cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Files encrypted and digital signed with cFolders

Former Member

on ‎06-25-2009 11:46 AM

0 Kudos

Dear all,

Currently I'm involved on a PPS project with cFolders. This project has legal requirements that consist in implementing encryption and digital signature in files which will be uploaded to cFolders. I've been searching on SAP Help, SDN and Service Marketplace about APIs to work with cFolders with encryption and digital signatures, but I didn't find related documents. It seems there is no documentation regarding such scenarios...

Anyone has experience in cFolders with files encrypted and digital signed?

Thanks in advance & regards,

Ricardo.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-25-2009 8:43 PM
0 Kudos

Hi Ricardo,

In my scenario, the user not only uploads a file but also signs it, for which I must established a communication with the CA server, because they take his certificate from the browser, and checks its validity and authenticity. After that, the user is asked for his private key to sign the document.

The certificate upload to cFolders that you refer, in my case is done by an script provided by the CA, which I only call in the 'Layout' section of my page; they do the certificate uploading to the web browser ( not to cFolders ), because that´s the way users certicates are transported and shared.

I´m afraid I didn´t worked with PGP files, hope this could help you.

Kind regards,

Federico.

Show replies
Show replies
Former Member
‎06-26-2009 9:56 AM
0 Kudos

Hi Federico,

Based on your response in your scenario the user uploads his file into cFolders (at this moment the file is not signed yet) during the process you instantiate CL_HTTP_CLIENT class, using method CREATE_BY_DESTINATION to send the URL of the document to be signed, it means some Webservice (provided form your CA) is signing the documents you send by URL, am I right?

Or my assumption is wrong and what you send to CA (trough web browser script) is only the certificate to validation. In that case, you will need another API to sign the file after CA validation returns ok, right?

Regards,

Ricardo.

Former Member
‎06-25-2009 4:13 PM
0 Kudos

Hi Ricardo,

I´m doing exactly the same, with cfolders running ovre SAP SRM 5.0 and it´s finally working. This is what I did:

1. The third party server (the digital signature server) where I send the sign requests is, obviouslly, an https server. So, to communicate with it, you must create an RFC destination of type 'G', with SSL encryption active. It´s a critial point to choose the right PSE Client there...

2. ...because the next step is to add the digital signature server certificates to that PSE Client, and its CA root certificate in STRUST transaction. For more help about PSE, take a look at this

3. The rest is relatively easy; from abap all you have to do is to instantiate CL_HTTP_CLIENT class, using method CREATE_BY_DESTINATION. Then, send the URL of the document to be signed, and receive the response to your request, all with methods from the class mentioned above.

Focus on first two steps, I´ve had several problems for weeks until we make that RFC connection work.

I have several threads on the Netweaver Security forum about this issue, I think you´ll find very helpful my previous experience and the help I´ve received from other members.

Kind regards, and good luck.

Federico.

Edited by: Federico Alvarez on Jun 25, 2009 10:13 AM

Show replies
Show replies
Former Member
‎06-25-2009 8:06 PM
0 Kudos

Hi Federico

If I understood your solution you are signing your documents in a Webservice provided from a CA. For that youu2019ve created an RFC dest type G over ssl (https) and used the class CL_HTTP_CLIENT. So your requirement is only to sign documents, right?

Well my scenario seems a little bit different as Iu2019ve to encrypt the file and also sign it. The signature is done on useru2019s laptop trough a smartcard (hardware device connected via USB that reads the chip the certificate assigned to our identity card) and cannot be signed from other entity than the user itself.

Did you explore the PGP alternative? cFolders supports this kind of files (*.pgp). The PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt files, e-mails, etc.

Today I installed a trial version of a PGP tool. I tested the encryption/signature with files on my desktop and it works fine. I tested a Public Key scenario where the owner publishes his PK in cFolders and the requester gets this PK in cFolders as well. The requester now can encrypt documents and upload them to cFolders with the public key provided by the owner; the owner itself has the private key to open the encrypted file (extension .pgp) after upload. But over the encrypted file the requester must sign it with his private key (another certificate) provided by a CA and here starts the second challenge...

In cFolders after the file upload the system should gets the requester digital signature and sends it to CA for validation, only after that we know if the requester is a trusted partner or not. To do this we are thinking to use a Webservice provided by the CA, however I don't know how to extract/get the signature in the file encrypted/signed from PGP and uploaded to cFolders.

Do you have any idea?

Thanks & regards,

Ricardo.

Ask a Question