Digitally signed PDF documents with SAP and Contux

In this blog post, we will demonstrate a simple and cost effective way to send digitally signed PDF documents, for example invoices or business orders, from your SAP ERP system to your partners – customers as well as suppliers. While the use case described in this article focuses on SAP, we can apply the same techniques to other systems.

Many companies, esp. small and mid-sized companies that do not have the required resources to implement complex EDI interfaces, send business documents as PDF file via simple email. This process can be implemented easily, does not require expensive software and can be used without the need for complex interface designs. The output can be used by anybody with a mail client as well as directly imported into third-party software.

The figure above shows this simple process. While we focus on the business parts required, we will not talk about the communication protocols (SMTP etc.) involved in this blog post.

The process is very simple and can be implemented using SAP standard tools and means of output. However, it cannot be considered secure since everybody can send an email with a PDF document attached to your customers. Hence, it is very easy to fake invoice and bank account data and ask your customers to submit money to the wrong accounts.

In order to make sure that your customers know whether or not a digital invoice (or any other business document) really has been created by you, you need to digitally sign your PDF documents. This is something that cannot be done easily with SAP ERP or many other business software. The standard solution that SAP offers facilitates the Adobe Document Server (ADS), however, an additional license is required making the solution quite expensive.

Thus, we thought of a way of adding digital signatures to PDF documents using our free EDI development framework Contux (which we will officially introduce in another blog post). Contux is a Java-based EDI transformation/mapping and transmission framework designed for processing asynchronous interfaces. We considered PDF files to be just another B2B message with the mail data as meta data and SMTP as the transport protocol.

How does it work?

We created a special version of the SAP printing program which writes the PDF document (SAPScript, Smartform, or ADS Interactive form) alongside with email (subject, body) and receiver information to the file system. Contux then picks up the file, creates a digital signature using a PKCS 12 certificate and attaches the signed PDF document to an email. The email is sent to the business partners using the companies default mail server (SMTP).

Using this simple approach, we can enable our customers to send digitally signed business documents to their business partners in very little development time. Since the meta data format is very simple, the same process can be used by other tools as well. Finally, our customer’s business partners can easily check whether or not the document they receive are authentic, make the interface much more trustworthy than a simple email interface.

If you’re interested in our simple and cost effective way to enable you to send electronically signed documents (PDF etc.), please get in touch. We will be happy to provide you with our knowledge and advice.