Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Abap Fub SSF_KRN_SIGN_BY_AS

0 Kudos

Dear all/colleagues,

Following request should be fulfilled with abap-functionality:

To build up the signature the application should take the paramater list

of the URL and build up a hash value using the MD5 algorithm. Next the

external application has to sign the outcome of the hash function with a

private key using the RSA algorithm. Next the output of this signing

operation must be converted into a HEX stream.

Can I use SSF_KRN_SIGN_BY_AS for this request? To specify the

hash-algorithm I use parameter STR_HASHALG, but there is no parameter

for Encryption-algorithm. Which value is the default for the

encryption-algorithm? Can you tell me details about conversion into

hex-stream within this function?

(http://help.sap.com/saphelp_nw70ehp1/helpdata/de/4d/bf6f77a2c5446a86e0152f1b309db6/frameset.htm and marketplace could not give me the right answer)

Regards, Norbert

3 REPLIES 3

martin_voros
Active Contributor
0 Kudos

Hi,

first, SSF_KRN_SIGN_BY_AS uses PKCS#7 format (more info in [RFC 2315|http://tools.ietf.org/html/rfc2315]). It's important to understand this. By default it uses RSA algorithm for asymmetric encryption.

What exactly do you mean by hex stream? You can simply concatenate lines of ostr_output_data into binary string (XSTRING) and then simply assign it to regular string. If you mean base64 encoding which is very often used then you can use FM SSFC_BASE64_ENCODE or use class CL_HTTP_UTILITY.

Cheers

0 Kudos

Hi Martin,

the information about the rfc was very useful for me (reading and understanding it, takes a lot more time )

Receiver of signature maintains that with RSA,signature has always a length ob 128 Bytes (and contains only 256 hex-values). Is this assertion correct? I could not produce such a string with abap (trying a lot of functions, including ssfc_base64_encode and many more).

Cheers, Norbert

0 Kudos

Sorry, I am confused. What part of message has always 128 bytes? But I think it's not important. What I was trying to say is that SSF_KRN_SIGN_BY_AS uses PKCS#7 format instead of raw RSA. BTW this is very good because implementing encryption properly is really tricky and anybody should avoid it. So if you want to decrypt this message in external system you need to have a library which supports this format. For example you can use OpenSSL for C/C++ or Bouncy Castle for Java. How you pass that message to external system is up to you.

Cheers