On 7/4/05, Dave Howorth <[EMAIL PROTECTED]> wrote: > Alphonse Ogulla wrote: > > Hi good people, > > I wish to get your views on how I can implement a system that will > > capture text of a financial document that is to be printed, run a hash > > algorithm (SHA-1) over the document text, store an electronic copy of > > the document and its digital signature to disk and lastly print the > > document with the electronic signature at the last line of the > > document. The financial document can be a ticket/receipt produced by a > > POS application or an invoice/delivery note generated by an accounting > > software. > ... > > Do you think this is a reasonable way of going about this project? Is > > Samba-CUPS and bash/perl scripting the best tools to use or are there > > others? What is your recommendation and advise? Your comments, remarks > > or criticism are welcome. > > As others have mentioned, perhaps you need to tell us more about the > project's purpose - what risks is it designed to protect against? > > For example, the existence of the _c.txt leads me to suspect that you're > worried the _b.txt files may be changed. But it's not clear why you > wouldn't just store everything on the CD if that's the case? > > And I'm not sure of the purpose of printing the hash on the paper > ticket, since it may or may not correspond to the text that's actually > printed on a specific piece of paper that's presented later. When does > the printed hash get used? > The primary purpose of the project is to assure auditors and tax authorities that printed documents are true if the electronic signatures match. It also provides a means of the authorities to check in a reliable way what taxes a certain business is to pay. The accounting system will continue to produce reports based on document authenticataion.
Only signatures that are used to authenticate _b.txt files are stored on CD-R so that once a record has been saved on CD-R, it can no longer be altered. Its is important in order to keep permanent records of electronic endorsments. The digital signature at the last line of the invoice is basically a unique identifier derived from the text of the invoice. This requirement is again a local reglulation concerning electronic invoice validatiion for operation under fical requirements.