12-03-2009 10:12 AM
Dear Expert,
Would like somebody to throw some light on SSF. What I could see is that SAPcryto comes with SAP installation.
1. But what is the use of the .dll file and where does SSF comes into picture?
2. Does adding the following parameter is enough for Digital signature to work?
sec/libsapsecu D:\usr\sap\HGD\SYS\exe\run\sapcrypto.dll
ssf/ssfapi_lib D:\usr\sap\HGD\SYS\exe\run\sapcrypto.dll
ssf/name SAPSECULIB
Is the DS is used only through ABAP? For testing SE38--> SSF01, SSF02, I get the normal ouput with selecting default option,
SSF02-->
Function selection-> signing
RFC : blank
Options--> Format is PKCS7 , include certificate and encode/decode data
and rest all default.. executed ..then clicked on sign, got the following details
Sign (on application server)
Input data: 255
This is a sample text................................................................................................................
User profile (sign and develope)
CN=HGS
LOCALDIR
D:\usr\sap\HGS\DVEBMGS00\sec\SAPSYS.pse
Time: 32 ms
Result: SSF_API_OK
Results for the signatory:
CN=HGS
SSF_API_SIGNER_OR_RECIPIENT_OK
Output data: 1.414
0#.#..#H##....##.s0#.o...1.0...#H##.....0#....*#H##....##...##This is a sample text................................................
................................................................##.S0#.O0#.... .. .!B0...*#H#8..0.1.0...U....HGS0...090920162142Z..38
#d##7###2...#&#w.#8Ua-..2#I#\$###.#####p.##qI\lF!L.#..;...##Z##.#%#]##na#....##.##-n##I#..##.Q#;#a+##G###2.#.#=,#JkI.R#Fy.###,@.#pz#H
O.#..##U#Xp#..6###r#.T.####.m##.E%##.##.####"###,N#O####GG#.#^F.C#1#.##d.HJ.##/M8.aL.-8#.#0...*#H#8.../.0,..F.%H##Mc.kv##B.#.#g#..O#m
3101106Z0...#H##....1...I#.##.##.##K#.#0#.,..#H#8..0#...##.######E#-##\###
#Fy.###,@.#pz#Hg#L#(:Y##.###b7#1#h#w#N##Q#8#,.U.N##.#..j####./h.R#.n.#Tx#o.B.n#..#kM.7#K##./0-....t####.##@.2.^#3%#...#####B##x#..#F#
3.What does this mean? Is there anything I need to do more?
Please guide me in setting up the Digital Signature???
Thanks & Regards
Pras
12-04-2009 2:31 PM
Hi Pras,
sorry, but my answer was a little bit unclear. You If you want to digitally sign documents, you
do not have to install anything from a technical point of view. The already delivered library
(SAPSECULIB) is capable doing this task.
However in a plain SAP NetWeaver system, there is no "application" which signs now every
document automatically. You need to develope this by your own, e.g. you need to use SAP
products which are enabled to sign documents. (e.g. like document archiving...)
The reports SSF02 / SSF01 are development examples how to use the plain SAP NetWaever
functionality.
Hope that helps.
Pavlos.
12-03-2009 5:05 PM
Hello Prashant,
Digital Signatures are working out of the box, right after installation of SAP NetWeaver. There is no
need to install the SAPCryptolib in that case. However if you additionally want to be able to en-/decrypt
data, you need to use the SAPCryptolib.
The output of the test repost "SSF02" you are using, is signing some test data and printing out the
results, which can then be verified, if the document was not manipulated.
All you need to know about Digital Signatures can be found here:
http://help.sap.com/saphelp_nw70/helpdata/en/53/251a355d0c4d78e10000009b38f83b/frameset.htm
General Information about digital signatures can be found here:
http://en.wikipedia.org/wiki/Digital_signatures
Regards,
Pavlos.
12-04-2009 11:20 AM
Hi Pavlos,
All the SSF document on help.sap.com mentions about the security products?? So is it necessary to first get those products?
I was in the impression that only having the SAPcrypto is sufficient to have digital signature working?
Can you please guide me as what is required if u used? and how it can be configured to have DS in all the documents going out of SAP and at the other end, they able to read, by means of some decrypting software??
I am not able to get the flow of requirement and its testing
Regards
Pras
12-04-2009 2:31 PM
Hi Pras,
sorry, but my answer was a little bit unclear. You If you want to digitally sign documents, you
do not have to install anything from a technical point of view. The already delivered library
(SAPSECULIB) is capable doing this task.
However in a plain SAP NetWeaver system, there is no "application" which signs now every
document automatically. You need to develope this by your own, e.g. you need to use SAP
products which are enabled to sign documents. (e.g. like document archiving...)
The reports SSF02 / SSF01 are development examples how to use the plain SAP NetWaever
functionality.
Hope that helps.
Pavlos.
12-04-2009 2:58 PM
Hi Pavlos,
Thanks for making clear some of the stuff .. Awarded points accordingly.
But still I am a bit confused. You mean to say the delivered sap has SAPSECULIB which can handle it(DS). But some configuration is required, right?
2. You also mentioned about products like data archiving. How how the documents can be archived and Digitally signed and send? Data archiving and Document archiving is different topics? a but confused?
Could you please give some more technical eg.?
Appreciate your patience!!!
Regards
Prash