If you read the Help page “Emailing Receipts” in recent versions of DONATION, there’s a section at the bottom, headed “Concerns for Canadian Users”, about the Canada Revenue Agency’s requirements for electronically-transmitted (e.g. emailed) receipts. The concerns there don’t seem to apply to US receipts, which have much looser requirements. However, US readers of this blog may still have an opinion about the following, because it concerns a feature I plan to introduce into the program that they could use too.
The one CRA requirement for emailed receipts that DONATION does not currently fully satisfy is “the document should be encrypted and signed with an electronic signature”. The emailed receipts (which are PDF files) are indeed encrypted, to prevent modification, but they are not signed with an electronic signature, which guarantees that they have not been modified. N.B. This is not the same as a bitmap signature, which DONATION can already include, but rather refers to a digital signature.
Up until now, the software I use to create the PDF files in DONATION, novaPDF, has not supported the use of digital signatures. They have just released a version that does, but I have realized that there’s an issue. You can get digital signatures in two ways: either purchase them, from a recognized Certificate Authority (CA) like Verisign, or create what is called a self-signed certificate, which is free but does not come from a CA.
I cannot imagine many of my users wanting to go to the bother and expense of purchasing a digital certificate from a CA, just in order to satisfy this small CRA requirement. So creating self-signed certificates, which is fairly easy via the novaPDF software, is probably all they would do. But, if you attach a self-signed certificate to a PDF file, and then open that PDF in the regular Adobe Reader, its tool for checking a signature’s validity will say “Signature validity is unknown”, because it’s not connected to a recognized CA.
My question for you is this. Would users of DONATION not want to attach self-signed certificates to their emailed PDF receipts, because they would be afraid that their donors would see that message about the signature validity being unknown, and then think there might be something wrong with the receipt, or questionable about the charity or church issuing that receipt? Because if a lot of DOATION users would worry about this, I probably shouldn’t even include this feature into DONATION, despite the fact that the CRA officially requires it.
Thank you in advance for your thoughts on this, which as usual would best be sent to me by posting a Reply on the blog, so we can all see each other’s comments.