Invoice certification lets you mark customer invoices by assigning a unique, encrypted digital signature. Adding a signature uniquely identifies the origin and the main properties of an invoice. QAD Enterprise Financials 2011.1 and higher have been certified by the Portuguese government according the Decree 363/2010 requirements. Invoice certification is a legal requirement in Portugal.

The signature is based on the main properties of the invoice (such as the amount, creation date, and number) and on the signature of the previous customer invoice to ensure that there are no gaps. The invoice certification number assigned to QAD by the local government and the signature are printed on each invoice.

The signature is generated using OpenSSL and a private key. The private key is generated using the RSA algorithm, and remains secret at QAD. Using the private key and OpenSSL, QAD generates a public key. The private key and public key have a strict one-to-one relationship.

The public key is communicated to the local government where it is used to verify whether the digital signatures on invoices created using QAD Enterprise Financials are valid. A digital signature will only pass the validation if it was generated using the private key linked to the public key.

To create invoices marked by digital signatures, you must enable invoice certification at domain level, and the signatures are created by daybook and domain. There must be no gaps in the sequence.

You generate the signatures by running Invoice Post and Print for invoices that originate in the operational modules, or by using Customer Invoice Create to create manual invoices in Financials.

The SAFT format is a commonly accepted file format to export accounting data for audit purposes. In Enterprise Financials, the SAFT export for Portugal has been implemented (SAFT-PT). The digital signatures are included in the audit file and enable the government to validate if the reported amounts and the invoice numbers in the audit file comply with the information in the encrypted signatures.

The invoice signature includes the data linked in the following order, separated by semicolons:

The signature printed on the invoice is actually a subset of the complete signature, corresponding to the 1st, 11th, 21st, and 31st positions.

When the signature has been generated, you cannot change the invoice and the signature. Otherwise, the signature will become corrupt or the signature chain will break. Due to the fact that each signature is created using encryption and a private key, you cannot correct invoice signatures if the invoice amount changes.