Technical information

Digital signatures

In the Norwegian version all sales transactions are digitally signed. When the transaction is finalized with a payment it is saved to the database as usually but the fiscal service does also save the signature to the RBOTRANSACTIONFISCALTRANS table in the LS One database. In this way we can verify that the transactions are unchanged in the electronic journal. Because if the transactions have been altered in any way the signature will not match the data.

RBOTRANSACTIONFISCALTRANS table was modified to add in fields, for holding data needed for signature and the signature itself. The signature is handled by HashTransaction fuction in FiscalService.cs which will be triggered when transactions are concluded in ConcludeTransaction function, in TransactionService.cs.

The RBOTRANSACTIONFISCALTRANS table is not a new table and is already a part of the replication jobs so this information will flow with the transactions from the terminals to the Head office. If you have just updated to LS One version 2019 you might have to do a read design to get the new fields to the table.

The signature is based on asymmetric cryptography using a public key algorithm RSA. To generate the digital signature, the codeunit creates a one-way hash SHA-1 of the electronic data being signed. The private key is then used to encrypt the hash. The encrypted hash is the digital signature.

The key used for the signature is stored in the system certificates repository (x509 store). In this released for demo purpose the key is a Self-Signed Certificate stored under current user with fixed subject name “Norwegian_Tax”. Both the stored location and the fixed name can be change by editing the codeunit Transaction Signature. See functions “FindCertificate” and “GetCertificationName”.

To create the demo certificate, use this PowerShell command:

New-SelfSignedCertificate -Type Custom -Subject "CN=Norwegian_Tax" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 1024 -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -CertStoreLocation "Cert:\CurrentUser\My"

Client session variables

When starting up a POS, if the Fiscal Service activated in IsActive fuction in FiscalService.cs, the system will disallow sales if drawer is open by sets fixed client session variable – AllowSalesIfDramwerIsOpen to false using StartupCheck function in FiscalService.cs, limit maximum number of receipts printed to 2 using PrintReceiptCopy function in FiscalService.cs and also disallow Training mode on user logon AuthorizeOperationPage.cs page.