Digital Signature Comments in DSAL
Ok...I've spun my wheels on this one for a while, like usual, I'm missing a piece of the puzzle somewhere.
I'm trying to see digital signature comments in transaction code DSAL. My system is on support levels SAP_ABA - SAPKA64019 and SAP_APPL - SAPKH50016. I bring this up because this level still requires that I implement the corrections in OSS notes 1027446, 992731 and 994320. I've approached prototyping this thing very simply...I am using program DSIG_BOOKING_EX and the masterful 'Digital Signature Tool' Implementation guide written by Dr. Matthias Schuler, Dr. Thomas Wiechorek and Dr. Uwe Dittes (this guide is in version 3 so it is solid). Everything works fine except for the comments. : (
Ok, according to OSS note 1027446 I should be seeing an additional button on the DSAL screen. I don't. I'm not giving up (don't have that option), but I thought (hoped) someone else had the same issue and has already worked through it.
I'm still working on it...if I find the answer I'll make sure to post it. (Can I give myself points?) ; )
Note 1106863 was created to fix this problem. It is now available.
Similar Messages
-
Issue in Digital Signature Logs in DSAL Transaction
Hello,
Please help me resolve one of my issue regarding digital signatures in sap.
As per my company requirement we want that logs should be generated in DSAL Transaction in SAP.
We are using SIGN_SIGNATURE_CREATE bapi for creating the digital signature of the user.
Now when this bapi runs and returns the digital signature successfully then also we are not getting any
success logs in DSAL transaction.
So please let me know what are the necessary configurations required so that we get logs in DSAL transaction
weather digital signatures successfully generate or if some exception occured.
Please reply ASAP.
Regards.
Abhinav Goel.Are you sure the Digital Signature Log isn't updated? Make sure you select the correct Application and Signature Object in the selection screen of DSAL. At least interface IF_DS_RUNTIME updates the log, even for non-standard strategies/applications/objects.
Update: I checked the function module SIGN_SIGNATURE_CREATE which isn't a BAPI and it's not even released. It appears to be a low level API, I suggest you look into using IF_DS_RUNTIME instead. -
Digital Signature Logs in DSAL Tcode
Hello All,
Please help me to solve one issue.
I have successfully created the configurations and code to digital check the R/3 User and password
of user and accordingly receiving the logs in DSAL tcode also using if_ds_sign-sign method.
But issue is that we cannot pass the password of the user in this method,a pop screen screen comes which ask
for password manually when we execute this method.
So please let me know if any other method or bapi or any other way ,with which i can pass user id and password from code and it is digitally checked and logs also gets populated in DSAL tcode accordingly.
Regards.
Abhinav Goel.Hello Samuli Kaski,
Thanks for you reply.
I have successfully achieved the requirement by creating a BDC code.
Regards.
Abhinav Goel. -
Temporarily disable Digital Signature Checks to Install MS SQL Server 2008 with no Internet Access
I am attempting to install a licensed copy of MS SQL Server 2008 in a Private Enclave that does NOT have Internet access on a Win2008 R2 SP1 server (that is VM - thus I can't reboot and press F8 to select "Disable Driver Signature Enforcement"
). The installation fails with an error of the vc_red.cab file being found either corrupt or a bad digital signature. The file is good, but the signature has an expiration of 2011. I understand that a DOTNET SDK v1.1 program called setreg.exe
will enable disabling the digital signature check, but I am not permitted to use that program.
I might be permitted to use the "Signtool.exe" utility, but it is not clear what command sequences are necessary to disable and then re-enable the Digital Signature checks.
I saw a thread that recommended using the command:
bcdedit.exe /set nointegritychecks ON
However, the comments indicated that this might not have worked.
Are there Registry settings I can use with regedit to make the necessary changes to be able to install the application? I anticipate running into this problem with other software when I do not have Internet connectivity. I already tried
downloading the Microsoft CRL files; updated the lists on the Server; and rebooted. This did not solve my problem.Hi,
As far as I know, it is not recommended to disable digital signature check.
Since we are not familair with installing MS SQL server, please also refer to SQL forums below to see if experts there have more insights regarding the matter.
https://social.technet.microsoft.com/Forums/sqlserver/en-US/home
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
How to format the text in a Digital Signature for a PDF in landscape orientation?
I have a custom Digital Signature plug-in which prompts the user to enter few details on a dialog and then renders the signature. Now, the problem is for a page which has PDPageGetRotate value as 90. In this case, the entire content(text) in the signature is rendered reversed i.e its displayed upside down. However, for a page in portrait mode, i.e with rotation value as 0, signature is correctly displayed.
Can anybody help me by explaining which callback/method to use to frame the text appearance? I think there needs to be some change in the parameters passed to DigSigAPCreateLayeredStreamEx, am i correct?
Let me know any comments/suggestions on this issue of correctly rendering text in a digital signature for a rotated page.Just setup the appropriate transformation matrix.
-
Digital Signatures - how to prevent anyone from using my name
I've created a bunch of forms that have digital signatures enabled. When I've created one either with the PKCS or the Windows Certificate, what's to prevent anyone else from just typing my name, email address and Company Name? Yes, I can create one and save it with a password, but anyone can do that. I'm confused how I can ask our users to use digital signatures on internal documents, then have them email to accounting or HR, yet there's nothing to prevent anyone from using anyone else's name (ie how can I prove that it wasn't me that signed it)?
Is there nothing that's tied to Windows ie I can't use my login ID on our domain unless I use my network password? That's really the ONLY way I can prove I'm me.Self-signed digital signatures are precisely that - the person creating them is the only one attesting to the contents, so you can make a perfectly-valid self-signed ID for Canta Claus of you want to. The critical thing to remember is that a self-signed ID will only validate if the recipient has your keyfile to compare it to. On your own machine it will show as valid because the key is present, but if you send the PDF to anyone else it will show as invalid unless you have separately transferred them a copy of your keyfile. It's that second file which tells them the ID is really yours, as they can physically check where it came from (e.g. by phoning you up). The recipient would then have to manually add the keyfile to the trusted list in Acrobat or Adobe Reader, and finally your PDF signature will get the green tick.
Self-signed IDs are find for internal company workflows as everyone can share their keyfiles, and the IT department can manage what's going on. If you're using digital IDs in a public setting you should never use self-signed certificates, instead you should purchase an ID from a Certificate Authority - a company whose IDs are tied to the 'root certificates' embedded in Acrobat and Adobe Reader. The CA will require proof of identity before selling you the cert, and so anyone can verify it's genuine without needing to contact you. CAS-issued certs for signing PDF files are not cheap, there are several vendors out there and I won't comment on which may be better. -
How to deal with digital signatures when converting messages?
Hi there,
this it not (yet) about the actual implementation. It's more of a logical problem that I'm facing.
There are two partners A and B. A is sending an EDIFACT document which is digitally signed to B.
B has a XI instance that is converting all incoming messages into IDocs, in this particular case INVOIC. This IDoc is received by the R/3 system.
All invoices must be archived due to an eventual tax inspection.
In order to fulfill the security requirements all archived data must be digitally signed.
So far so good.
I guess I'm not allowed to sign my invoices with my own private key due to the fact that i could alter the containing data and sign it again.
It's obvious that I cant apply the digital signature from the EDIFACT message to my IDoc because the data has changed and therefore the signature is invalid.
The only solution to this problem, that I can imagine, is to archive EDIFACT alongside IDoc.
Have you experienced a similar problem or do you have any other idea in order to solve this issue?
I hope my problem is well defined.
Any comment is appreciated.
Thanks in advance
Bastian StratmannHi Bastian,
it is not possible to separate the signature from the document signed.
The system A generates and EDIFACT message -> A has the responsibility on this message and so A sign it.
XI manipulate the message received from A, that means XI generates a new message. -> XI has the responsibility on it, so if you want a signature this should be generated by XI.
As the IDoc was generated by XI it cannot be signed by A (neither technically nor logically) because A has no responsibility on it.
XI <b>is</b> altering the message so XI is responsible for it.
In this case you have to store both the EDIFACT message and the IDOC and maybe sign this new document (EDIFACT+IDOC) with XI signature .
Kind Regards,
Sergio -
Sorry if I am posting this question in the wrong location, but hopefully someone who sees this message will be able to answer or point me in the right direction. I did perform a search and could not find a definitive answer.
There are documents in my company that will be circulated for approval and we would like to apply digital signatures to indicate that certain personnel have reviewed/approved these documents. I have the capability with Acrobat 3D version 8.1.5 to add digital signatures to a PDF. My question is: Is that true of all versions of Acrobat? If not, can anyone tell me the most recent version of Acrobat that has this capability or how I might find this out. I won't necessarily be the one creating the PDFs; thus, the question. Also, is there a better practice for indicating review/approval of a document?
JaniceHi Janice,
First thing, the comment above is incorrect. You can most certainly add multiple signatures to a single PDF file, and one signature does not invalidate the next.
Onto your question; if you want to author the document with existing signature fields in a specific location you need Acrobat. However, once the fields exist you can “Reader enable” the document so the signature field can be signed using either Acrobat or Reader. If the file has been Reader enabled, then the user can create (place) a signature field wherever they like.
The ability to add signature fields has been in Acrobat since version 4 when digital signatures were introduced. The ability to sign using Reader has been around since version 5.1 (there was no 5.1 of Acrobat, only Reader). The ability for Acrobat to “Reader enable” a document for signing has been there since version 8.0.
Does this answer your question?
Steve -
Digital Signatures per page rather than per document
I am looking for some type of solution allowing for digital signatures for pdf files using a certificate authority.
These documents will have signatures on each page.
Am looking for a solution which would be able to validate on a page-by-page basis rather than the entire document.
For example, if we had 10 pages with one signature on each page, and page 7 was changed, would only expect that the signature on page 7 be validated when making changes and not forcing the signatures on all the other 9 pages to be resigned.
Is anyone aware of such a solution?I have a similar problem. Firstly, I understand the "flawed" comment above but reality is flawed.
I have a number of documents in excess of 1000 pages which I am attempting to manage digitally. However, they need to be available for inspection by my regulator who still requires a paper format. I would like to be able to print, (or have my regulator print), the digitally signed document but still have something, even a small code or watermark, that would be printed on each page to tie the paper to the digital signature on the front of the document.
Is there such a feature? -
Hi All,
Will u please let me know the cancellation procedure using digital signatures in detail?
I have proper config setup for approval of documents using digital signatures. Does cancellation too require any special config setup?
Also, I read that the comments section in digital signature pop up does not get saved at all.
Now, If i want to capture the reason for cancellation in workflow - how do i go about doing it ?
Regards,
Venkat
[email protected]Hi All,
Will u please let me know the cancellation procedure using digital signatures in detail?
I have proper config setup for approval of documents using digital signatures. Does cancellation too require any special config setup?
Also, I read that the comments section in digital signature pop up does not get saved at all.
Now, If i want to capture the reason for cancellation in workflow - how do i go about doing it ?
Regards,
Venkat
[email protected] -
Once a form has been signed with a digital signature, why can't you insert a bookmark?
We are using Adobe 9 on Windows XP, I'm not sure what the forms are created in.
I understand why you wouldn't allow a form to be changed once it's been signed digitally (because the person is attesting to the contents as they are when the person signed the form). I don't understand why we can't add bookmarks to pages in the form? The bookmark technically is a change but not a substantive change to the form. Is there a way to add links to places in the form after a digital signature has been created?Hi Christic3,
This is a bit geeky, but here goes. Think of the PDF file in two layers (there are really more, but we'll keep it at two for simplicity). The bottom layer is the PDF content such as fonts, structure tags, and pages. The top layer is form data and comments (aka annotations). When you sign the PDF you sign everything (both layers), but the only allowable changes to the file are additions to the top layer. You can add form data and comments, but you cannot modify anything in the bottom layer without breaking existing signatures. In fact, you can't change (by change I mean modify or delete) anything on the top layer either, but you can add new (unsigned) items.
Bookmarks are part of the underlying PDF structure. Because they are as integral to the underlying structure as anything else, the ability to modify the bookmarks is locked after signing, otherwise it would be too easy to break the signature.
Steve -
How to export & reconstruct a digital signature
I would like to submit a reader-enabled pdf form with a digital signature from within a browser.
I'm currently using CoSign Digital Signature to successfully create the signature. I have created a test form with Acrobat X Pro and assigned the "Submit a Form" action to the submit button. The form is configured to submit to a perl cgi, with the Export Format set to FDF with the following settings...
- Field Data
- Incremental changes to the PDF
The post data is received as the POSTDATA parameter and printed back to the browser as content-type: application/vnd.fdf. However, when the fdf is printed back to the browser the digital signature is not included in the signature field. The rest of the form is populated successfully. If I log the POSTDATA value, I can see what appears to be the digital signature.
According to the Adobe docs...
"FDF Exports as an FDF file. You can select one or more of the available options: user-entered data, comments, and incremental changes to the PDF file. The Incremental Changes To The PDF option is useful for exporting a digital signature in a way a server can easily read and reconstruct."
My question is, how do I reconstruct the digital signature so that I can save it offline within the PDF file?
ThanksYou can't sign a blank document simply by importing an FDF. The data is in the FDF, but the appened saves (aka incremental change) would have to be extracted from the FDF (e.g., using the no longer supported FDF Toolkit) and then concatenated with the original blank form that was used by the person who filled-in and signed. I can't say for sure this will work any more anyway as Acrobat/Reader has changed the way this works and does a Save As (as opposed to Save) when a document is signed, so there is no incremental change data any longer.
-
How to send a digital signature across sockets ?
i have wriiten java code for client server communication - the client sends a digital signature and the server verifies it using the public key .I have sent the signature as a string from the client to server.although the verification comes as true most of the times , some times it comes as "false" .i dont know why it comes that way .
so my question is ::: is there any problem in sending the digital signature as a string. if so , then how can i send it across sockets ?
i have used the necessary specs [ X509EncodedKeySpec , PKCS8EncodedKeySpec ] to write and read the private , public keys.so i dont think its a problem with the keys .
thank you :)
Edited by: itcoll on Dec 1, 2008 2:43 AM
Edited by: itcoll on Dec 1, 2008 2:54 AMso my question is ::: is there any problem in sending the digital signature as a string.Depends how you constructed the string, how you sent it, and how you received it. Not knowing any of those things it is impossible to comment further.
-
SAP Digital signature solution in Invoice output PDF document
Hi,
We are trying to POC SAP Digital signature solution for Invoice output pdf document based on the OSS note 700495 implemengtation guide.
- Defining the log structure and database table.
- Defining signature single step and authorization group and assignment.
- Completed the configuration steps including system signature with authorization by SAP user id and password.
- Release strategy and Archiving NOT implemented for this solution as they are not required as of now.
Checked the above settings using DSIG_BOOKING_EX sample program and the same executed successfully without any errors and we can see the result 'Signature process was successfully completed by user XXXXXX'. Also we can view the signature log in DSAL Transaction.
Similar to the sample program code, Implemented the signature call in user exit ZXMCVU05(EXIT_SAPLMCS6_001) for Invoice output digital signature during VF01 create transaction.
In the process signature call processed successfully but the output PDF document does not have any signature.
Please let me know why digital signature NOT applied to invoice output pdf file. Is there any other process that need to be done?
Also if you have implemented any similar solution, please provide me the details on the same.
Thanks!Ritwika,
Are the User Name and Password correct? Is the User assigned to the SAP_XMII_User role in Netweaver? On the iCommand's Security screen, is the SAP_XMII_User assigned as a Reader role?
Have you checked the Netweaver log? There may be more detailed information there.
Kind Regards,
Diana
Edited by: Diana Hoppe on Mar 3, 2011 9:50 AM -
For 4 months the visible signature worked perfect.
But today when I make a visible signature it is not visible.
It seems to be kind of periodic:
I tried one PDF document, and the visible signature was not visible
Then I tried with another document, and the first time the signature was visible.
When I tried more times on the original second document, the signature was every time invisible.
I use Windows 7, 32 bit, and Adobe Acrobat XI 11.0.10.
Regards FinnI use digital signature with certificate.
I don't know why I got the idea that the signature was there, but invisible.
I can now see that I still have the possibility to sign the document where the signature is "invisible", this indicates of course that there is no signature.
And there is no signatures in the Signature panel.
However, this is what I see:
I press the icon "Digitally sign document"
I drag with the mouse to select the area for the signature
In the dialog box "Sign document" I choose reason, and click "Sign"
I choose a name for the signed document
I give the code for the certificate(at this time the signature is visible on the document)
After this there is no signature but the ducument was saved with the new file name
I don't get any error mesages during this
But in the dialog box "Sign document" I now tried to press the "Review" button
and I get the message:
Report code Description
2007 Page content may silently change
1001 Comment or form field may silently change
1002 Comment or form field may silently change
Does this information help?
Maybe you are looking for
-
So, awhilw back I tryed to sync my ipod with my friends itunes library, my ipod didn't have any room to store all the music so all the songs came up but can't be played. I tryed to sync my ipod to my itunes library, and it keeps saying the ipod's ove
-
Apex 3.1.2 - missing column in CSV output
Hi, We recently moved our application to apex 3.1.2. There is a report with a CSV output that worked fine in apex 3.0. With the same report in apex 3.1.2, one column is missing in the CSV file but is showing on the report. Show column is set to YES,
-
Issue while trying to create Sales Order from Inbound Idoc ORDER05
Hi All, I am trying to create a sales order through an Inbound idoc ORDERS05 created out of a Purchase order. The header pricing conditions from the Purchase orders gets populated in E1EDK05 segment and this needs to go to the Sales order header cond
-
IMac 27" with Lion upgrade ... daily hangs! Need help and support
Dear Apple, Mid-July we got an iMac27" with Snow Leopard installed. First week of August I upgraded to Lion via web download (from Apple Store). Since then the iMac has frequently hung. It goes in two stages: 1) the cursor gets round with rolling col
-
While recently moving, I unpacked and tried to start on a session/project and came across this crash report, unable to work on a few projects: Process: Logic Pro [306] Path: /Applications/Logic Pro.app/Contents/MacOS/Logic Pro Iden