Sign documents in tryton

Hello one question
I need to sign documents, sales, invoices, … directly from the tablet with tryton.

It’s possible?

What do you mean by signing? What is the purpose?

@ced A question different from @osloar, is there any way to digitally sign the documents in Tryton using some Digital Signature that can be used at the client’s end?

For example, if a manager or an officer approves a certain Transaction, and wants the document to be digitally sign, then what is the way for it ?

Thanks in advance !!

Hello, the idea is to be able to sign an invoice or a report such as an anesthesia without the need to print, scan and attach in the client file.

It is very similar to what @prak asks

I do not understand what you are calling “signature”. For me, you must first define what are the purpose, the guarantee and the result.
“Signing” is not a purpose, it is a mean for something else.

Maybe this could help…

if you took care to properly configure group permissions and/or access rules, Tryton could enforce that only allowed users to be able to perform some actions. So if the action was done, it means an allowed person did it.

As example, for a Payment, only user in group Payment Approval could approve it. A user in group Payment could only create a new payment for approval, but it can’t be proceeded without approval.

After some reading on the web about the legal value of digital signature, I found that there are two kind of digital signature.
The first could be named “handwritten digital signature”. It is about recording the handwritten of the user and store the image. This can be a strong proof only if the device records not only the “picture” but also the time and pressure, and there should be technical constraint that ensure the signature was linked to a specific document. This can only be done on dedicated hardware (not standard tablet). If only the “picture” is recorded than it is just the starting of a proof in front of justice. The last one could be implemented using library like jSignature
The second could be named “cryptographic digital signature”. This one use cryptographic means and proofs to ensure that parties are identified and that the document was not altered. Usually it required a trusted third-party (like with universign) (or trust network like with GPG).

What does it mean for Tryton, I think such feature should be implemented as an extension of ir.attachment (like cryptolog) because signature is based on text document. There could be a set of modules that implements entrypoints that provide a web page which display the document and provide the form to sign it. The signature should be stored on the attachment which will make it readonly. The document should probably be PDF only and there should be a way to include the signature image inside (and any other cryptographic means).
I do not think we should try to implement a widget for the clients because it will not work with third party workflow.

1 Like

What is simply intended is that the client signs an authorization or a sale (as when the postman comes and makes you sign on the mobile). It is true that it does not have the validity that would be desired, but it serves to start a possible process, apart from saving paper and time, since it is signed and stored directly in the file.

Creating a libreoffice template with a sign line should work for this. (https://help.libreoffice.org/6.1/en-US/text/swriter/01/signsignatureline.html).
This will work with libre office files (libreoffice will prompt it to sign the document), but I’m not sure if it will work with the equivalent PDF (It should work, but didn’t try it yet).
When converted to pdf (via unoconv), the user can sign it with an external software (like adobe reader) via different methods (image, signature pad, electronic identity ecc…).
Don’t know if there is a sane way to extract the signature information from the pdf.

Here in Italy PAs (public administrations) use a different system…
They use a p7m envelope file (https://www.ietf.org/rfc/rfc2633.txt) [in short: just an encrypted envelope with the signer private key, where you put the file you agree with].

So ced is right… everyone does it differently :slight_smile:

This is signing with a certificate. It is a complex setup that does not work for random customer.

It does not. LibreOffice is not able to generate the equivalent in PDF. I think the PDF signature is only supported by Adobe products.

Hello @osloar, @ced is right, you should define what it’s is a handwritten digital signature, and digital signature ( which most of time use a certificate ). For a handwritten digital signature I suggest you to create a small web app, after that you can integrate with trytond using extensions like Flask-tryton or ir.attachment model.

For valid Bio Signatures we’ve been using VidSigner (https://www.validatedid.com/es/) for a couple of years now. We recently published a generic module for managing personal data permissions using their API:

https://bitbucket.org/nantic/trytond-party_personal_data_permission

These allow using iPad or other Android-based tablets, while still capturing the necessary biometric information required by (at least) Spanish law.

The module allows configuring configuring which VidSigner device is going to be used per employee and/or client IP address. The user sends a PDF generated in trytond to the VidSigner API, and the user can use a tablet to sign it using a pen. Once finished, the Tryton user can capture the signed PDF from the VidSigner API.

The image of the PDF is shown in Tryton and the PDF (signed by the user and cryptographically signed by ValidatedId, including the biometric information captured in the tablet) is stored as an attachment.

Some more information here:

Hi Albert, thanks for answering. This option is already contemplated but it is extremely expensive for the business system that we have.

You cannot make the final customer pay a fee of 40 euros / month for integration.

That is why in our case it was something much simpler.

Thank you