Java and digital signature standards

Hello,
I need to work with a 1024 bit RSA key (-sha1withRSA)
delivered to me in PKCS#12, PEM-coded formatted file.
What kind of libraries are available to me to work
with this key ? Are there some core language libraries
or external ones ? Opensource ? Commercial ?
thanks
N.B. I'm a newbee about digital signature.

Hi, not my field, but have you checked if bouncycastle supports RSA? That's a free cryptography API.
Cheers, HJK

Similar Messages

Implementing XAdES in Java XML Digital Signature API

Hi,
I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #SignP
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed,but while validating:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#SignP] is valid: falseHow can I fix this?
Signer class:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.utils.IdResolver;
public class SignatureTest1 {
     public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
     public static String signatureID="Sig1";
     public static String signedPropID="SignP";
     public static void main(String[] arg) {
        try{
          XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
          List<Reference> refs = new ArrayList<Reference>();
          Reference ref1 = fac.newReference
              ("", fac.newDigestMethod(DigestMethod.SHA1, null),
                  Collections.singletonList
                (fac.newTransform
               (Transform.ENVELOPED, (TransformParameterSpec) null)),
               null, null);
          refs.add(ref1);
          Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
          refs.add(ref2);
          SignedInfo si = fac.newSignedInfo
              (fac.newCanonicalizationMethod
               (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                (C14NMethodParameterSpec) null),
               fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
               refs);
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
          kpg.initialize(512);
          KeyPair kp = kpg.generateKeyPair();
          KeyInfoFactory kif = fac.getKeyInfoFactory();
          KeyValue kv = kif.newKeyValue(kp.getPublic());
         KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
          DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
          dbf.setNamespaceAware(true);
          Document doc =
              dbf.newDocumentBuilder().parse("purchaseOrder.xml");
          DOMSignContext dsc = new DOMSignContext
              (kp.getPrivate(), doc.getDocumentElement());
          dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
          Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
        QPElement.setAttributeNS(null, "Target", signatureID);
        Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
        SPElement.setAttributeNS(null, "Id", signedPropID);
        IdResolver.registerElementById(SPElement, signedPropID);
        QPElement.appendChild(SPElement);
        Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
        QPElement.appendChild(UPElement);
        DOMStructure qualifPropStruct = new DOMStructure(QPElement);
        List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
        xmlObj.add(qualifPropStruct);
        XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
        List objects = Collections.singletonList(object);
        XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
          signature.sign(dsc);
          OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
          TransformerFactory tf = TransformerFactory.newInstance();
          Transformer trans = tf.newTransformer();
          trans.transform(new DOMSource(doc), new StreamResult(os));
        }catch(Exception e){
             e.printStackTrace();
        try{
        Validator.main(null);
        }catch(Exception e){
             System.out.println("Validator exception");
             e.printStackTrace();
     public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
          String qName = prefix == null ? tag : prefix + ":" + tag;
         return doc.createElementNS(nsURI, qName);
}Validator class:
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.*;
import java.io.FileInputStream;
import java.security.*;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
* This is a simple example of validating an XML
* Signature using the JSR 105 API. It assumes the key needed to
* validate the signature is contained in a KeyValue KeyInfo.
public class Validator {
    // Synopsis: java Validate [document]
    //       where "document" is the name of a file containing the XML document
    //       to be validated.
    public static void main(String[] args) throws Exception {
     // Instantiate the document to be validated
     DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
     dbf.setNamespaceAware(true);
     Document doc =
            dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
     // Find Signature element
     NodeList nl =
         doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
     if (nl.getLength() == 0) {
         throw new Exception("Cannot find Signature element");
     // Create a DOM XMLSignatureFactory that will be used to unmarshal the
     // document containing the XMLSignature
     XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
     // Create a DOMValidateContext and specify a KeyValue KeySelector
        // and document context
     DOMValidateContext valContext = new DOMValidateContext
         (new KeyValueKeySelector(), nl.item(0));
     // unmarshal the XMLSignature
     XMLSignature signature = fac.unmarshalXMLSignature(valContext);
     // Validate the XMLSignature (generated above)
     boolean coreValidity = signature.validate(valContext);
     // Check core validation status
     if (coreValidity == false) {
             System.err.println("Signature failed core validation");
         boolean sv = signature.getSignatureValue().validate(valContext);
         System.out.println("signature validation status: " + sv);
         // check the validation status of each Reference
         Iterator i = signature.getSignedInfo().getReferences().iterator();
         for (int j=0; i.hasNext(); j++) {
          boolean refValid =
              ((Reference) i.next()).validate(valContext);
          System.out.println("ref["+j+"] validity status: " + refValid);
     } else {
             System.out.println("Signature passed core validation");
     * KeySelector which retrieves the public key out of the
     * KeyValue element and returns it.
     * NOTE: If the key algorithm doesn't match signature algorithm,
     * then the public key will be ignored.
    private static class KeyValueKeySelector extends KeySelector {
     public KeySelectorResult select(KeyInfo keyInfo,
                                        KeySelector.Purpose purpose,
                                        AlgorithmMethod method,
                                        XMLCryptoContext context)
            throws KeySelectorException {
            if (keyInfo == null) {
          throw new KeySelectorException("Null KeyInfo object!");
            SignatureMethod sm = (SignatureMethod) method;
            List list = keyInfo.getContent();
            for (int i = 0; i < list.size(); i++) {
          XMLStructure xmlStructure = (XMLStructure) list.get(i);
                 if (xmlStructure instanceof KeyValue) {
                    PublicKey pk = null;
                    try {
                        pk = ((KeyValue)xmlStructure).getPublicKey();
                    } catch (KeyException ke) {
                        throw new KeySelectorException(ke);
                    // make sure algorithm is compatible with method
                    if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
                        return new SimpleKeySelectorResult(pk);
            throw new KeySelectorException("No KeyValue element found!");
        //@@@FIXME: this should also work for key types other than DSA/RSA
     static boolean algEquals(String algURI, String algName) {
            if (algName.equalsIgnoreCase("DSA") &&
          algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
          return true;
            } else if (algName.equalsIgnoreCase("RSA") &&
                       algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
          return true;
            } else {
          return false;
    private static class SimpleKeySelectorResult implements KeySelectorResult {
     private PublicKey pk;
     SimpleKeySelectorResult(PublicKey pk) {
         this.pk = pk;
     public Key getKey() { return pk; }
}PurchaseOrder.xml
<?xml version="1.0" encoding="UTF-8"?>
<PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
   <Street>One Network Drive</Street>
   <Town>Burlington</Town>
   <State>MA</State>
   <Country>United States</Country>
   <PostalCode>01803</PostalCode>
</Address>
</Buyer>
</PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
   <Street>One Network Drive</Street>
   <Town>Burlington</Town>
   <State>MA</State>
   <Country>United States</Country>
   <PostalCode>01803</PostalCode>
</Address>
</Buyer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>

I believe the problem is that you are not explicitly adding the xades namespace
attribute to the SignedProperties element before generating the signature. Thus,
the namespace attribute is not visible when canonicalizing, but when you serialize the
DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
attribute is visible and is added to the SignedProperties element, which breaks the
signature.
You must always explicitly add namespace attributes using the Element.setAttributeNS
method. Try changing the following code from:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
to:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS);

Java XML Digital Signature API, how to sign different files

Hello,
I need to sign several files: binary and/or xml (in some cases just part of xml), and to implement digitla signatures in xAdes standard. So I'm looking to use Java XML Digital signature API, but can't find any examples, that would cover issues I encountered:
How to sign binary file?
Just to sign some simple "aaa.png" file and have it's signature in XML. How in right way to create referece?
(should it be something like: Reference ref = fac.newReference("aaa.png", fac.newDigestMethod(DigestMethod.SHA1, null), null, null, null); )
And how to pass file for signing? what to add/change to this code:
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("aaa.png"));
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
(I have only found some information about needing to "dereference" or so - but no examples, how to make things work.)
How to sing several different files?
As I wrote before, several files needs to be signed, but in all examples, it's only one Document object (and only one file), how/where to add more files and if API will be capable to deal with such thing?
In one of examples what I have to achive was such code:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>8rl/xzjAnE4yQQ2LTBvFTU2JH+c=</DigestValue>
</Reference>
If I do write code like: "fac.newReference("aaa.png", <...> );
I'll get an error during signing: signature.sign(dsc);
*"java.net.MalformedURLException: no protocol: aaa.png"*
How to avoid this?
Also, from exmaple (what to reach) above:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
There is additional attribute "xmlns=<...>" - the question is if it is possible to add it by XMLSignatureFactory.newReference ?
Java API adds a lot of prefixes "ds:" , like:
<...>
<ds:Reference URI="file:/D:/try5/SignableMetadata0.xml">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<...>
Is it possible to avoid them?
Any help on any of these questions would be very appreciated

Hi,
I would like to sign a specific part of a xml message [Only the contents under the <Buyer> tag]. I have also pasted the code which i used to do this. I am getting an output xml after the xml is signed, but when I validate the xml , the xml is valid even after I change the xml contents. Could you pls tell me what I am doing wrong here. I want to know whether the xpath implementation which I have done is correct.
<?xml version="1.0" encoding="UTF-8"?>
<PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
*<Buyer id="8492340">*
*<Name>My Name</Name>*
*<Address>*
*<Street>One Network Drive</Street>*
*<Town>Burlington</Town>*
*<State>MA</State>*
*<Country>United States</Country>*
*<PostalCode>01803</PostalCode>*
*</Address>*
*</Buyer>*</PurchaseOrder>
// The code which i have used to perform the xpath transformation.
          XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
     XPathFilterParameterSpec xpathFilter = new XPathFilterParameterSpec("PurchaseOrder/Buyer");
          javax.xml.crypto.dsig.Reference ref = fac.newReference
          ("", fac.newDigestMethod(DigestMethod.SHA1, null),
          Collections.singletonList
          (fac.newTransform
          (Transform.XPATH, xpathFilter)),
          null, null);
          SignedInfo si = fac.newSignedInfo
          (fac.newCanonicalizationMethod
          (CanonicalizationMethod.INCLUSIVE,
          (C14NMethodParameterSpec) null),
          fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
Collections.singletonList(ref));
// Load the KeyStore and get the signing key and certificate.
     KeyStore ks = KeyStore.getInstance("JKS");
     char[] password = "changeme".toCharArray();
     ks.load(new FileInputStream("c:\\KeyStore"), password);
     KeyStore.PrivateKeyEntry keyEntry =
     (KeyStore.PrivateKeyEntry) ks.getEntry
     ("EISKeys", new KeyStore.PasswordProtection(password));
     X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
     // System.out.println("X509Certificate:"+cert);
     // Create the KeyInfo containing the X509Data.
     KeyInfoFactory kif = fac.getKeyInfoFactory();
     List x509Content = new ArrayList();
     x509Content.add(cert.getSubjectX500Principal().getName());
     x509Content.add(cert);
     X509Data xd = kif.newX509Data(x509Content);
     KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
     // Instantiate the document to be signed.
     DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
     dbf.setNamespaceAware(true);
     Document doc = dbf.newDocumentBuilder().parse
     (new FileInputStream("C:\\Life2012\\DigSign\\ACORD_Request.xml"));
     NodeList rootChildList = doc.getDocumentElement().getChildNodes();
     Node bodyNode = null;
     for(int i=0;i<rootChildList.getLength();i++){
          if("Buyer".equalsIgnoreCase(rootChildList.item(i).getLocalName())){
               bodyNode = rootChildList.item(i);
               System.out.println("Body Node is obtained"+bodyNode);
               break;
     // Create a DOMSignContext and specify the RSA PrivateKey and
     // location of the resulting XMLSignature's parent element.
     //DOMSignContext dsc = new DOMSignContext
     // (keyEntry.getPrivateKey(), doc.getDocumentElement());
          // Sign only the body node
     DOMSignContext dsc = new DOMSignContext
     (keyEntry.getPrivateKey(), bodyNode);
     // Create the XMLSignature, but don't sign it yet.
     XMLSignature signature = fac.newXMLSignature(si, ki);
     // Marshal, generate, and sign the enveloped signature.
     signature.sign(dsc);

Adobe Interactive Forms and Digital Signature

Adobe Interactive Forms and Digital Signature
Hi, I’ve a question if it works to digital sign interactive PDF documents created by an SAP BPM System? So is it possible just to sign the content, and not the interactive components like layout and buttons e.g.?
Thanks for your help.
Regards,
Tobi

serverside or at the client??

Encryption and Digital signature in SAP

Hi,
We have a requirement to encrypt the payment data before it is sent to a Bank using SAP XI.We are planning to have a ABAP proxy which will do the encryption and hopefully attach a digital signature.We are working in SAPR/3 Enterprise edition.Does SAP supports doing Encryption and digital signature in ABAP.
Thanks,
Leo

Hi Leo,
have a look here:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/icc/secure store and forwarddigital signatures user guide.pdf
regards Andreas

Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

Hi there,
we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.
1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:
- check whether the SAP Java Crypto Lib is installed in the Web AS;
- generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.
Is that right?
I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).
2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.
But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?
Thanks in advance!

Hello Henrique,
1. You're right. For detailed instructions please have a look at the online help: http://help.sap.com/nw04 - Security - Network and Transport Layer Security - Transport Layer Security on the SAP J2EE Engine
2. The SOAP adapter supports security profiles. Please have a look at the online docu http://help.sap.com/nw04 -Process Integration - SAP Exchange Infrastructure - Runtime - Connectivty - Adapters - SOPA Adapter - Configuring the Sender SOAP adapter and from the link under Security Parameters to the Sender Agreement. You'll find some additional information in the following document: http://service.sap.com/~sapdownload/011000358700002767992005E/HowToMLSXI30_02_final.pdf
Rgds.,
Andreas

CFPOP and digital signatures

Emails - Exchange 2003 mail server - that use "Digital
signatures" do not show any Body text. Either in the "BODY" or in
the "TEXTBODY" fields. Are there any work arounds or fixes for
this?
Thanks,

Hi,
I'm trying to use SAP Simple Digital Signature (username + password) with SSO.
I implemented the following SAP notes: 1862737 (main note that makes in possible to combine Digital Signature with SSO, which means using Windows/Active directory password instead of SAP password), 1974495, 1975701, but unfortunately it is not working.
I tried using SAP standard example of Digital Signature: program DSIG_BOOKING_EX (run from se38).
When running this program in SAP GUI 7.2 (and even in the latest SAP GUI 7.3), a popup appears and asks for a password (Windows / Active Directory Password). When I type the password and press OK, I get the following DUMP:
Category: ABAP Programming Error
Runtime Errors: MESSAGE_TYPE_X
Abap program: CL_GUI_CFW==========CP
Application Component: BC-FES-GUI
Do you know how to solve it?

NWSSO and Digital Signatures

This is a follow-up to Re-authenticate or provide additional credentials to access sensitive data.
We are currently looking at implementing NWSSO. As far as I know, NWSSO can't be used as an external security product for Digital Signatures so that users could input their Windows credentials to sign documents. Is that correct? Assuming yes, is something planned? What is the standard solution from SAP in this regard? We are on ERP 6.0 EHP6 SPS04 running in a homogeneous Windows environment. In short the problem is that users shouldn't have to remember their username and password in the SAP backend system once SSO is enabled. If we choose to roll out the semi solution where users have to remember their username and password in the SAP backend system, there is nothing out of the box for them to change their password in the SAP backend system since SSO is enabled. The main client to access the SAP backend system will be NWBC for Desktop 4.0.

Hi,
I'm trying to use SAP Simple Digital Signature (username + password) with SSO.
I implemented the following SAP notes: 1862737 (main note that makes in possible to combine Digital Signature with SSO, which means using Windows/Active directory password instead of SAP password), 1974495, 1975701, but unfortunately it is not working.
I tried using SAP standard example of Digital Signature: program DSIG_BOOKING_EX (run from se38).
When running this program in SAP GUI 7.2 (and even in the latest SAP GUI 7.3), a popup appears and asks for a password (Windows / Active Directory Password). When I type the password and press OK, I get the following DUMP:
Category: ABAP Programming Error
Runtime Errors: MESSAGE_TYPE_X
Abap program: CL_GUI_CFW==========CP
Application Component: BC-FES-GUI
Do you know how to solve it?

Acrobat Reader 8 and digital signatures

What are the limitations of Acrobat Reader 8 with respect to digital signatures? I have been trying to create a form, that can be distributed through e-mail and digitally signed by Acrobat Reader 8 users, and am getting unpredictable results. It seemed like these users were able to sign this document last week, but today are unable to. Is the digital signature feature entirely stable?
I have read through the documentation and it is vague at best and seems to blur the lines between Acrobat Reader and Professional.

>What are the limitations of Acrobat Reader 8 with respect to digital signatures?
Generally, it can't do them. (Adobe Reader, if I was being picky, the
name was changed after 5.0).
You CAN enable signing using a special function. However, you are
contractually limited by the EULA; to oversimplify, no more than 500
users per form, or uses per form.
Aandi Inston

Email and digital signatures

When I open a .pdf document from an email attachment, I am unable to digitally sign it. After I sign it, the signature just disappears.
Before the new IT people took over, I was able to open the document, select the digitable signature option, and Acrobat would tell me I needed to save the document. I saved it in the desired location and the digtigal signature would appear. How do I restore this process?
Thank you.

Maybe there is a separate email client app in the App Store that supports PGP or S/MIME (the built-in email doesn't).

SSF and digital signatures

Hi Guys!
I need to exchange XML documents with third-party. The aproach is to generate it from SAP and then sign it with Digital Signature.
I found information, that I could use SSF to achieve it. On help.sap.com I found information, that I could use SAP Cryptographic library.
I have installed SAP Crypto and I maintained ssfrfc.ini file:
SSF_LIBRARY_PATH = D:\CRYPTO\sapcrypto.dll
SSF_TRACE_LEVEL = 3
SSF_MD_ALG       = MD5
SSF_SYMENCR_ALG = DES-CBC
Now I want to test it with report SSF01 - but I'm getting an error:
Result: SSF_API_NOSECTK
Version information:                                       61
         SSFRFC V1.46.3 No security toolkit version information found.
So I thought I will manually run ssfrfc.exe. And again I'm getting an error:
=================================================
=== SSF INITIALIZATION:
===... SSF initialization file ssfrfc.ini found.
===...SSF library is D:\CRYPTO\sapcrypto.dll .
===...SSF trace level is 3 .
===...SSF hash algorithm is MD5 .
===...SSF symmetric encryption algorithm is DES-CBC .
===...completed.
=================================================
=================================================
=== LOAD SSF FUNCTIONS:
===...could not load SSF library D:\CRYPTO\sapcrypto.dll .
I checked two libraries:
SAPCRYPTOLIBP_8412-20011729
SAPCRYPTOLIB_36-10010888
I checked all file destinations and so on at least three times. I don't have any new idea to make it working. Please help me.
Best regards
Ana

Hello Anatoly,
I had exactly the same issue with a SSF library provided by SBKontur (RU). Their library "KonturSSF.dll" could not be loaded by ssfrfc.exe on the frontend, the trace file contained something like:
=================================================
=== SSF INITIALIZATION:
===... SSF initialization file C:\Program Files (x86)\SAP\FrontEnd\SAPgui\ssfrfc.ini found.
===...SSF library is C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
===...SSF trace level is 5 .
===...SSF hash algorithm is SHA1 .
===...SSF symmetric encryption algorithm is DES-CBC .
===...completed.
=================================================
=================================================
=== LOAD SSF FUNCTIONS:
===...could not load SSF library C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
After some investigation I found out by calling the ssfrfc.exe directly in a Windows command box with option -D, that the library had dependencies to Microsoft's C runtime libraries MSVCP120.DLL and MSVCR120.DLL.
Unfortunately, this is not logged into the SSF RFC Trace File dev_ssfa*, but only shown as error message in a popup window if you execute ssfrfc.exe directly as mentioned before.
So you should try this in order to find out if there are dependencies with your special library.
Kind regards
Heiko

E-Pad and digital signatures

Folks,
Our company is implementing a new process wherein at the time of shipment, they would like to have the truck driver sign an e-Pad and the signature should be imported onto the bill-of-lading output. We have a customized delivery process and due to the volume of shipments, we do not want the truck drivers to spend anytime like saving the signature image to the desktop and then import into SAP etc.
We want the signature to be imported from the delivery screen (custom developed) onto the bill of lading output at the click of a button. We are using SAP version 4.7 and the e-Pad signature is from interlink electronics, who appear to be naive in SAP. We are open to look at other vendors for e-Pad or e-Signatures.
Hence, please help in the following ASAP:
1. Does SAP 4.7 have any limitations to import digital signatures?
2. Do anyone have any experience with e-Pad with interlink or can suggest any other vendor/product that can be readily used for this purpose?
Thanks and Regards,
Ram

Hi Ram Murthy,
I built a solution with Netweaver 731 SP5. Here is the link http://scn.sap.com/docs/DOC-47480
I wish I could have helped back in 2008 !
Cheers.

Transfer attachments and Digital Signatures,from a PDF, to Interactive Form

Hi,
I am developing an an application in WebDynpro Java.
I have a requirement that a user A creates a new interactive form & fills some of the details, & then saves the form.
User B then fetches the form & fills the remaining details.
User A can add attachments & digitally sign the form(using digital signatures).
When user A saves the form, the application saves it in the JDT. The application fetches the pdf from the JDT & shows it to the user B.
The problem is that, when the form is displayed to user B, i need to pass a variable(using context nodes) to the form, so that some of the properties(visibility,read-only,etc) of the UI elements(of the form) changes, depending on the variables' value.
For this purpose, i need to use the Form for user B in ""UpdateDataInPdf" mode.
But if i do this, then all the attachments, signatures saved in the pdf form(by user A), do not get transfered to the Interactive Form of User B!!
How do i overcome this problem??
I am using NW7.0 SP13.; Designer7.1, xACF is installed.

Hi everyone,
I solved this issue using the transferPDFDataIntoContext of the WDInteractiveFormHelper class.
The AIF mode must be set to usePdf.
I hope it will be useful.
Regards,
Mirco

SAPGUI SNC logon and digital signature

Dear all,
I have setup in a test environment a sap logon with SNC in order to use the active directory authentication instead of SAP R/3 User and Password. It works well. So I can enter directly in the system without specify R3 user and R3 password. My users have no to maintain R/3 password anymore.
Now I have a problem. For some transactions we have implemented the digital signature in order to have a further authentication when we want to perform some critical task. An example is releasing dms document in CV02N transaction.
Our customizing for digital signature is:
System signature with authorization by R/3 user ID/password
The other options are:
User signature with ext. security product with verification
User signature with ext. security product w/o verification
So the system still ask to the users their R/3 password for the authentication when they try to "sign" a document.
Do you think there is a way to configure the system in order to ask and check the active directory user password instead of R/3 password? Where can I found documentation about it ?
My system is SAP R/3 4.70 ext 2 on windows 2003 r2 sp2 x64.
My active directory is based on Windows 2003 x32 sp2 in native mode.

Hi,
We are running SAP ECC Version 6.0 wih Netweaver 7.1. We also talked with SAP about this and they have given a small BADI to disable the R3 user id and Password prompt. However, they informed us to write a own coding to activate/authenticate with LDAP.
Wondering, what need to modify and which functional module. I saw the below from one of the thread...Please let me know what to modify in the coding to make the LDAP authentication works.
+There are some options for what changes need to be made to the SSFT_PPPI_SIGN function module:+
+1. It could be changed to call a SAP supplied function module called LDAP_SIMPLEBIND. This would mean that a user and password entered by user would then be checked with LDAP server (e.g. Active Directory) instead of the user and password entered being checked with SAP user store, which of course won't work when SNC is enabled because user SAP passwords are then deactivated.+

Email attachments and digital signature

I used to be able to open a email attachment, review it and then digitally sign it.
Since the new IT people came it, the digital signature simply disappears. Any way to restore this function? Thanks.

We experienced a similar problem when Adobe updates were installed. It seems that a recent Adobe update took away the capability to save your digital signature directly to the PDF email attachment, then forward the email with the signed attachment. Now, when we open a PDF email attachment and place a digital signature, as soon as we have entered our password for our digital signature, we are prompted with the "Save As" dialog box asking us to save the document somewhere on the hard drive of our computer (the default location is My Documents). If you hit Cancel, then the signed version does not get saved. The attachment remains unsigned. So we learned we needed to go through the Save As dialog and choose (and remember) a location to save the PDF, such as My Documents or Desktop, then reply or compose a new email and attach the signed version that we had just saved in Documents/Desktop. We used to be able to hit the Save icon in Adobe and save our changes (digital signature) to the email attachment. Having to save the PDF somewhere other than the email itself is an extra step we'd prefer to avoid, and we'd be happy to learn of a way to go back to our old method. I believe the key was that Adobe would save the signed version somewhere in the "temp files" on the C drive and automatically use that version when the email is forwarded. And I think Adobe did away with that, unless there is a way to revert to that method using Preferences?
But I wonder if the Asker of this question is able to click "Place Signature" and has an opportunity to "Save As," saving the PDF on the hard drive of the computer for future attaching? Are you hitting "Cancel" in the Save As dialog?
If you save the signed PDF (i.e. in the default My Documents), then a slightly quicker method than having to browse to the saved document in Documents is, you can click on the envelope icon (Sharing) at the top of the screen. Then click the "Attach to Email" circle and click the "Attach" button. This will generate a new email in your email application (i.e. Outlook) with the signed PDF attached (Adobe pulls the signed version that you previously saved to your Documents). The downside to this is that the generated email will not have the original email thread or subject line, so you will need to add a relevant subject line.
Some of our users reported that they used the Share ... Attach to Email feature and their signatures would get wiped from the email attachment after they hit send. However, this phenomenon has not been witnessed since the most recent Adobe software update.

Java and digital signature standards

Similar Messages

Maybe you are looking for