Hello,
I’m struggling to understand the use and storage of the private key created with the CSR.
What’s the difference between the PrivateKey created with the CSR and the secret and BinarySecurityToken received (PCSID)?
Is it used to sign the invoices?
How should it be stored and to what use?
Dear @JoaoEmmerich
Thanks for reaching out, Welcome to our community.
Please find the below clarification for your concerns:
Private Key: you have to sign each simplified invoice using it. After generating the PCSID you will use the binarySecurityToken and secret in the Authorization for clearance and reporting APIs choose basic auth the user name should be binaryToken and the secret is the pass. in SDK whin sign any simplified invoice you need 3 parameters (encoded XML, Cert, and Private key “generated along with the CSR”). If you are using CMD then you need to decode the binarySecurityToken and replace it in the following path zatca-einvoicing-sdk-Java-238-R3.4.1\Data\Certificates\cert.pem
additionally, you need to replace the private key as well in the following path before using the sign command
zatca-einvoicing-sdk-Java-238-R3.4.1\Data\Certificates\ec-secp256k1-priv-key.pem
Ensure to not have any extra space in both cet & private key when replacing to avoid any errors.
Please do not hesitate to reach out if any clarification is needed.
Thanks,
Ibrahem Daoud.
Dear @idaoud
Thanks for your answer, but I’m still confused.
We’re not using the Simplified Invoice, only B2B / Clearance.
So we send the CSR+OTP during the Onboard and will receive the binarySecurityToken and secret.
We use these on the Authorization for the Clearance process, and we send a Hash of the invoice, but is it required to Sign the hash with the private key during the Clearance? Or is it signed by the Zatca API?
Dear @JoaoEmmerich,
It’s not required to sign the standard (B2B) tax invoices as it will be stamped by ZATCA.
As per the rules, it’s required to store the private key in a secured place even if the EGS only sends B2B invoices, please refer to the Security_Features_Implementation_Standards document for more information:
Regards,