Each POS transaction is signed automatically when it is posted (see Digital Signature). When an auditor or an internal control needs to confirm that the stored signature still matches the transaction data, the Verify Signature action on the Transaction Signature page performs that check on demand.
To verify a transaction signature
- Click the
icon, enter Transaction Register, and select the relevant link. - Locate the transaction you want to verify.
- In the Transaction Register FactBox, click the Transaction Signature number to open the Transaction Signature page.
- On the page, choose the Verify Signature action.
- One of two messages is displayed:
- Valid signature — the stored signature matches the transaction data and the certificate used at signing time.
- Invalid signature — the data or the chain of signatures has been altered, or the certificate could not be loaded.
What the verification checks
Verification rebuilds the input string that was hashed at signing time. The string concatenates:
- The signature of the previous transaction on the same store and terminal (or a Base64-encoded 0 for the first transaction).
- Transaction date.
- Transaction time.
- Transaction number.
- Gross amount (including income/expense entries).
- Net amount (including income/expense entries).
The string is hashed with SHA-1 and verified against the stored Signature using the Norwegian_Tax certificate. The verify action raises Certificate <name> not found if the certificate is missing from the company's isolated certificate store.
See also
View the Transaction Signature