10-30-2006 7:46 AM
Hi,
Now, system is generating SD invoices in PDF and sending them by e-mail to customer.
Now, we want these PDFs to be signed.
I think the steps to do are:
1. Install and configure SAPSECULIB (I only want to sign, so I think it is enough). If I want to encrypt the message (digital envelope) I have to install and additional software.
2. Modify the standard SD process to take the PDF and sign it before sending, using function modules SSF_ADDSIGN, SSF_KNR_SIGN, ...
Is this correct? Is there any other way to sign SD invoices in an automatized process? What are the function modules I have to use to sign? Does SAP generate the public key I have to send to other non-sap applications to verify the signature?
I have read lots of articles, and help.sap.com, but it is not clear enough for me.
Thanks a lot for your help.
Regards.
11-02-2006 11:38 AM
Hi Santi,
you might check the SSF Programmer's Guide available at
http://service.sap.com/security --> Security in Detail --> Secure Collaboration
In chapter 5 there are guidelines how to call SSF from ABAP. In your case, probably function module SSF_KRN_SIGN_BY_AS is the right one. After defining your SSF application in transaction SSFA, you can generate the application's PSE containing private key and certificate with transaction STRUST.
Please note that SSF creates digital signatures in PKCS#7 format, but not PDF embedded signatures.
Best regards,
Klaus
Message was edited by: Klaus Kiefer
11-02-2006 11:47 AM
Hi,
Thanks but I have already read these guides.
My doubt is:
Does it exist any other way to sign sales orders documents (generated in PDF by SAP messages)than modifying the standard and calling these functions with the PDF document?
If I send the public key generated by SAPSECULIB to the e.mail recipients, can they recover the original PDF without problems? Can they verify the signature in non-sap applications?
Thanks and regards.
11-02-2006 12:01 PM
Hi Santi,
unfortunately I don't know if there is another way than modifying the standard.
For verification, you don't need to send the public key to the receiver - it's included in the signature. Any receiver supporting the PKCS#7 standard can recover the original PDF.
Best regards,
Klaus
11-06-2006 9:20 AM
Santi,
it would be helpful to know what the legal requirements for signed sales orders are in your country.
In some countries, strong requirements are held to digitasl signatures, so that an automated signature by the ERP system would not hold in a legal dispute.
With digital signatures, technical implementation is usually the easy part (although it might look the main problem to you right now), but getting the environment right is a lot harder.
Kind regards,
Frank.
07-07-2008 7:43 PM
Hi Santi,
I have the same requirement. Did you solve it?
However,in my case the e-mail and the PDF must be signed.
Anyone knows how to sign a PDF generated by a SD smartform? and/or a mail from a SAP system?
Thanks in advance & regards,
Ricardo.