Document

Digital Signature e-Invoicing in Malaysia

As the e-Invoice mandate in Malaysia swiftly approaches, one crucial aspect that businesses must grasp is the digital signature process. Under the guidelines provided by the Inland Revenue Board of Malaysia (IRBM), also known as Lembaga Hasil Dalam Negeri Malaysia (LHDNM), each invoice submission requires a digital signature. Whether it's a single invoice or a batch submission, every individual invoice must be digitally signed to comply with regulations.

Let's delve deeper into understanding the digital signature process:

What exactly is a Digital Signature?

A digital signature functions as a virtual seal, uniquely tying digital information to its creator. Similar to a handwritten signature or a stamped seal in the physical world, a digital signature offers heightened security and reliability in the digital realm.

At its core, a digital signature comprises two essential components: a private key and a public key. These keys are mathematically linked through asymmetric encryption algorithms like RSA (Rivest-Shamir-Adleman) or ECC (Elliptic Curve Cryptography), ensuring that data encrypted with one key can only be decrypted with the other.

Importance and Applications of Digital Signature:

  1. Authentication: Digital signatures authenticate the sender's identity, ensuring that the message or document originates from a legitimate source.
  2. Integrity: By detecting any alterations or tampering attempts, digital signatures guarantee the integrity of transmitted data.
  3. Non-repudiation: Once a document is digitally signed, the sender cannot deny their involvement or repudiate the contents, providing irrefutable proof of their consent or authorization.
  4. Legal Validity: In many jurisdictions, digital signatures hold the same legal validity as handwritten signatures, facilitating the execution of contracts, agreements, and other legally binding documents electronically.

The Role of Certificate Authorities (CAs):

Certificate Authorities (CAs) play a pivotal role in validating digital signatures by providing a trusted framework for verifying the authenticity and legitimacy of public keys associated with digital certificates. Here's how CAs facilitate the validation process:

  1. Issuance of Digital Certificates: CAs issue digital certificates, electronic credentials that bind an individual or entity's identity to a public key.
  2. Verification of Identity: CAs rigorously verify the identity of the requesting entity before issuing a digital certificate.
  3. Binding Public Keys to Identities: After identity verification, the CA digitally signs the digital certificate, attesting that the public key is associated with the verified identity.
  4. Distribution of Certificates: CAs make digital certificates publicly available through online repositories, enabling relying parties to access and verify certificate validity.
  5. Validation of Digital Signatures: Recipients extract the digital signature and the signer's digital certificate to verify authenticity using the CA's public key.
  6. Trust Chain Verification: Recipients can recursively validate the certificate chain to ensure each certificate is valid and issued by a trusted CA.

How it Works for e-Invoicing in Malaysia?

  1. Generating e-Invoices: Taxpayers or e-Invoice intermediaries generate e-Invoices in XML or JSON format.
  2. Hash Calculation: Using the SHA 256 algorithm, calculate the hash value of the e-Invoice.
  3. Digital Signature: Digitally sign the hash of the invoice with the digital certificate.
  4. Invoice Submission: Include the signature value in the e-Invoice XML/JSON and submit it to IRBM/LHDNM APIs.

Visit e-Invoice Malaysia to get started.

Validating Digital Signatures by IRBM/LHDNM:

  1. Decryption and Identification: IRBM decrypts the signature value using the taxpayer's public key and identifies the hash value.
  2. Hash Comparison: IRBM calculates the hash of the e-Invoice XML and compares it with the decrypted hash value. If they match, the invoice is considered valid; otherwise, it's deemed invalid.

Taxilla?s e-Invoice middleware is meticulously designed to adhere to IRBM/LHDNM guidelines, ensuring seamless e-Invoice compliance. With extensive experience in handling similar mandates globally, Taxilla stands as a reliable partner in navigating the complexities of  e-Invoicing in Malaysia.

Need more insights? Book a free demo