mechanism, coded (ISO 9796 #2 padding)

Thank you for posting your routescript code. 

However, sending digitally signed INVOIC messages is an additional step that I'm planning to do after I finish implementing the messages I need, if the company I'm working for wants to invest the time on it (not sure it is the case though).

Best regards,
Manu

[Geof]

Hi,

did you ever implemented a solution to sign INVOIC messages?

If so, I'm interested how to implement.

Best Regards

Geof

[sghebuz]

Hi, we are using bots to send invoice in 93A to our Spanish customer but the invoice signing is handled by the van (edicom), that was quite easier to implement 😅

--

You received this message because you are subscribed to the Google Groups "Bots Open Source EDI Translator" group.
To unsubscribe from this group and stop receiving emails from it, send an email to botsmail+u...@googlegroups.com.

Visit this group at https://groups.google.com/group/botsmail.
To view this discussion on the web visit https://groups.google.com/d/msgid/botsmail/771f0b30-ecca-41f7-b97a-eb14dbda24f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.