Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with digital signature of documents

Former Member
0 Kudos

I have a requirement to upload documents and his respected fingerprint signed (SHA1WithRSA).

To achive this I am using the functions modules:

SSF_KRN_DIGEST

SSF_KRN_SIGN_BY_AS

but I can´t make it work.

I also ask for the .pem file used to generate the PSE that I'm using to sign documents.

With this pem file I execute in openSSL this following command:

#Creates Message Digest of document.txt, and the sign it with MyKey.pem

dgst -sha1 -sign MyKey.pem -out document.sign document.txt

AND THIS WORKS! Now, with this succesfull case I try to track down the problem with the FM that I'm using, and I detected that SSF_KRN_DIGEST is given me a diferent result than openssl (so I forget for sign the document for a while...).

This are the HEX value for OpenSSL (this is the one that works):

3021300906052B0E03021A05000414AC
3725ACAD34E2F8B921B315DD200D715B
FDEEEB

And this is the HEX value of the result of FM SSF_KRN_DIGEST:

304006092A864886F70D010705A03330
31020100300906052B0E03021A050030
0B06092A864886F70D0107010414AC37
25ACAD34E2F8B921B315DD200D715BFD
EEEB

As you can see, both files do countain the digest, but the metadata and padding is different. As far as I know, it should respect the ASN.1 structure, but I can figure out whats wrong with the SSF_KRN_DIGEST call.

This is my code:

* Creamos el message diggest del archivo

CALL FUNCTION 'SSF_KRN_DIGEST'

   EXPORTING

     b_detached                         = 'X'

     ostr_input_data_l                  = lv_bin_data_len

     str_hashalg                        = 'SHA1'

  IMPORTING

    ostr_digested_data_l               = lv_digested_len

*   CRC                                =

   TABLES

     ostr_input_data                    = lt_bin_data

     ostr_digested_data                 = lt_digested_data

  EXCEPTIONS

    ssf_krn_error                      = 1

    ssf_krn_noop                       = 2

    ssf_krn_nomemory                   = 3

    ssf_krn_opinv                      = 4

    ssf_krn_nossflib                   = 5

    ssf_krn_input_data_error           = 6

    ssf_krn_invalid_par                = 7

    ssf_krn_invalid_parlen             = 8

    ssf_fb_input_parameter_error       = 9

    OTHERS                             = 10.

Where lt_bin_data contains the document, uploaded in binary mode.

Thanks in advance.

regards.

1 ACCEPTED SOLUTION

martin_voros
Active Contributor
0 Kudos

Hi,

SSF_KRN_DIGEST uses PKCS#7 format. That does not seem to be the case for dgst.


Cheers

3 REPLIES 3

martin_voros
Active Contributor
0 Kudos

Hi,

SSF_KRN_DIGEST uses PKCS#7 format. That does not seem to be the case for dgst.


Cheers

0 Kudos

Thank you Martin for your response.

That's where the tricky part begins. The application where I have to upload the signed document works with PKCS#7 format.

However, the file processed with OpenSSL is the only one that is working.

0 Kudos

Martin, as you said, the problem was the PKCS#7 format.

In a communication problem, I was told that the application works with that format, whereas in reality is working with PKCS#1 - V1.5

I just have to search for a FM that support that format, like SSFW_KRN_SIGN.

This FM calculates the MD, and sign it, so it was easier than I originally thought.

This is the FM call that I'm using, just in case someone needs the code:

* Leemos los parametros definidos en la SSFA

CALL FUNCTION 'SSF_GET_PARAMETER'

   EXPORTING

     application             = 'INTBAN'

   IMPORTING

     str_profileid           = lv_profileid

     str_profile             = lv_str_profile

   EXCEPTIONS

     ssf_parameter_not_found = 1

     OTHERS                  = 2.

*Cargamos la tabla con el encargado de firmar

lw_signer-id = lv_profileid.

lw_signer-profile = lv_str_profile.

INSERT lw_signer INTO TABLE lt_signer.

*Calculamos MD del documento (SHA1), y firmamos

CALL FUNCTION 'SSFW_KRN_SIGN'

   EXPORTING

     str_format                   = 'PKCS1-V1.5'

     str_hashalg                  = 'SHA1'

     ostr_input_data              = lv_xstring_data_to_sign

   IMPORTING

     ostr_signed_data             = lv_xstring_signed_data

   TABLES

     signer                       = lt_signer

   EXCEPTIONS

     ssf_krn_error                = 1

     ssf_krn_noop                 = 2

     ssf_krn_nomemory             = 3

     ssf_krn_opinv                = 4

     ssf_krn_nossflib             = 5

     ssf_krn_signer_list_error    = 6

     ssf_krn_input_data_error     = 7

     ssf_krn_invalid_par          = 8

     ssf_krn_invalid_parlen       = 9

     ssf_fb_input_parameter_error = 10

     OTHERS                       = 11.


Where lv_xstring_data_to_sign is just a xstring with the document that I have to sign.


Regards!

--

German Guzelj