Problem with digital signature of documents

I have a requirement to upload documents and his respected fingerprint signed (SHA1WithRSA).
To achive this I am using the functions modules:
SSF_KRN_DIGEST
SSF_KRN_SIGN_BY_AS
but I can´t make it work.
I also ask for the .pem file used to generate the PSE that I'm using to sign documents.
With this pem file I execute in openSSL this following command:
#Creates Message Digest of document.txt, and the sign it with MyKey.pem
dgst -sha1 -sign MyKey.pem -out document.sign document.txt
AND THIS WORKS! Now, with this succesfull case I try to track down the problem with the FM that I'm using, and I detected that SSF_KRN_DIGEST is given me a diferent result than openssl (so I forget for sign the document for a while...).
This are the HEX value for OpenSSL (this is the one that works):
30
21
30
09
06
05
2B
0E
03
02
1A
05
00
04
14
AC
37
25
AC
AD
34
E2
F8
B9
21
B3
15
DD
20
0D
71
5B
FD
EE
EB
And this is the HEX value of the result of FM SSF_KRN_DIGEST:
30
40
06
09
2A
86
48
86
F7
0D
01
07
05
A0
33
30
31
02
01
00
30
09
06
05
2B
0E
03
02
1A
05
00
30
0B
06
09
2A
86
48
86
F7
0D
01
07
01
04
14
AC
37
25
AC
AD
34
E2
F8
B9
21
B3
15
DD
20
0D
71
5B
FD
EE
EB
As you can see, both files do countain the digest, but the metadata and padding is different. As far as I know, it should respect the ASN.1 structure, but I can figure out whats wrong with the SSF_KRN_DIGEST call.
This is my code:
* Creamos el message diggest del archivo
CALL FUNCTION 'SSF_KRN_DIGEST'
   EXPORTING
     b_detached                         = 'X'
     ostr_input_data_l                  = lv_bin_data_len
     str_hashalg                        = 'SHA1'
  IMPORTING
    ostr_digested_data_l               = lv_digested_len
*   CRC                                =
   TABLES
     ostr_input_data                    = lt_bin_data
     ostr_digested_data                 = lt_digested_data
  EXCEPTIONS
    ssf_krn_error                      = 1
    ssf_krn_noop                       = 2
    ssf_krn_nomemory                   = 3
    ssf_krn_opinv                      = 4
    ssf_krn_nossflib                   = 5
    ssf_krn_input_data_error           = 6
    ssf_krn_invalid_par                = 7
    ssf_krn_invalid_parlen             = 8
    ssf_fb_input_parameter_error       = 9
    OTHERS                             = 10.
Where lt_bin_data contains the document, uploaded in binary mode.
Thanks in advance.
regards.

Martin, as you said, the problem was the PKCS#7 format.
In a communication problem, I was told that the application works with that format, whereas in reality is working with PKCS#1 - V1.5
I just have to search for a FM that support that format, like SSFW_KRN_SIGN.
This FM calculates the MD, and sign it, so it was easier than I originally thought.
This is the FM call that I'm using, just in case someone needs the code:
* Leemos los parametros definidos en la SSFA
CALL FUNCTION 'SSF_GET_PARAMETER'
   EXPORTING
     application             = 'INTBAN'
   IMPORTING
     str_profileid           = lv_profileid
     str_profile             = lv_str_profile
   EXCEPTIONS
     ssf_parameter_not_found = 1
     OTHERS                  = 2.
*Cargamos la tabla con el encargado de firmar
lw_signer-id = lv_profileid.
lw_signer-profile = lv_str_profile.
INSERT lw_signer INTO TABLE lt_signer.
*Calculamos MD del documento (SHA1), y firmamos
CALL FUNCTION 'SSFW_KRN_SIGN'
   EXPORTING
     str_format                   = 'PKCS1-V1.5'
     str_hashalg                  = 'SHA1'
     ostr_input_data              = lv_xstring_data_to_sign
   IMPORTING
     ostr_signed_data             = lv_xstring_signed_data
   TABLES
     signer                       = lt_signer
   EXCEPTIONS
     ssf_krn_error                = 1
     ssf_krn_noop                 = 2
     ssf_krn_nomemory             = 3
     ssf_krn_opinv                = 4
     ssf_krn_nossflib             = 5
     ssf_krn_signer_list_error    = 6
     ssf_krn_input_data_error     = 7
     ssf_krn_invalid_par          = 8
     ssf_krn_invalid_parlen       = 9
     ssf_fb_input_parameter_error = 10
     OTHERS                       = 11.
Where lv_xstring_data_to_sign is just a xstring with the document that I have to sign.
Regards!
German Guzelj

Similar Messages

  • Problem with Digital Signature strategy in Document Managment System

    Hello ALL,
    I am facing problem with Digital Signature strategy in DMS. If any help its greatly appreciated.
    I have senario where Approvers in DMS will review the document and approve the document and put on their digitial signature. if i have multiple approvers maintained in the characterstics it has to check weather it has been approved by all approvers otherwise it has to reset the status to for approval.
    My problem is i am able to reset the status back from approved to for approval using the badi document_status01 but when the next approver logs in to the document and change the status to approved he is not able to get the digital signature pop up which it comes only first user approves it.
    can any one help me out on whats going wrong in it.
    Thanks
    Srikanth Aduri.

    Hi,
    maybe the reason for this is that the status of the digital signature is not changed. Then the system thinks that the digital signature is still completed and therefore the user is not getting the pop-up again. The database table for the digital signature for documents is TC77. I hope this information is usefull for you.
    Best regards,
    Christoph

  • Problems with digital signatures (adobe reader)

         I am a Government contractor that develops documents for my customer.  We are in the process of ascertaining the viability of digital signatures. I have developed a signature form with Adobe Pro 9.0.
         I have several issues. When someone digitally signs the document with their Common Acess Card (CAC), the warning appears "At least one signature has problems. Please fill out the form. If you are the form author, choose distribute form in the forms menu to send it to your recipients."
         I tried using several options using the distribute section, and I am unable to make this part work. I truly need assistance with doing this correctly.  I require that the signatures to be processed in sequence (#1, #2, #3, and then the approval signature).  I did not comprehend that option in the distribute form section.
         However, the recipients that use Adobe Acrobat Pro are able to sign the document when submitted to them (however, the prviously stated warning appears). If they use Adobe Reader, they are not able to sign the document.
         Please help.
         Is there anyone that can assist with the signature feature of Adobe Pro?
         I would appreciate any suggestion/guidance.
         One area that I don't understand is the feature where i 0send the form out for signature.

    What is your operating system?
    If Windows, you have something in your registry that is pointing to drive K:
    See if anything in here helps: http://helpx.adobe.com/creative-suite/kb/error-1327-invalid-drive-drive.html

  • Problem with digital signatures in Acrobat 8

    Is it true that the ability to directly create a digital signature field is available in Acrobat 7 & 9 but not in 8?
    I have Acrobat Standard 8.0.0 and want to create blank signature fields before I certify a document, but can't find a way to do this directly. I can add a signature then delete it to create a blank field, but this is a very slow way of doing it.
    I have read Forum articles saying choose Tools > Forms > Digital Signature Tool to create a blank field, but I have no Forms item in my Tools menu. Am I missing something, or do I need to upgrade to Acrobat 9 (or downgrade to 7!)?

    Hi Brian,
    It's not that version 8 per se cannot add a signature field, it's that you cannot create or edit form fields in the Standard version. If you had Acrobat 8 Professional, or you buy Acrobat 9 Pro, then you would have the capability to add and edit form fields (a signature fields is just a special purpose form field).
    Steve

  • Problems with Digital Signatures

    I have a pdf with multiple signature fields. When somebody signs it in  9.x everything is fine, but when somebody signs it in a version earlier  than 9.0 it does not work. The signature fields do not even show up.  Somebody signed the pdf in 8.x and sent it back to me. I opened in 9.x,  and I could not see the signature fields. Is there a compability issue  between these versions. The pdf contains javascript and is a dynamic pdf  if that matters. Thanks in advance.

    It works on my computer when I dropped the target version to 7.x. However, I don't know if it will work on a true 8.0 version of Acrobat. I have sent it to a person who has Version 8.x, and I will let you know how it works. When you change that target version does that mean it will be compatible with the version or later you set it to?

  • Problem with digital signatures.

    Hi,
    I am trying to install Itunes and keep getting the message that windows doesn't recognise the publisher of the application. I have had Itunes in the past with no problems.
    I have tried loading older versions, turning of security features, etc, all to no avail. Any idea's?
    Thank you
    Nick

    Hi Brian,
    It's not that version 8 per se cannot add a signature field, it's that you cannot create or edit form fields in the Standard version. If you had Acrobat 8 Professional, or you buy Acrobat 9 Pro, then you would have the capability to add and edit form fields (a signature fields is just a special purpose form field).
    Steve

  • Form 16 With digital signature giving adobe document corrupted output

    Dear All,
    We have configured ads and implementing form 16 with digital signature,we have done the all configuration as per SAP Guide and dezso blogs,but when generating the form 16 with digital signature its giving
    "Adobe reader could not open _xxxxx.pdf because it is either not a supported file type or corrupted,
    we have done the same configuration in dev its working fine and prd its not working,request you to please provide the solution for the same.
    as per some check list i have cheked ads_https is working fine,but when executing the report fp_pdf_test_00  with rfc ads_https its asking for user name and password,we have maintained the same user name and password for abap and java for both adsuser and ads_agent still same issue,
    pelase suggest.
    please find attached screenshot for your reference.
    Regards,
    Basis

    This can be done but you must use the Document Form var to route the signed pdf. You must configure the FormGuide submit button to 'Submit from PDF' in Guide Builder.
    Also the button on the form must be configured to submit as 'PDF' (not XDP). This change is done when you open the form in designer.
    Note that after you have submitted the signed pdf you will be dealing with a pdf subsequently.
    Attached is a sample FormGuide.

  • How to create Web Service Client from wsdl with digital signature?

    Please, help me to create Web Service Client from wsdl with digital signature. I know create Web Service client from wsdl file and I know how to add digital signature to XML with jwsdp, but I don't know how to do it together.
    Thanks.

    I'm handling security wit JAX-WS handler. So I insert "manually" ws-security tag and I encrypt (and sign) message parts.
    On client side, all works fine, but on server side I obtain:
    ---Server Inbound SOAP message---|#]
    Decrypting message and rebuilding Valuees... |#]
    Starting decrypt|#]
    . dectypted.!
    --found following string: <ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona>|#]
    ...MESSAGE Restored.|#]
    <?xml version="1.0" ?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ns1="http://calculator.me.org/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soapenv:Body><ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona></soapenv:Body></soapenv:Envelope>|#]
    Error in decoding SOAP Message
    Error in decoding SOAP Message
            at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:89)
            at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.toMessageInfo(SOAPMessageDispatcher.java:187)
            at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:571)
            at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:145)
            at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
            at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:160)
            at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:89)
            at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:178)
            at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:109)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
            at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:100)
            at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
            at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
            at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
            at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
            at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
            at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
            at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
            at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
            at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
            at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
            at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
            at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
            at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
    Caused by: javax.xml.ws.soap.SOAPFaultException: Cannot find the dispatch method
            at com.sun.xml.ws.encoding.soap.SOAPDecoder.raiseFault(SOAPDecoder.java:674)
            at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.decodeDispatchMethod(SOAPXMLDecoder.java:152)
            at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBodyContent(SOAPDecoder.java:337)
            at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBody(SOAPDecoder.java:327)
            at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeEnvelope(SOAPDecoder.java:250)
            at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:81)
            ... 29 more
    |#]
    --->handleFault O_o<---|#]If you have any idea for solving my problem, then I can post my simple example :(
    Bye!

  • Doc size with digital signature

    i've got 2 questions, please help:
    1) why do .pdfs with digital signatures have such large file size? how can i reduce the size?
    2) why do .pdfs with digital signature become text non-searchable?
    thnx
    brg

    actually the same signature size isn't such a problem when using Adobe software, but when using pdfCreator, the size increases... pls don't give me lectures on using another software, i need A5 and Adobe doesn't provide it...
    so i guess it's the problem within that other pdf maker...
    why i need to pdf print the file? one reason is i can print it ( otherwise signatures don' show, protection i guess), the other reason to protect the signatures that for that specific reason only need to be seen.
    thnx.
    brg

  • PDF by email in 46C with digital signature

    Hi all,
    can anyone tell me if it is possible to send a PDF with digital signature from SAP in 4.6C?
    I'm converting a spool order into PDF document, and send it by email using FM SO_NEW_DOCUMENT_ATT_SEND_API1..
    Best Regards,
    Pedro

    Thanks for the reference to the digsig user guide. I've reviewed this documentation and the majority of it I had already tried however one TIP that is in this document that I hadn't seen before points to setting up a FDF file to import AD secure to easily import the ID's
    More specifically, I have configured LDAP and the Security settings in Adobe Pro and when attempting to connect to our LDAP server is when I run into the issue. I am not able to connect. Is there any additional information that you know of that can shed some light on LDAP configuration with Adobe PDF forms for digital id's?

  • Issue with digital signature

    I am having a issue with digital signature in Adobe 7.
    I was able to sign the document, but my name does not appear on the signature block.  I am using a certificate that is assigned to me, but my name never appears in the “signed by” field.  I did notice that the certificate is assignedto my email address not my name; Could that be what is causing this issue?
    Thanks

    Thanks for the quick response.
    I have tried that I click on the box to show "name", but it still never shows the name......

  • Loading Invoice XML IDoc with digital signature via XI into R/3

    Hi,
    I received an Invoice XML IDoc with digital signature via Mail (for test purposes) and want to load it via XI into an R/3 systeme.
    My idea is to load the Invoice XML IDoc file via the File Sender Adapter into XI and send it to the R/3 system via the IDoc Inbound adapter.
    Due to the digital signature the file looks like this:
    0‚ S      *†H†÷
        ‚ D0‚ @   1 0       +      0‚ '      *†H†÷
        ‚   ‚   ‚ –0‚ ’0‚ û      etc.
    When I load the file like this with the File Sender Adapter, an error message occurs in the XI Monitoring as the XML Parser cannot read the file due to the digital signatur (as expected).
    Has anybody an idea how I can configure the File Sender Adapter Communication Channel to be able to load only the XML IDoc and ignore the digital Signature strings?
    Thanks in advance for your support.
    Alex

    BTW
    do use the second way you need:
    Security Settings for the Sender Mail Adapter
    http://help.sap.com/saphelp_nw04/helpdata/en/27/c0524257a1b56be10000000a155106/content.htm
    and
    Key Storage Service
    http://help.sap.com/saphelp_webas630/helpdata/DE/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
    apart from adapter module config
    Regards,
    michal

  • Problem with viewing Adobe PDF documents

    Problem with viewing Adobe PDF documents
    I have a Windows 7 Home Premium Computer
    I have read all the suggestions and I have tried downloading multiple versions of Adobe Reader for Windows 7 and Vista from http://get.adobe.com/reader/otherversions/.
    Prior to downloading each version I would delete the current version using  control panel programs uninstall.
    After each new installation I would shut down the computer and then restart the computer.
    I have tried downloading versions with and without having my antivirus (CA Total Defence) running.
    I am told after download that the version downloaded successfully.
    I have read Acrobat Help http://helpx.adobe.com/acrobat/kb/troubleshoot-reader-installation-windows.html and followed the instructions.
    None of the above has helped.
    The problem is no matter what version of Adobe Reader I download, I cannot seem to open a PDF and read it. Nor will the Reader itself stay open.
    1. If I try opening the reader from the desktop link or from the actual program menu, the reader opens for about 5 seconds and then closes of its own accord. If I try to click on any of the reader menus (eg File, Edit, View, Window, Help, Tools) then a warning bell is sounded and the menu does not open. Shortly thereafter the reader closes.
    2. If I try to open the reader by double clicking on a PDF document then the reader opens but the document is not shown (only the grey PDF reader screen is shown) and then the reader closes after about 5 seconds of its own accord.
    The desktop shortcut shows as the 'red Adobe Reader icon'. But the actual program menu icon shows as a blank folder icon.  All PDF documents show as the PDF Adobe icon.
    I have tested various PDFs and none will open on this computer but they will open on other computers.
    I have created a word document and saved it as a PDF. It looked like it had save correctly (has the appropriate icon) but when I try to open it as per step 2 above then the document is not shown and then the reader closes after about 5 seconds of its own accord.
    Does anyone have any ideas about what is going on and how I can fix this?
    Could you please answer in this forum and email me at [removed]
    I am so puzzled and frustrated.

    Thank you so much this did the trick.
    I spent so many hours on trying to sort this out and your answer was so  simple and clear.
    Regards
    Kazzamday

  • PROBLEM WITH DIGITAL EDITIONS

    Hi,
    I've always encountered this problem with digital editions: Adobe Digital Editions 2.0 has encountered a problem and needs to close.  We are sorry for the inconvenience.
    I'm using Windows XP pro 2002, service pack2  on an old computer AMD Duron 901 Mhz , 384 mb RAM.
    is there a solution ?
    Thanks

    Hi
    I had the same problem, ADE 2 won't work with older AMD computers.  See http://forums.adobe.com/thread/1081859
    Older version that does work at: http://kb2.adobe.com/cps/403/kb403051/attachments/setup.exe
    good luck

  • Java SSF for Digital Signatures and Document Encryption

    Hello,
    I have read in "SAP Help - Java Development Manual" that there is a Java SSF library for Digital Signatures and Document Encryption API.
    http://help.sap.com/saphelp_nw04s/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm
    I am trying to develop an example application in NWDS using Interfaces/classes (ISsfData, SsfDataXml...), but NWDS does not find this classes in any library.
    I have searched for Javadocs in NWDS plugins directory and this classes and interfaces should be in JAR com.sap.security.api.jar, but they aren't there.
    Our WAS version is: NW04s WAS 7.0 SP11 and he have downloaded Java Crypto Library (IAIK) and also SAP XML Toolkit.
    Does anyone know how to find or obtain this library?
    Thanks in advance,
    Jorge Linares

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

Maybe you are looking for

  • Windows takes an obscenely long time to establish a network connection after booting

    Often, when I reboot my machine for whatever reason, it boots up normally, I log in, it shows my desktop, loads all the icons and then takes upwards of 5 minutes or longer for the networking icon in the taskbar so show that I have network access (sho

  • Year Ago Measure group by problem.

    Hi, In my report I have two measures Revenue and Revenue Year Ago. Revenue Year ago is calculated based on the Ago functionalty and the time dimension level is "Year" AGO(Fact.Revenue, TimeDimnesion."Year", 1). The problem is that the column measure

  • Trouble on start-up

    My black macbook started crashing quite a bit, with different programs crashing (firefox, iphoto, word etc) I then would get messages telling me I needed to restart (the screen came up with various languages) Now when I reboot it either won't get pas

  • Keys on MacBook Pro not working

    certain keys on my keyboard are not working.  m,k,l,i,o and 8,9,0.  I have tried the trouble shooting tips on the apple support site, didn't work.  Any ideas?

  • HT201376 my mac shut down when it loading to acsses my account

    Hye everyone i need some help!. My mac keep shutting down after it try to startup. The loading bar isnt half way full it gets completely shut down. I try to re-login back but it does the same thing all the time. I have tried to repair disk but i cant