Encryption and Digital signature in SAP

Similar Messages

• Outlook 2010 "forgets" Encryption and Digital Signature preferences

  We have several users in our enterprise environment who's Encryption and Signature preferences are not being retained in Outlook. They, seemingly randomly, lose the selected Sign and Encrypt all mail options throughout the day. We are using smart card certificates,
  Outlook 2010 and Exchange 2010...
  Has anyone seen this or do you have suggestions on what to look at?

  Hi,
  How did you use the smart card in your environment? Did you use a reader that is attached to your computer or it is inserted to the USB interface of your computer?
  Does those users who have the problem use the smart card in a different behavior comparing to those don’t have the problem?
  We should keep the smart card inserted when you want to digitally sign or encrypt your messages. When the smart card is removed, the certificate is no longer available.
  If I’ve misunderstood something, please feel free to let me know.
  Regards,
  Steve Fan
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• GPO For Outlook Certificates Used For Encryption and Digital Signatures?

  How can we configure a group policy to distribute certificates to Outlook 2010 users so they can digitally sign and encrypt messages without requiring much effort on their end?
  The users will become confused and make mistakes if we ask them to follow instructions on how to download and import certificates into Outlook 2010 manually.  Can we automate this with Group Policy?

  Would a certificate "autoenrollment" GPO work for these types of certificates?
  Yes. Here's a good guide. The user will still need to choose to sign, or encrypt, unless you want to enforce that in some way. If you are sending signed or encrypted email outside of your AD, you will need to solve how the recipients will get your root cert,
  etc.
  http://davidmtechblog.blogspot.com.au/2013/06/exchange-2010-security-smime-part-1.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-2.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-3.html
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Files encrypted and digital signed with cFolders

  Dear all,
  Currently I'm involved on a PPS project with cFolders. This project has legal requirements that consist in implementing encryption and digital signature in files which will be uploaded to cFolders. I've been searching on SAP Help, SDN and Service Marketplace about APIs to work with cFolders with encryption and digital signatures, but I didn't find related documents. It seems there is no documentation regarding such scenarios...
  Anyone has experience in cFolders with files encrypted and digital signed?
  Thanks in advance & regards,
  Ricardo.

  Hi Federico
  If I understood your solution you are signing your documents in a Webservice provided from a CA. For that youu2019ve created an RFC dest type G over ssl (https) and used the class CL_HTTP_CLIENT. So your requirement is only to sign documents, right?
  Well my scenario seems a little bit different as Iu2019ve to encrypt the file and also sign it. The signature is done on useru2019s laptop trough a smartcard (hardware device connected via USB that reads the chip the certificate assigned to our identity card) and cannot be signed from other entity than the user itself.
  Did you explore the PGP alternative? cFolders supports this kind of files (*.pgp). The PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt files, e-mails, etc.
  Today I installed a trial version of a PGP tool. I tested the encryption/signature with files on my desktop and it works fine. I tested a Public Key scenario where the owner publishes his PK in cFolders and the requester gets this PK in cFolders as well. The requester now can encrypt documents and upload them to cFolders with the public key provided by the owner; the owner itself has the private key to open the encrypted file (extension .pgp) after upload. But over the encrypted file the requester must sign it with his private key (another certificate) provided by a CA and here starts the second challenge...
  In cFolders after the file upload the system should gets the requester digital signature and sends it to CA for validation, only after that we know if the requester is a trusted partner or not. To do this we are thinking to use a Webservice provided by the CA, however I don't know how to extract/get the signature in the file encrypted/signed from PGP and uploaded to cFolders.
  Do you have any idea?
  Thanks & regards,
  Ricardo.

• Use of 3rd party Digital Signatures in SAP enviornments

  Hi all,
  I wanted to inquire about 3rd party digital certificates usability within the SAP environment. for e.g can Verisign digital certificates be used within the SAP environment. Any directions/links on related reading material would be highly appreciated. How certs can help in compliance etc.
  ARK.

  Hi Lanij,
    Check URL http://help.sap.com/saphelp_nw2004s/helpdata/en/37/504b8cbc2848a494facfdc09a359b1/frameset.htm
    This gives details on Adobe functions and digital signatures
  Also SDN has extensive documentation on Adobe Interactive forms and digital signatures available at
  https://www.sdn.sap.com/irj/sdn/adobe
  Regards

• Encrypting a digital signature

  Hi,
  I have a problem, I'm trying to encrypt a digital signature (SHA1withRSA) using symmetric encryption (Rijndael). But when I decrypt the signature bytes and verify the signature I get the message that the signature is not ok, even though I know it is.
  Does anybody know what's the problem?

  Hi floersh
  Thanks for answering.
  I'm sending you the code which I use, the functions and the main method.
  Please, if you have the time give it a look.
  Running the code I noticed that :
  1) The message digest is 20-bytes long
  2) The signature is 128-bytes long
  3) The encrypted signature is 32-bytes long
  4) The decrypted ciphertext (signature) is 16-bytes long
  And I also noticed that the decrypted signature bytes are the same with the 16 last bytes of the original signature.
  As you can see I'm using SHA1withRSA to create and verify the signature, where the public and private keys are 1024-bits long, and the Rijdael (192-bits key)cipher, with CBC and PKCS5Padding, for symmetric encryption and decryption. I have also tried to use Rijndael with ECB and PKCS5Padding and still doesn't work, and Rijndael with ECB and NoPadding where I get a BadPadding exception.
  I look forward for your reply.
  public static void generateAndLockKeys(String publicKeyFilename,String privateKeyFilename) throws Exception{
  KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
  keyPairGenerator.initialize(1024);
  KeyPair keyPair = keyPairGenerator.genKeyPair();
  byte[] publicKeyBytes = keyPair.getPublic().getEncoded();
  FileOutputStream fos = new FileOutputStream(publicKeyFilename);
  fos.write(publicKeyBytes);
  fos.close();
  byte[] privateKeyBytes = keyPair.getPrivate().getEncoded();
  fos = new FileOutputStream(privateKeyFilename);
  fos.write(privateKeyBytes);
  fos.close();
  public static PrivateKey getPrivateKey(String privateKeyFilename, String password) throws Exception{
  FileInputStream fis = new FileInputStream(privateKeyFilename);
  ByteArrayOutputStream baos = new ByteArrayOutputStream();
  int theByte = 0;
  while ((theByte = fis.read())!= -1)
  baos.write(theByte);
  fis.close();
  byte[] keyBytes = baos.toByteArray();
  baos.close();
  PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
  KeyFactory keyFactory = KeyFactory.getInstance("RSA");
  PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
  return privateKey;
  public static PublicKey getPublicKey( String publicKeyFilename) throws Exception{
  FileInputStream fis = new FileInputStream(publicKeyFilename);
  ByteArrayOutputStream baos = new ByteArrayOutputStream();
  int theByte = 0;
  while ((theByte = fis.read())!= -1)
  baos.write(theByte);
  fis.close();
  byte[] keyBytes = baos.toByteArray();
  baos.close();
  X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
  KeyFactory keyFactory = KeyFactory.getInstance("RSA");
  PublicKey publicKey = keyFactory.generatePublic(keySpec);
  return publicKey;
  public static boolean checkSignature( PublicKey publicKey, byte[] plaintext, byte[] signedtext) throws Exception{
  Signature signature = Signature.getInstance("SHA1withRSA");
  signature.initVerify(publicKey);
  signature.update(plaintext);
  boolean authorized = false;
  authorized = signature.verify(signedtext);
  return authorized;
  public static byte[] signWithSHAAndRSA(byte[] plaintext, PrivateKey privateKey) throws Exception{
  Signature signature = Signature.getInstance("SHA1withRSA");
  signature.initSign(privateKey);
  signature.update(plaintext);
  byte[] signedBytes = signature.sign();
  return signedBytes;
  public static byte[] encryptWithAES(byte[] plaintext, Key key, byte[] iv) throws Exception{
  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  IvParameterSpec spec = new IvParameterSpec(iv);
  cipher.init(Cipher.ENCRYPT_MODE, key,spec);
  cipher.update(plaintext);
  byte[] ciphertext = cipher.doFinal();
  return ciphertext;
  public static byte[] decryptWithAESKey (Key AESKey, byte[] ciphertext, byte[] iv) throws Exception{
  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  IvParameterSpec spec = new IvParameterSpec(iv);
  cipher.init(Cipher.DECRYPT_MODE,AESKey,spec);
  byte[] decryptedText = cipher.doFinal(ciphertext);
  return decryptedText;
  public static Key generateAESKey() throws Exception {
  KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
  keyGenerator.init(192);
  Key key = keyGenerator.generateKey();
  return key;
  public static byte[] initAndReturnIV(){
  SecureRandom random = new SecureRandom();
  byte[] iv = new byte[16];
  random.nextBytes(iv);
  return iv;
  public static void main(String[] args) throws Exception{
  Security.addProvider(new BouncyCastleProvider());
  try {
  generateAndLockKeys(System.getProperty("user.dir") + System.getProperty("file.separator") +
  "PublicKey",System.getProperty("user.dir")
  + System.getProperty("file.separator") +"PrivateKey");
  } catch (Exception e) {}
  Key AESKey= generateAESKey();
  byte[] iv = initAndReturnIV();
  byte[] array2 = signWithSHAAndRSA("Hello".getBytes("UTF8"),getPrivateKey(System.getProperty("user.dir")
  + System.getProperty("file.separator") +"PrivateKey"));
  byte[] he = encryptWithAES(array2,AESKey,iv);
  byte[] hd = decryptWithAESKey(AESKey,he,iv);
  boolean ok = checkSignature(getPublicKey(System.getProperty("user.dir") + System.getProperty("file.separator") +
  "PublicKey"),"Hello".getBytes("UTF8"),hd);
  }

• Digital Signature for SAP Script

  Hi ABAP Gurus!
  Is it possible to implement the Digital signature in SAP Script.
  If the printer has properties to print Signatures.
  Any one implement succesfully digital signature in SAP Script.
  Your suggestion and guildlines will be apprecaited.
  Thanks!

  Hi Reddy,
  What I did was a image signature. Scan the signature into a image file, upload it to system via transaction code SE78.
  Call the image to be printed on your form with the below code
  BITMAP 'ZMY_SIGNATURE' OBJECT GRAPHICS ID BMAP TYPE BMON
  Is this applicable to you?

• Digital Signature in SAP DMS

  Hello,
  We want to implement digital signatures in SAP DMS, but we're not sure on how to accomplish it. We have the following scenario:
  1. All the users have a digital certificate which is part of the Portuguese ID card;
  2. Currently we're all using this certificate to digitally sign e-mails (they use their laptops integrated card reader), for example;
  3. We also want to use this certificate to sign DMS documents.
  Do you think the above mentioned scenario is possible without licensing additional software? If so, can you guide me through the customization steps?
  Thanks in advance.
  Kind regards,
  Ricardo

  Hi Ricardo,
  It is quite possible to achieve your requirements using the digital signature strategy available in SAP DMS. I have previoulsy answered the steps involved [here|Digital Signature on Original File; and you may additionally look up [Wiki|http://wiki.sdn.sap.com/wiki/display/PLM/Digitalsignaturein+DMS] and [SAP Help|http://help.sap.com/saphelp_470/helpdata/en/9f/857f3a1c7b11d294d200a0c92f024a/frameset.htm] as well.
  In your case,more specifically,you need to adopt the signature method during customization as 'User signature with external security product with/without verification' for which your I-Card reader would also be required.
  Regards,
  Pradeepkumar Haragoldavar

• Outlook 2013 won't auto-save emails if encryption or digital signature is enabled.

  In Outlook 2013, I recently noticed that although I have Autosave enabled, I never get drafts autosaved. The option is located in File > Options > Mail > "Save Messages" section > "[ ] Automatically save items that have not been
  sent after this many minutes [3]."
  Experimenting with why I have lost 2 long emails after system crashes, I discovered that Outlook 2013 will
  only automatically save emails if the Encrypt and Sign buttons are turned off. By default, I enable both in our corporate environment. So I never benefit from auto-save. I've changed the Autosave location and tested various other settings to
  no avail. But Autosave always works fine if there's no digital signature or encryption enabled.
  Has anyone else encountered this? Is this a bug?

  Hi,
  I just tested on my Outlook 2013 and experienced exactly the same.
  This is pretty much by design, actually you may find you are even unable to manually save these emails as drafts if encryption or digital signature is enabled.  I can also confirm some email service providers don't allow saving Encrypted Emails
  as drafts either, so this is not a bug but how it works in Outlook.
  Regards,
  Melon Chen
  TechNet Community Support

• Adobe Interactive Forms and Digital Signature

  Adobe Interactive Forms and Digital Signature
  Hi, I’ve a question if it works to digital sign interactive PDF documents created by an SAP BPM System? So is it possible just to sign the content, and not the interactive components like layout and buttons e.g.?
  Thanks for your help.
  Regards,
  Tobi

  serverside or at the client??

• Digital signature in SAP

  I would like to know more about Digital signature in SAP.  If it SAP support this, then how can we implement the same. Is it possible to send an SAP output (PDF format) with digitally signed?

  WELCOME TO SDN.
  plz SEARCH in SCN before posting.
  [Digital signature in SAP|https://forums.sdn.sap.com/click.jspa?searchID=25740896&messageID=7355413]

• Outlook Pro 2013 Crashes On Send After Checking ENCRYPTION and DIGITAL SIGNING

  I bought and imported a Digital ID today. After doing so I went in and checked the boxes in TRUST CENTER to allow for ENCRYPTION and DIGITAL SIGNING. After doing so, every time I hit SEND on my emails, it sits, spins, sits, and never recovers. The application
  hang error is below. Please note that the SOFTWARE PROTECTION SERVICE seems to stop working in EVENT VIEWER as well before each app hang.
  If I go in, UNCHECK those security settings, and reopen OUTLOOK, all is well.
  OUTLOOK EVENT LOG
  Log Name:      Application
  Source:        Application Hang
  Date:          6/10/2013 1:05:22 PM
  Event ID:      1002
  Task Category: (101)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      MS-Home
  Description:
  The program OUTLOOK.EXE version 15.0.4505.1002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
   Process ID: 2138
   Start Time: 01ce65fb8d98576a
   Termination Time: 16
   Application Path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
   Report Id: e9ecd5fa-d1ef-11e2-be85-6045bdde9c2f
   Faulting package full name:
   Faulting package-relative application ID:
  Event Xml:
    <System>
      <Provider Name="Application Hang" />
      <EventID Qualifiers="0">1002</EventID>
      <Level>2</Level>
      <Task>101</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-06-10T17:05:22.000000000Z" />
      <EventRecordID>8066</EventRecordID>
      <Channel>Application</Channel>
      <Computer>MS-Home</Computer>
      <Security />
    </System>
    <EventData>
      <Data>OUTLOOK.EXE</Data>
      <Data>15.0.4505.1002</Data>
      <Data>2138</Data>
      <Data>01ce65fb8d98576a</Data>
      <Data>16</Data>
      <Data>C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE</Data>
      <Data>e9ecd5fa-d1ef-11e2-be85-6045bdde9c2f</Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
    </EventData>
  </Event>

  Run Outlook with safe mode to check the result. ("Outlook.exe /safe")
  Create a new Outlook profile to test that.
  How to use ADPlus.vbs to troubleshoot "hangs" and "crashes"
  http://support.microsoft.com/kb/286350
  Tony Chen
  TechNet Community Support

• Mail missing Encrypt and Digitally Sign buttons

  I don't have the option of encrypting or digitally signing any e-mails I compose in Mail. I have a valid security certificate in my Keychain Access, as well as valid certificates for my contacts. I can't find an option to show/add the encrypt and digitally sign buttons either.
  When composing a new message, the drop down box next to the subject line only gives the following options:
  CC field
  BCC field
  Reply-to address field
  Priority field
  Customize...
  I know where these two buttons should be and what they look like, but they're just not there. Any ideas or suggestions?

  I finally have a solution to this problem. I had been trying to use a .cer security certificate issued by Comodo, it had worked just fine on Windows but my Mac didn't seem to like it. I also tried creating my own certificate through OSX, but even after I created it I still couldn't see the buttons.
  I had someone direct me to this webpage which ultimately helped me fix the problem:
  http://allforces.com/2007/03/02/email-security/
  I ended up using Thawte to issue me another security certificate (this time it was an x.509 file), the security certificate automatically opened in Keychain Access and downloaded to the Certificates and My Certificates folder. Once I shutdown Mail and restarted it I had the buttons for both encryption and digitally signed. Of course the encryption button is still greyed out because it is a new certificate and I need to make sure my Address Book contacts have a copy of it before I can encrypt.

• General Question about how to encrypt-decrypt and Digital signatures

  Hi,
  We're developing classes for encrypting and signing a txt message and for decrypting and validating the signature of the message. Everything works properly but I have several questions, they're not about code:
  1st We're encrypting the message following this way:
  -generating a number which is gonna be the password
  -encrypting the message in AES with this password
  -encrypting the with the public certificate of the receiver the password
  -We pack everything, encrypted message+ encrypted password in a File with public key of the receiver.
  The questions we have for this issue are:
  -Is it okay? or can I do it more efficiently.
  -is it a standard for developing encrypting software? We've followed java api tutorials
  -Can we decrypt this message using comercial software? it just plain text(of course if we have the private key)
  2nd We take this message and we sign it with our private key
  -We use CMS classes from bouncycastle libraries
  The questions we have for this issue are:
  - How can I check , with comercial software, whether this message is signed ok and is valid.
  - How can I know whether this way of signing is in compliance with PKCS7-CMS standard?
  Thanks in advance
  if you need more information ask me

  The file multiscreen.html apepars to do the following:
  It tests if the browser is running on a "hand held device".
     This means it looks to see if the device name includes:
            "blackberry","android","iphone","ipad","symbian","smartphone","ios","windows ce","webos"
  If the answer is Hand-held then the HTML5 published module is loaded. Otherwise it loads swf.
  I can see no check that Flash player is loaded before making the choice, nor does it check the compatability of the HTML5 on the "hand held" device. In other  words it isn't very "smart"

• Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

  Hi there,
  we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.
  1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:
  - check whether the SAP Java Crypto Lib is installed in the Web AS;
  - generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.
  Is that right?
  I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).
  2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.
  But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?
  Thanks in advance!

  Hello Henrique,
  1. You're right. For detailed instructions please have a look at the online help: http://help.sap.com/nw04 - Security - Network and Transport Layer Security - Transport Layer Security on the SAP J2EE Engine
  2. The SOAP adapter supports security profiles. Please have a look at the online docu http://help.sap.com/nw04 -Process Integration - SAP Exchange Infrastructure - Runtime - Connectivty - Adapters - SOPA Adapter - Configuring the Sender SOAP adapter and from the link under Security Parameters to the Sender Agreement. You'll find some additional information in the following document: http://service.sap.com/~sapdownload/011000358700002767992005E/HowToMLSXI30_02_final.pdf
  Rgds.,
  Andreas