E-Invoicing basics:

Invoice Reference Number (IRN):

  • Unique Code: The IRN is a unique 64-character code.
  • Generation: It is generated by the e-invoice system using a hash algorithm.
  • Components: The algorithm uses:
  • Supplier’s GSTIN
  • Year
  • Document type
  • Document number (e.g., invoice number)
  • Purpose: Each IRN is unique for every invoice, credit note, or debit note.
  • Identification: It serves as a distinct identifier for each document within the GST system for the entire financial year.

Signed Invoice:

  1. Definition: A digitally signed invoice is an invoice electronically signed by the Invoice Registration Portal (IRP).
  2. Process: The supplier uploads the invoice to the IRP.
  3. Authentication: The government, through the IRP, digitally signs the invoice.
  4. Purpose: This process verifies the authenticity of the submitted/registered invoice.

Signed QR Code:

  1. Definition: A digitally signed QR code is a QR code electronically signed by the Invoice Registration Portal (IRP).
  2. Process: The supplier uploads the invoice to the IRP.
  3. Authentication: The government, through the IRP, signs the QR code.
  4. Contents: The QR code contains important information from the invoice.
  5. Purpose: It allows the invoice to be verified offline using offline tools, ensuring its genuineness.
  6. The QR code will consist of the following e-invoice parameters:
  • GSTIN of Supplier
  • GSTIN of Recipient
  • Invoice number as given by Supplier
  • Document Type
  • Date of the generation of invoice
  • Invoice value (taxable value and gross tax)
  • The number of line items.
  • HSN Code of the main item (the line item having the highest taxable value)
  • Unique Invoice Reference Number (hash)
  • IRN generation date

Purpose of the Signed QR Code:

  1. Contains Unique IRN: The QR code includes the unique Invoice Reference Number (IRN).
  2. Important Invoice Parameters: It also contains key details from the invoice.
  3. Digital Signature: The QR code is digitally signed by the Invoice Registration Portal (IRP).
  4. Offline Verification: Enables verification of the invoice using an offline app.
  5. Practical Use: Helps tax officers check invoices in locations without internet access, such as roadside inspections.

Availability of the Signed QR Code:

  1. The taxpayer requests an IRN.
  2. The IRP processes the request.
  3. ClearTax obtains the Signed QR Code from the IRP.
  4. The Signed QR Code is included in the response to the taxpayer.

Using the Signed QR Code:

  1. Verification Process:
  • Taxpayers or tax officials scan the QR code.
  • Verify if the invoice is registered with the IRP.
  • Check for the IRP’s digital signature on the content.
  1. Authenticity Check:
  • Compare the QR code data with its digitally signed content.
  • Ensure no tampering has occurred; any alteration invalidates the e-Invoice.
  • If the content matches and the signature verifies, the invoice is authentic.
  1. Offline Verification:
  • Utilize an offline app available on the IRP portal to verify the Signed QR Code.

It seems like you have a specific requirement to handle the QR code sent by the IRP as a JWT string and convert it into a QR code image to be printed on the invoice. Here’s how you can address this:

  1. Placement on Invoice: Place the QR Code on the top right corner of the invoice as required.
  2. Handling the QR Code:
  • The QR code received from the IRP will be in JWT (JSON Web Token) format.
  • Your accounting/billing software or ERP should read this JWT string.
  • Convert the JWT string into a QR code image format that can be printed on the invoice.

By following these steps, you ensure that the recipient can easily scan and validate the invoice using the QR code provided.

QR Code size:

The size of the Signed QR code on the invoice should ideally be 2 x 2 inches. However, the actual size may vary based on available space on the invoice and print resolution. The key is to ensure that the QR code is printed clearly and is readable by QR code scanners. This ensures ease of verification for recipients using scanning devices or apps.

The QR code you receive is encoded as a JWT (JSON Web Token), consisting of three parts: header, payload (data), and signature. Here’s a breakdown of how to interpret and verify it:

  1. Header (alg, kid, typ, x5t):
  • alg: Specifies the algorithm used for the digital signature (RS256 in this case).
  • kid: Key ID used to identify the cryptographic key.
  • typ: Token type, which is JWT.
  • x5t: SHA-1 thumbprint of the X.509 certificate that corresponds to the public key used to sign the JWT.
  1. Payload (data):
  • Contains the actual data from the invoice, including details like Seller GSTIN, Buyer GSTIN, Document Number, Document Type, Document Date, Total Invoice Value, Item Count, Main HSN Code, and IRN (Invoice Reference Number).
  1. Signature:
  • Used to verify the integrity and authenticity of the JWT. It ensures that the data in the payload hasn’t been tampered with.

Verification Process:

  • To verify the Signed QR Code:
  • Use the public key provided (in your case, MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxd93uLDs8HTPqcSPpxZrf0Dc29r3iPp0a8filjAyeX4RAH6lWm9qFt26CcE8ESYtmo1sVtswvs7VH4Bjg/FDlRpd+MnAlXuxChij8/vjyAwE71ucMrmZhxM8rOSfPML8fniZ8trr3I4R2o4xWh6no/xTUtZ02/yUEXbphw3DEuefzHEQnEF+quGji9pvGnPO6Krmnri9H4WPY0ysPQQQd82bUZCk9XdhSZcW/am8wBulYokITRMVHlbRXqu1pOFmQMO5oSpyZU3pXbsx+OxIOc4EDX0WMa9aH4+snt18WAXVGwF2B4fmBk7AtmkFzrTmbpmyVqA3KO2IjzMZPw0hQIDAQAB).
  • Verify the digital signature using the related Digital Signature Certificate from the government portal.

This process ensures that the data within the QR code is genuine and hasn’t been altered. It’s crucial for maintaining the integrity and authenticity of electronic invoices.

Leave a comment

Your email address will not be published. Required fields are marked *