10-18-2010 12:11 PM
Dear all/colleagues,
Following request should be fulfilled with abap-functionality:
To build up the signature the application should take the paramater list
of the URL and build up a hash value using the MD5 algorithm. Next the
external application has to sign the outcome of the hash function with a
private key using the RSA algorithm. Next the output of this signing
operation must be converted into a HEX stream.
Can I use SSF_KRN_SIGN_BY_AS for this request? To specify the
hash-algorithm I use parameter STR_HASHALG, but there is no parameter
for Encryption-algorithm. Which value is the default for the
encryption-algorithm? Can you tell me details about conversion into
hex-stream within this function?
(http://help.sap.com/saphelp_nw70ehp1/helpdata/de/4d/bf6f77a2c5446a86e0152f1b309db6/frameset.htm and marketplace could not give me the right answer)
Regards, Norbert
10-19-2010 1:26 AM
Hi,
first, SSF_KRN_SIGN_BY_AS uses PKCS#7 format (more info in [RFC 2315|http://tools.ietf.org/html/rfc2315]). It's important to understand this. By default it uses RSA algorithm for asymmetric encryption.
What exactly do you mean by hex stream? You can simply concatenate lines of ostr_output_data into binary string (XSTRING) and then simply assign it to regular string. If you mean base64 encoding which is very often used then you can use FM SSFC_BASE64_ENCODE or use class CL_HTTP_UTILITY.
Cheers
10-22-2010 7:38 AM
Hi Martin,
the information about the rfc was very useful for me (reading and understanding it, takes a lot more time )
Receiver of signature maintains that with RSA,signature has always a length ob 128 Bytes (and contains only 256 hex-values). Is this assertion correct? I could not produce such a string with abap (trying a lot of functions, including ssfc_base64_encode and many more).
Cheers, Norbert
10-22-2010 10:46 PM
Sorry, I am confused. What part of message has always 128 bytes? But I think it's not important. What I was trying to say is that SSF_KRN_SIGN_BY_AS uses PKCS#7 format instead of raw RSA. BTW this is very good because implementing encryption properly is really tricky and anybody should avoid it. So if you want to decrypt this message in external system you need to have a library which supports this format. For example you can use OpenSSL for C/C++ or Bouncy Castle for Java. How you pass that message to external system is up to you.
Cheers