Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital signature for SD invoices

Former Member

‎10-30-2006 7:46 AM

0 Kudos

Hi,

Now, system is generating SD invoices in PDF and sending them by e-mail to customer.

Now, we want these PDFs to be signed.

I think the steps to do are:

1. Install and configure SAPSECULIB (I only want to sign, so I think it is enough). If I want to encrypt the message (digital envelope) I have to install and additional software.

2. Modify the standard SD process to take the PDF and sign it before sending, using function modules SSF_ADDSIGN, SSF_KNR_SIGN, ...

Is this correct? Is there any other way to sign SD invoices in an automatized process? What are the function modules I have to use to sign? Does SAP generate the public key I have to send to other non-sap applications to verify the signature?

I have read lots of articles, and help.sap.com, but it is not clear enough for me.

Thanks a lot for your help.

Regards.

5 REPLIES 5

former_member402999
Explorer

‎11-02-2006 11:38 AM

0 Kudos

Hi Santi,

you might check the SSF Programmer's Guide available at

http://service.sap.com/security --> Security in Detail --> Secure Collaboration

In chapter 5 there are guidelines how to call SSF from ABAP. In your case, probably function module SSF_KRN_SIGN_BY_AS is the right one. After defining your SSF application in transaction SSFA, you can generate the application's PSE containing private key and certificate with transaction STRUST.

Please note that SSF creates digital signatures in PKCS#7 format, but not PDF embedded signatures.

Best regards,

Klaus

Message was edited by: Klaus Kiefer

Former Member
In response to former_member402999

‎11-02-2006 11:47 AM

0 Kudos

Hi,

Thanks but I have already read these guides.

My doubt is:

Does it exist any other way to sign sales orders documents (generated in PDF by SAP messages)than modifying the standard and calling these functions with the PDF document?

If I send the public key generated by SAPSECULIB to the e.mail recipients, can they recover the original PDF without problems? Can they verify the signature in non-sap applications?

Thanks and regards.

former_member402999
Explorer
In response to former_member402999

‎11-02-2006 12:01 PM

0 Kudos

Hi Santi,

unfortunately I don't know if there is another way than modifying the standard.

For verification, you don't need to send the public key to the receiver - it's included in the signature. Any receiver supporting the PKCS#7 standard can recover the original PDF.

Best regards,

Klaus

koehntopp
Product and Topic Expert
Product and Topic Expert
In response to former_member402999

‎11-06-2006 9:20 AM

0 Kudos

Santi,

it would be helpful to know what the legal requirements for signed sales orders are in your country.

In some countries, strong requirements are held to digitasl signatures, so that an automated signature by the ERP system would not hold in a legal dispute.

With digital signatures, technical implementation is usually the easy part (although it might look the main problem to you right now), but getting the environment right is a lot harder.

Kind regards,

Frank.

Former Member

‎07-07-2008 7:43 PM

0 Kudos

Hi Santi,

I have the same requirement. Did you solve it?

However,in my case the e-mail and the PDF must be signed.

Anyone knows how to sign a PDF generated by a SD smartform? and/or a mail from a SAP system?

Thanks in advance & regards,

Ricardo.