SSF and digital signatures

Similar Messages

• SSF and Digital Signature

  Dear Team,
  We need to setup the SSF and wants the DS in place for all the document getting created.
  I have been to sdn site and also on help.sap.com and found
  http://help.sap.com/saphelp_nw04/helpdata/EN/53/251a355d0c4d78e10000009b38f83b/frameset.htm
  But from where do we download he SSF? What is SAPSECULIB is used for? I mean does SSF and SAPSECULIB related in any configuration?
  Has anybody done this setting?
  Regards
  Prash

  Hi Sunny,
  Thanks for your reply.
  I have already checked the url before, but how do I use it or test it?
  How to verify, everything is there default?
  Please give some example to demonstrate or any configuration required
  Regards
  Prash

• Adobe Interactive Forms and Digital Signature

  Adobe Interactive Forms and Digital Signature
  Hi, I’ve a question if it works to digital sign interactive PDF documents created by an SAP BPM System? So is it possible just to sign the content, and not the interactive components like layout and buttons e.g.?
  Thanks for your help.
  Regards,
  Tobi

  serverside or at the client??

• Encryption and Digital signature in SAP

  Hi,
  We have a requirement to encrypt the payment data before it is sent to a Bank using SAP XI.We are planning to have a ABAP proxy which will do the encryption and hopefully attach a digital signature.We are working in SAPR/3 Enterprise edition.Does SAP supports doing  Encryption and digital signature in  ABAP.
  Thanks,
  Leo

  Hi Leo,
  have a look here:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/icc/secure store and forwarddigital signatures user guide.pdf
  regards Andreas

• Java SSF for Digital Signatures and Document Encryption

  Hello,
  I have read in "SAP Help - Java Development Manual" that there is a Java SSF library for Digital Signatures and Document Encryption API.
  http://help.sap.com/saphelp_nw04s/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm
  I am trying to develop an example application in NWDS using Interfaces/classes (ISsfData, SsfDataXml...), but NWDS does not find this classes in any library.
  I have searched for Javadocs in NWDS plugins directory and this classes and interfaces should be in JAR com.sap.security.api.jar, but they aren't there.
  Our WAS version is: NW04s WAS 7.0 SP11 and he have downloaded Java Crypto Library (IAIK) and also SAP XML Toolkit.
  Does anyone know how to find or obtain this library?
  Thanks in advance,
  Jorge Linares

  Hello Francesco,
  I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
  Digital Signatures and Document Encryption api
  so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
  Kind Regards,
  Kubra fatima.

• SSF - verify digital signatures in C ( or other Microsoft language )

  Hi Experts,
  Could you please tell me where to find examples of / information on verifying a digita signature from SAP externally using C ( or other microsoft language ).
  The SSF Progrsammers Guide refers to header files such as ssfxxlib.h and a c program called ssfxxsup.c
  On SDN, The 'Christophe Solution' refers to a header file called ssfxxapi.h
  Do you have any idea where to obtain these header files
  Thanking you for all help -
  Andy

  Hi,
  you can download whole SSF specification from this [link|ftp://ftp.sap.com/pub/icc/bc-ssf45/SSF_Specifications.zip]. You can get to this link from [ICC|http://www.sdn.sap.com/irj/sdn/icc]. It's nicely hidden
  Cheers

• Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

  Hi there,
  we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.
  1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:
  - check whether the SAP Java Crypto Lib is installed in the Web AS;
  - generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.
  Is that right?
  I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).
  2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.
  But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?
  Thanks in advance!

  Hello Henrique,
  1. You're right. For detailed instructions please have a look at the online help: http://help.sap.com/nw04 - Security - Network and Transport Layer Security - Transport Layer Security on the SAP J2EE Engine
  2. The SOAP adapter supports security profiles. Please have a look at the online docu http://help.sap.com/nw04 -Process Integration - SAP Exchange Infrastructure - Runtime - Connectivty - Adapters - SOPA Adapter - Configuring the Sender SOAP adapter and from the link under Security Parameters to the Sender Agreement. You'll find some additional information in the following document: http://service.sap.com/~sapdownload/011000358700002767992005E/HowToMLSXI30_02_final.pdf
  Rgds.,
  Andreas

• CFPOP and digital signatures

  Emails - Exchange 2003 mail server - that use "Digital
  signatures" do not show any Body text. Either in the "BODY" or in
  the "TEXTBODY" fields. Are there any work arounds or fixes for
  this?
  Thanks,

  Hi,
  I'm trying to use SAP Simple Digital Signature (username + password) with SSO.
  I implemented the following SAP notes: 1862737 (main note that makes in possible to combine Digital Signature with SSO, which means using Windows/Active directory password instead of SAP password), 1974495, 1975701, but unfortunately it is not working.
  I tried using SAP standard example of Digital Signature: program DSIG_BOOKING_EX (run from se38).
  When running this program in SAP GUI 7.2 (and even in the latest SAP GUI 7.3), a popup appears and asks for a password (Windows / Active Directory Password). When I type the password and press OK, I get the following DUMP:
  Category: ABAP Programming Error
  Runtime Errors: MESSAGE_TYPE_X
  Abap program: CL_GUI_CFW==========CP
  Application Component: BC-FES-GUI
  Do you know how to solve it?

• Acrobat Reader 8 and digital signatures

  What are the limitations of Acrobat Reader 8 with respect to digital signatures? I have been trying to create a form, that can be distributed through e-mail and digitally signed by Acrobat Reader 8 users, and am getting unpredictable results. It seemed like these users were able to sign this document last week, but today are unable to. Is the digital signature feature entirely stable?
  I have read through the documentation and it is vague at best and seems to blur the lines between Acrobat Reader and Professional.

  >What are the limitations of Acrobat Reader 8 with respect to digital signatures?
  Generally, it can't do them. (Adobe Reader, if I was being picky, the
  name was changed after 5.0).
  You CAN enable signing using a special function. However, you are
  contractually limited by the EULA; to oversimplify, no more than 500
  users per form, or uses per form.
  Aandi Inston

• Email and digital signatures

  When I open a .pdf document from an email attachment, I am unable to digitally sign it. After I sign it, the signature just disappears.
  Before the new IT people took over, I was able to open the document, select the digitable signature option, and Acrobat would tell me I needed to save the document. I saved it in the desired location and the digtigal signature would appear. How do I restore this process?
  Thank you.

  Maybe there is a separate email client app in the App Store that supports PGP or S/MIME (the built-in email doesn't).

• NWSSO and Digital Signatures

  This is a follow-up to Re-authenticate or provide additional credentials to access sensitive data.
  We are currently looking at implementing NWSSO. As far as I know, NWSSO can't be used as an external security product for Digital Signatures so that users could input their Windows credentials to sign documents. Is that correct? Assuming yes, is something planned? What is the standard solution from SAP in this regard? We are on ERP 6.0 EHP6 SPS04 running in a homogeneous Windows environment. In short the problem is that users shouldn't have to remember their username and password in the SAP backend system once SSO is enabled. If we choose to roll out the semi solution where users have to remember their username and password in the SAP backend system, there is nothing out of the box for them to change their password in the SAP backend system since SSO is enabled. The main client to access the SAP backend system will be NWBC for Desktop 4.0.

  Hi,
  I'm trying to use SAP Simple Digital Signature (username + password) with SSO.
  I implemented the following SAP notes: 1862737 (main note that makes in possible to combine Digital Signature with SSO, which means using Windows/Active directory password instead of SAP password), 1974495, 1975701, but unfortunately it is not working.
  I tried using SAP standard example of Digital Signature: program DSIG_BOOKING_EX (run from se38).
  When running this program in SAP GUI 7.2 (and even in the latest SAP GUI 7.3), a popup appears and asks for a password (Windows / Active Directory Password). When I type the password and press OK, I get the following DUMP:
  Category: ABAP Programming Error
  Runtime Errors: MESSAGE_TYPE_X
  Abap program: CL_GUI_CFW==========CP
  Application Component: BC-FES-GUI
  Do you know how to solve it?

• E-Pad and digital signatures

  Folks,
  Our company is implementing a new process wherein at the time of shipment, they would like to have the truck driver sign an e-Pad and the signature should be imported onto the bill-of-lading output. We have a customized delivery process and due to the volume of shipments, we do not want the truck drivers to spend anytime like saving the signature image to the desktop and then import into SAP etc.
  We want the signature to be imported from the delivery screen (custom developed) onto the bill of lading output at the click of a button. We are using SAP version 4.7 and the e-Pad signature is from interlink electronics, who appear to be naive in SAP. We are open to look at other vendors for e-Pad or e-Signatures.
  Hence, please help in the following ASAP:
  1. Does SAP 4.7 have any limitations to import digital signatures?
  2. Do anyone have any experience with e-Pad with interlink or can suggest any other vendor/product that can be readily used for this purpose?
  Thanks and Regards,
  Ram

  Hi  Ram Murthy,
  I built a solution with Netweaver 731 SP5. Here is the link http://scn.sap.com/docs/DOC-47480
  I wish I could have helped back in 2008 !
  Cheers.

• SAPGUI SNC logon and digital signature

  Dear all,
  I have setup in a test environment a sap logon with SNC in order to use the active directory authentication instead of SAP R/3 User and Password. It works well. So I can enter directly in the system without specify R3 user and R3 password. My users have no to maintain R/3 password anymore.
  Now I have a problem. For some transactions we have implemented the digital signature in order to have a further authentication when we want to perform some critical task. An example is releasing dms document in CV02N transaction.
  Our customizing for digital signature is:
  System signature with authorization by R/3 user ID/password
  The other options are:
  User signature with ext. security product with verification
  User signature with ext. security product w/o verification
  So the system still ask to the users their R/3 password for the authentication when they try to "sign" a document.
  Do you think there is a way to configure the system in order to ask and check the active directory user password instead of R/3 password? Where can I found documentation about it ?
  My system is SAP R/3 4.70 ext 2 on windows 2003 r2 sp2 x64.
  My active directory is based on Windows 2003 x32 sp2 in native mode.

  Hi,
  We are running SAP ECC Version 6.0 wih Netweaver 7.1.  We also talked with SAP about this and they have given a small BADI to disable the R3 user id and Password prompt.  However, they informed us to write a own coding to activate/authenticate with LDAP.
  Wondering, what need to modify and which functional module.  I saw the below from one of the thread...Please let me know what to modify in the coding to make the LDAP authentication works.
  +There are some options for what changes need to be made to the SSFT_PPPI_SIGN function module:+
  +1. It could be changed to call a SAP supplied function module called LDAP_SIMPLEBIND. This would mean that a user and password entered by user would then be checked with LDAP server (e.g. Active Directory) instead of the user and password entered being checked with SAP user store, which of course won't work when SNC is enabled because user SAP passwords are then deactivated.+

• Email attachments and digital signature

  I used to be able to open a email attachment, review it and then digitally sign it.
  Since the new IT people came it, the digital signature simply disappears. Any way to restore this function? Thanks.

  We experienced a similar problem when Adobe updates were installed. It seems that a recent Adobe update took away the capability to save your digital signature directly to the PDF email attachment, then forward the email with the signed attachment. Now, when we open a PDF email attachment and place a digital signature, as soon as we have entered our password for our digital signature, we are prompted with the "Save As" dialog box asking us to save the document somewhere on the hard drive of our computer (the default location is My Documents). If you hit Cancel, then the signed version does not get saved. The attachment remains unsigned. So we learned we needed to go through the Save As dialog and choose (and remember) a location to save the PDF, such as My Documents or Desktop, then reply or compose a new email and attach the signed version that we had just saved in Documents/Desktop. We used to be able to hit the Save icon in Adobe and save our changes (digital signature) to the email attachment. Having to save the PDF somewhere other than the email itself is an extra step we'd prefer to avoid, and we'd be happy to learn of a way to go back to our old method. I believe the key was that Adobe would save the signed version somewhere in the "temp files" on the C drive and automatically use that version when the email is forwarded. And I think Adobe did away with that, unless there is a way to revert to that method using Preferences?
  But I wonder if the Asker of this question is able to click "Place Signature" and has an opportunity to "Save As," saving the PDF on the hard drive of the computer for future attaching? Are you hitting "Cancel" in the Save As dialog?
  If you save the signed PDF (i.e. in the default My Documents), then a slightly quicker method than having to browse to the saved document in Documents is, you can click on the envelope icon (Sharing) at the top of the screen. Then click the "Attach to Email" circle and click the "Attach" button. This will generate a new email in your email application (i.e. Outlook) with the signed PDF attached (Adobe pulls the signed version that you previously saved to your Documents). The downside to this is that the generated email will not have the original email thread or subject line, so you will need to add a relevant subject line.
  Some of our users reported that they used the Share ... Attach to Email feature and their signatures would get wiped from the email attachment after they hit send. However, this phenomenon has not been witnessed since the most recent Adobe software update.

• How to create table and digital signature ?

  Hello,
  I would like to ask two questions regarding SAP interactive forms by adobe.
  1st question:
  How to create table in interactive form?
  Table that i can add rows and column and will show it in the form.
  Example the rows and columns that i want:
  <u><b>ID:</b></u>                <b><u>Name:  </u>  </b>               <u><b>DOB:</b></u>
  1                  Jack                      01/02/80
  2                  Ivy                         10/12/82
  2nd question:
  How to create digital signature ?
  I'm creating a adobe forms which need employee to sign on the form. I use signature field at my form. However, i don't know how to create a new signature and insert in the signature field.
  Can any one provide the answer with step by step guide?
  Thanks a lot

  Hi Pradeepa,
  you said you have your digital signature in
  BMP format? That means Bitmap and would mean you are actually talking about a picture! THIS IS NOT A DIGITAL SIGNATURE!
  A digital signature is a cryptographic key (aka public key cryptography) that is used to digitally sign a document, or at least a hash value derived from the document. Digitally signing means, applying the key in a well defined way (this is the algorithm used) to the document or hash value. You do this with your private key and the receiver of the document can then use your public key (which you can distribute in any way you want, even unsecure) to unencrypt the hash value. If this succeeds the receiver knows that the document was signed by you.
  This is because both keys are mathematically related in such a way, that what one key encrypted can only be decrypted by the corresponding other key and by no other key. You even can´t decrypt a document with the same key it was encrypted with, this is the difference to symmetric encryption - please have a look at help.sap.com and search for digital signatures.
  The named formats (afs, pfx and p12) are ways of coding the key, together with information about your person, such as email address and information about validity of the key into a
  certificate. This type of certificate is then called a x.509 certificate and is the same you might have seen when connecting to a secure webserver such as the one of your bank website. 
  Signing a form with such a certificate provides for mathematically and therefore business related proove of a users identity.
  In case you are really using a bitmap, this cannot work and would not serve you any good.
  Ask yourself this question: I want to make sure that the form was signed by a specific person. How can I make sure that the signing can only be done by the person pretending to have done so?
  A bitmap contains a picture, probably of the persons handwritten signature. How can I make sure that this picture was NOT recreated in MS Paint or Photoshop by someone else?
  The answer is:
  you can't! Therefore this way of prooving identity is useless. 
  You need to provide your users with digital signatures, put these in the certificate cache of your IE.  If a user then clicks on the signing field, the private key is used to digitally sign the form - create a hash value of the form and encrypt it with the private key. After the form is send back to the server or you, you use the corresponding public key to decrypt the hash value and, as said above, if this succeeds, identity of the signer is proven.
  THIS IS AN OVERSIMPLIFICATION! You might want to take a look at Adobe Reader Credentials.
  Regards,
     Christian