documentation/content/applications/finance/accounting/reporting/data_inalterability.rst

================================
Data inalterability check report
================================

Tax authorities in some countries require companies to **prove their posted accounting entries are
inalterable**, meaning that once an entry has been posted, it can no longer be changed.

To do so, Odoo can use the **SHA-256 algorithm** to create a unique fingerprint for each posted
entry. This fingerprint is called a hash. The hash is generated by taking an entry's essential data
(the values of the `name`, `date`, `journal_id`, `company_id`, `debit`, `credit`, `account_id`, and
`partner_id` fields), concatenating it, and inputting it to the SHA-256 hash function, which then
outputs a fixed size (256-bit) string of characters. The hash function is deterministic (:dfn:`the
same input always creates the same output`): any minor modification to the original data would
completely change the resulting hash. Consequently, the SHA-256 algorithm is often used, among
others, for data integrity verification purposes.

In addition, the previous entry's hash is always added to the next entry to form a **hash chain**.
This is used to ensure a new entry is not added afterward between two posted entries, as doing so
would break the hash chain.

.. note::
   Hashes generated by the SHA-256 algorithm are theoretically not unique, as there is a finite
   number of possible values. However, this number is exceptionally high: 2²⁵⁶, which is a lot
   bigger than the number of atoms in the known universe. This is why hashes are considered unique
   in practice.

.. _data-inalterability/lock:

Lock entries with hash
======================

To start using the hashing function, go to :menuselection:`Accounting --> Configuration > Journals`.
Open the journal for which you want to activate the feature, go to the :guilabel:`Advanced Settings`
tab, and enable :guilabel:`Lock Sent Invoices with Hash` for sale journals, or
:guilabel:`Lock Entries Manually` for purchase and general journals.

For sale journals, the entry is automatically locked once it is sent. You can also click on the
button :guilabel:`Lock` on the invoice to lock it without sending it. For sale, purchase, and
general journals, the locking is always done manually using the same button.

To compute the hash of an entry, Odoo retrieves the predecessor entries of the chain (i.e., the
entries with the same sequence prefix) and hashes them in a continuous way from the last hashed
entry to the new entry to hash.

.. warning::
   Once you lock an entry in a locked journal, you cannot disable the feature anymore, nor edit any
   locked entry.

.. _data-inalterability/report:

Report download
===============

To download the data inalterability check report, go to :menuselection:`Accounting --> Configuration
--> Settings --> Reporting` and click on :guilabel:`Download the Data Inalterability Check Report`.

The report's first section is an overview of all your journals and their configuration. Under the
inalterability check column, you can see whether or not a journal's entries are locked with a hash
(V) or not (X). The coverage column tells you when a journal's entries started being locked.

.. image:: data_inalterability/journal-overview.png
   :align: center
   :alt: Configuration report for two journals

The second section gives you the result of the data consistency check for each hashed journal. You
can view the first hashed entry and its corresponding hash and the last hashed entry and its
corresponding hash.

.. image:: data_inalterability/data-consistency-check.png
   :align: center
   :alt: Data consistency check report for a journal