SSF Digital Signature

Dear Experts,
Am trying to invoke digital signature process using SSF with SAP username/password. When i give by SAP password and do a signing i get the following error message:
Ssf_GetOwnCertificate: SsfOpenProfile failed with rc=23
I also have a external security product. but initially i would like to test this feature with SAP username/password and then move on to the external security product for this process.
Can someone help me out on this.
Regards,
Karthik

Hi,
   I checked with SSF01 and found that am able to apply the digital signature in this for testing. Also using a third party product without verification is also working fine.The problem i face is with SAP username/password and also with Third party product with verification.
Can you think of something that might have gone wrong.
Regards,
Karthik

Similar Messages

  • Java SSF for Digital Signatures and Document Encryption

    Hello,
    I have read in "SAP Help - Java Development Manual" that there is a Java SSF library for Digital Signatures and Document Encryption API.
    http://help.sap.com/saphelp_nw04s/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm
    I am trying to develop an example application in NWDS using Interfaces/classes (ISsfData, SsfDataXml...), but NWDS does not find this classes in any library.
    I have searched for Javadocs in NWDS plugins directory and this classes and interfaces should be in JAR com.sap.security.api.jar, but they aren't there.
    Our WAS version is: NW04s WAS 7.0 SP11 and he have downloaded Java Crypto Library (IAIK) and also SAP XML Toolkit.
    Does anyone know how to find or obtain this library?
    Thanks in advance,
    Jorge Linares

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • SSF and digital signatures

    Hi Guys!
    I need to exchange XML documents with third-party. The aproach is to generate it from SAP and then sign it with Digital Signature.
    I found information, that I could use SSF to achieve it. On help.sap.com I found information, that I could use SAP Cryptographic library.
    I have installed SAP Crypto and I maintained ssfrfc.ini file:
    SSF_LIBRARY_PATH = D:\CRYPTO\sapcrypto.dll
    SSF_TRACE_LEVEL  = 3
    SSF_MD_ALG       = MD5
    SSF_SYMENCR_ALG  = DES-CBC
    Now I want to test it with report SSF01 - but I'm getting an error:
    Result:  SSF_API_NOSECTK
    Version information:                                       61
             SSFRFC V1.46.3 No security toolkit version information found.
    So I thought I will manually run ssfrfc.exe. And again I'm getting an error:
    =================================================
    === SSF INITIALIZATION:
    ===... SSF initialization file ssfrfc.ini found.
    ===...SSF library is D:\CRYPTO\sapcrypto.dll .
    ===...SSF trace level is 3 .
    ===...SSF hash algorithm is MD5 .
    ===...SSF symmetric encryption algorithm is DES-CBC .
    ===...completed.
    =================================================
    =================================================
    === LOAD SSF FUNCTIONS:
    ===...could not load SSF library D:\CRYPTO\sapcrypto.dll .
    I checked two libraries:
    SAPCRYPTOLIBP_8412-20011729
    SAPCRYPTOLIB_36-10010888
    I checked all file destinations and so on at least three times. I don't have any new idea to make it working. Please help me.
    Best regards
    Ana

    Hello Anatoly,
    I had exactly the same issue with a SSF library provided by SBKontur (RU). Their library "KonturSSF.dll" could not be loaded by ssfrfc.exe on the frontend, the trace file contained something like:
    =================================================
    === SSF INITIALIZATION:
    ===... SSF initialization file C:\Program Files (x86)\SAP\FrontEnd\SAPgui\ssfrfc.ini found.
    ===...SSF library is C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
    ===...SSF trace level is 5 .
    ===...SSF hash algorithm is SHA1 .
    ===...SSF symmetric encryption algorithm is DES-CBC .
    ===...completed.
    =================================================
    =================================================
    === LOAD SSF FUNCTIONS:
    ===...could not load SSF library C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
    After some investigation I found out by calling the ssfrfc.exe directly in a Windows command box with option -D, that the library had dependencies to Microsoft's C runtime libraries MSVCP120.DLL and MSVCR120.DLL.
    Unfortunately, this is not logged into the SSF RFC Trace File dev_ssfa*, but only shown as error message in a popup window if you execute ssfrfc.exe directly as mentioned before.
    So you should try this in order to find out if there are dependencies with your special library.
    Kind regards
    Heiko

  • SSF - verify digital signatures in C ( or other Microsoft language )

    Hi Experts,
    Could you please tell me where to find examples of / information on verifying a digita signature from SAP externally using C ( or other microsoft language ).
    The SSF Progrsammers Guide refers to header files such as ssfxxlib.h and a c program called ssfxxsup.c
    On SDN, The 'Christophe Solution' refers to a header file called ssfxxapi.h
    Do you have any idea where to obtain these header files
    Thanking you for all help -
    Andy

    Hi,
    you can download whole SSF specification from this [link|ftp://ftp.sap.com/pub/icc/bc-ssf45/SSF_Specifications.zip]. You can get to this link from [ICC|http://www.sdn.sap.com/irj/sdn/icc]. It's nicely hidden
    Cheers

  • Digital signature error- SSF Error

    Hi,
    I am trying to do a digital signature using signature method " System signature with Authorisation by User ID and Password"  but facing an error after I enter my password during the digital signature.
    Error is "SSF error: Unknown Error"
    Message No: IS014
    Please let me know what needs to be done to resolve this error.
    Setting completed are QM Material Authorisation group cretaed for Result Recording and Usage Decision Digital Signature.
    Thanks
    Vineeth

    Check and if necessary maintain the standard settings. To do this, execute the following activities in the IMG under SAP Web Application Server -> System Administration -> Digital Signature:
    • Define application-dependent parameters for SSF functions
    • Define security settings for the system
    Also In IMG check settings under >> SAP Netweaver--> Application Server > System Administration -> Maintain the Public Key information for the system> Maintaining the system security information.

  • Adding Digital Signature to XML strings

    Hello All ,
    i'm looking for functionality to add digital signature, encoding & decording to XML Payment fiels with encryption as well.i have searched on SDN but i havn't found any solution.
    waiting for some useful thoughts on it.
    i have see Programs SSF* as well , but it requires PSE settings which i dont want to  use .Is there any others ways to do it ?
    Thanks & Regards
    V.

    Yes, you need a certificate to sign.
    You need a special one for yourself, one that also contains your private key.
    Your message is signed with your private key (actually encrypted with it), after that anyone can see you signed it using your public key.
    Encryption works the other way round: You encrypt it with openly available public key of the recipient, but only he will be able to decrypt it with his private key.
    BTW you can create your own certificate, using Keychain Access>Certificate Assistant. The disadvantage is that they are not automatically accepted as valid, since they are not listed in the X509Anchors keychain. You have (and whoever you deal with) manually import your (public) certificate into the Keychain X509Anchors as well. Double clicking the certificate gives you the option to do so.

  • Digital Signatures and APEX

    Has anyone had any success implimenting digital signatures (PKI) within APEX?
    Here is a brief synapsis of what we are looking to accomplish and realize that third-party hardware/software might be necessary. We require users to login using LDAP credentials. We want them to be able to generate documents (i.e. PDF, Word, or Excel) from our application data. We want the users to have the ability to Digitally Sign their documents. We will be issuing individual private keys & certificates and we are considering generating the documents as XML. We are still in requirements gathering, but wanted to explore any and all capabilities within APEX.
    Any thoughts? Thanks.

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital signature verification failed - Error RTCCTOOL

    Hi guys !!!
    I am running the report from the SDCCNN - RTCCTOOL, but I get the following error message:
    1. Digital signature verification failed
    Description -  The verification of the recommendation content using digital signatures has failed. Therefore recommendations were suppressed.
    Implementation -  Consult SAP note 69455 if there is a known issue with content verification. If you do not find a solution open a customer message on SV-SMG-SDD.
    When I Goto - Digital signatures Activate button digital content verification is disabled.
    Then go to the transaction on the client STRUST 000 and I found the certificate: SSF SAP AGS Online Content View The certificate shows:
    Owner: CN=SID SSF SAP AGS Online Content Verification, OU=I0020596183, OU=SAP Web AS, O=SAP Trust Community, C=DE
    Certificate List: CN=Online Recommendations, CN=OR-C, CN=V01M, OU=AGS, O=SAP AG, C=DE
                CN=Online Recommendations Upd, CN=OR-U, CN=V01M, OU=AGS, O=SAP AG, C=DE
    Both certificates will expire on 01.01.2038.
    According to the help and OSS note 69455 tell me again that I must create this certificate every year, but I see this current certificate, what is the error?
    What is the process because I'm not clear and can not find another OSS note or the SDN forum to tell me what is wrong is happening.
    Thanks guys for the help I can provide.
    Desiré

    Hi all.
    I have the same problem and explore all possible solutions found in this discussion and others without satisfactory result.
    Everything points that may be an inconsistency error external certificate which is in the DB. Anyone know how to fix this.
    Greetings.

  • Digital signatures and view document througt URL

    Hello together,
    We use status document and digital signatures workflow and we canu2019t use URL link to documents which have been approved. In browseru2019s window I see digital signatures information and error :u201DHTTP 404 the web page cannot be foundu201D.
    In transaction SOLAR01, SOLAR02 when, I display approved document, at first I see the windows with digital signatures information and then, after push enter - required document.
    If document in status u201Cin progressu201D we donu2019t have problem.
    Could you help me to resolve this problem or disable windows with signatures information?

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • WDJ Adobe digital Signatures

    Hello SDN,
    I have to implement Digital signatures in my Webdynpro interactive forms. In sdn I found one example related to online Interactive form security but for offline I couldnt find.
    In offline scenario, a user will send pdf form to customer or employee etc to fill the form and send it back.
    1) Here how a receiver will know that he got the form, from an authorized person?
    2) Once the form is filled and send it back, how receiver can validate whether the filled form came from an authorized person?
    3) Also how exactly I can use digital signatures? what are the technical requirements for implementing digital signatures?(SSL is mandatory?)
    Can some one guide me on this?
    Appreciate your help.
    With regards,
    Ravi

    Hi Ravi,
    Digital signatures can also be created and verified as of Adobe Reader 5.1. Users can use the Adobe Acrobat Reader to display and print files in PDF format, whose content and appearance correspond to the paper version, on a cross-platform basis. The prerequisites for this are the use of the new Adobe Document Server for Reader Extensions and the replacement of SmartForms by Adobe Acrobat (this is still in development). SSF is not used.
    Adobe Document Server for Reader Extensions assign additional usage rights to electronic forms that were created with Adobe Acrobat 5.0 and Adobe Form Designer 5.0. Digital signatures are a type of usage right.
    Adobe Acrobat Reader 5.1 can be downloaded free-of-charge from Adobe's Web site, and processes the usage rights that were embedded in PDF forms by the Adobe Document Server for Reader Extensions.
    for SSL service go through:[https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/media/uuid/40cacc80-c1fc-2a10-f8b5-9e33b1829552]
    for ADS (adobe document services) chk it out;[https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/50fd998b-494f-2b10-c2ab-e3513a857f62]
    Digital Signatures and Certification in Forms:
    [http://help.sap.com/saphelp_nw04s/helpdata/en/de/eda54dd9194cbcbb62bffaaebfa41d/frameset.htm]
    If U have to implement digital certificates, from where I can get these certificates? Do U have to create on my own or need to buy from some party?
    chk it out;https://www.bconline.gov.bc.ca/pdf/DigiCertFAQ.pdf
    On-demand digital certificates for Adobe AIR applications:
    [http://www.net-security.org/secworld.php?id=6628]
    Regards,
    Khushboo

  • Digital Signatures with Smart Cards

    Hi folks,
    It is my first time with digital signatures on R/3 system. I’m at customer that uses smart cards (hardware cryptography). We are doing the SAPCRYPTOLIB and front end installations. After finish these tasks, we need to implement the signatures into 3 workflow processes. I already read the SSF programmers guide, API specifications and SSF user guide. But I still have some doubts:
    The SSF profile is stored into smart card with private key information, but where are the public keys stored? (PAB – Private Address Book of my trusted circle).
    Do I need the CRLs? Note: this is only for workflow processes that run inside of customer landscape; this is not a B2B scenario.
    We don’t have clear yet how we sign the data; we are thinking sign a BOR object. Create an attribute and use it to pass the signer data. Note: for the customer, the objective is user authenticity guarantee.
    The BOR object instance ends when the flows finish, so wee need to store the signed data for auditable reasons. A database table can be a good approach or there is another standard way?
    P.S.: anyone have documentation about this subject, something like how-to with guidelines?
    Thanks in advance,
    Ricardo.
    Message was edited by:
            Ricardo  Quintino

    The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
    Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
    The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
    Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
    Regards, Wolfgang

  • Digital Signatures and Security Policies

    Is there a way to combine a digital signature and a Security Policy. We have a need to digitally sign a document, but not allow that signature to be removed and to not allow any further editing of the document?

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Coldfusion

    I want to add a digital signature field (3 to be exact) to a PDF file that I
    generate via coldfusion (via the cfdocument tag), OR use a form built in livecycle that once it is signed by the first person, the only allowable changes to the form are the second and third digital signature.
    Any help would be appreciated as digital signatures are not handled in cfdocument as well (at all) as I had hoped.
    Thanks,
    Drew

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Document Encryption api

    Hello Expert,
    From which SAP NETWEAVER 7.0 SPS  Digital Signatures and Document Encryption api  is supported ?
    I found  Javadocs for  SAP NetWeaver 04 SPS15.Is this api supported from SPS 15  or prior to SPS 15   also?
    Regards,
    Kubra Fatima.

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures with SmartCards.

    Hi guys,
    Has anyone implemented in R/3 digital signatures with smartcards?
    Currently I'm at customer side trying to implement digital signatures within workflow processes using ABAP SSF functions. The smartcard devices are already installed, but I can't read the data inside the smartcard, moreover, I can't link the smartcard device with R/3 and I don't know how to do it…
    I read in some Weblogs and documents that it is necessary a SAP-certified external security product. I believe this external security product is the software that comes inside of smartcard drivers CD. It is something like a little application on which we can sign in data and put our fingerprint.
    I guess it is not supposed to develop an interface application between smartcard and R/3! When I started these developments I thought that I only needed to configure some environment variables to connect these devices with R/3 and then develop the ABAP flow logic with SSF Functions - Am I right?
    Can anyone provide me some guidelines for this issue?
    Thanks in advance,
    Ricardo.

    The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
    Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
    The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
    Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
    Regards, Wolfgang

Maybe you are looking for