安全与身份验证¶
Odoo 电子签名模块默认集成了多种安全功能,例如:
可通过以下方式进一步提升安全性:
簽署人雜湊值¶
当用户签署文档时,系统会生成一个*哈希值*(即本次签署操作的唯一数字签名),将签署人身份与签署时刻的文档原文绑定。该机制可确保签名后任何修改都能被轻松检测,在文档整个生命周期中保障其真实性与完整性。
签名和缩写处会添加一个可视化安全框,展示哈希值的开头部分。
小訣竅
内部用户在 向文档添加签名或缩写 <sign/sign-document/initials-signature>`时,可通过开启或关闭 :guilabel:`安全框 选项来显示或隐藏该框。
每位签署人的签署哈希值都会记录在文档完成签署后生成的 完成证书 中。
完成证书¶
每当一份文档或文档信封被全部签署完成(即所有签署人已完成签署)时,系统会自动生成一份完成证书,并与已签署文档一同通过邮件发送给所有签署人。
備註
当文档通过 Odoo 记录的 沟通栏进行签署,或从 Odoo 记录发起的签名请求(无论是 一次性文档)完成全部签署时,完成证书也会与已签署文档一同附加到消息框中。
该证书包含签署流程的详细信息,用于证明签名的有效性,并确保文档在签署后未被篡改。
提供以下信息:
文档详情:包括签名请求的创建时间与创建人、已签署 PDF 文档的文件名、签署人数量,以及可选择性添加到已签署文档每页的唯一引用哈希值。
参与者 列表:记录所有已签署文档的人员,包括验证方式及确保可追溯性与完整性的唯一 签署哈希值。
带时间戳、IP 地址与地理位置可追溯记录的 签署活动 和 访问日志。
除邮件发送外,已签署文档的完成证书可随时通过电子签名应用下载:
转到 并切换到看板视图。
点击对应文档卡片右上角的 (垂直省略号) 图标,然后点击 详情。
点击 下载 然后点击 认证。
安全識別¶
当通过电子邮件发送签名请求时,签署人需点击邮件中包含的唯一链接访问文档。此默认验证步骤旨在确认签署人确实控制着与签名请求关联的电子邮件地址。
也可以通过以下任一方法要求一个或多个签署人进行额外身份验证:
Via Aadhar eSign (available in India)
Via itsme® (available in the European Union, the United Kingdom, Norway and Iceland)
重要
These authentication methods require buying credits. If you do not have any credits left, authentication is skipped.
Unique code via SMS¶
通过短信验证时,签署人将收到一条包含一次性验证码的短信,在签署过程中系统提示时输入该验证码以完成身份验证。
此功能在电子签名的 常规设置 中默认启用。
備註
在发送短信之前,您需要注册手机号码。操作步骤如下:进入 ,在 短信验证`选项下点击 :guilabel:`管理服务与购买信用点。在下一界面点击 :guilabel:`注册`按钮,随后即可完成手机号码注册流程。
要求通过短信验证签署人身份:
在文档或文档信封打开状态下,于左侧面板中点击相关签名者旁边的 (垂直省略号) 图标,随后点击 编辑。
In the pop-up, select Unique Code via SMS as Authentication.
按一下 儲存。
Upon signing the document, an extra Final Validation window is displayed where the signer enters first their phone number, then the one-time code received.
Aadhaar eSign¶
Aadhaar eSign allows signers in India to digitally sign documents using their Aadhaar number and OTP (One Time Password) verification. This provides a secure and legally valid way to complete signatures directly within Odoo Sign.
重要
In Odoo Sign, Aadhaar eSign can only be used for signature requests containing a single document. Additionally, only one signer per document can be required to authenticate via Aadhaar eSign, and this party must be the last party to sign the document.
This method is therefore most suitable for a single document with a single signer, or where the first signer is the party sending the signature request.
To enable authentication with Aadhaar eSign, go to , then enable Sign with Aadhar eSign.
To require signer authentication via Aadhaar eSign:
With the document or document envelope open, in the left panel, click the (vertical ellipsis) icon next to the relevant signer.
In the pop-up, select Via Aadhaar eSign under Authentication.
按一下 儲存。
Upon signing the document, an extra Final verification page is displayed where authentication via Aadhaar is required.
備註
The digital certification from eMudhra is available in the downloaded document.
Itsme®¶
Itsme® authentication allows signers in the European Union, the United Kingdom, Iceland and Norway to prove their identity.
To enable authentication with itsme®, go to , then enable Identify with itsme®.
To require signer authentication via itsme®:
With the document or document envelope open, in the left panel, click the (vertical ellipsis) icon next to the relevant signer.
In the pop-up, select Via itsme® under Authentication.
按一下 儲存。
Upon signing the document, an extra Final verification page is displayed where authentication via itsme® is required.
Cryptographic signature¶
Odoo Sign allows you to use your own digital certificate to sign documents. A digital certificate uses cryptography, which relies on secure mathematical algorithms, to ensure a signed document’s authenticity and integrity.
Authenticity is ensured as your verified identity is linked to the signature, while integrity is ensured as the document cannot be altered without invalidating, or 『breaking』, the cryptographic signature.
A digital certificate is stored in a file such a .p12 or .pfx file. This is a secure container
that contains:
a private key that applies a unique cryptographic signature to a document; and
identifying information about the signer and a public key that is shared with the recipient for signature validation
The file is always protected by a password, which is never stored in plain text. Odoo uses this password to decrypt the private key at the moment a document is signed.
Obtain or create a digital certificate¶
Most businesses obtain their digital certificate from a trusted Certificate Authority (CA). In many
cases, the CA provides the .p12 or .pfx file directly, along
with its password.
It is also possible to generate a certificate yourself. Adobe Acrobat and Microsoft, for example, allow the creation of digital certificates.
備註
Self-generated digital certificates do not provide the same level of trust as a certificate obtained from a trusted CA. However, they can be useful if you need to provide a digital signature urgently or for less official situations.
Once you have obtained or created a digital certificate, you can then upload it to your Odoo database.
Upload a digital certificate in Odoo¶
To upload a digital certificate in Odoo:
Go to .
Under Cryptographic signature, click the Signing certificate dropdown and click Create.
In the pop-up, complete the relevant fields:
Name: Enter a name for the certificate.
Certificate: Click Upload your file, then select the relevant certificate file in
.p12or.pfxformat.Certificate Password: Enter the certificate password for the uploaded file; it must be minimum six characters. This password is used to decrypt the private key during the signing process.
按一下 儲存。
備註
After the certificate has been uploaded, two read-only fields are auto-completed: the Validity date, i.e., the date on which it starts to be valid, and the Serial number that will be added to signed documents.
In a multi-company environment, one certificate can be uploaded per company.