Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

verify digital signature produced by SAP Content Server HTTP 4.5 Interface

I am trying to verify a ‘digital signature’ sent by the SAP Content Server HTTP 4.5 Interface.

In the Java code I am using the class SsfDataPKCS7 - verify method, and it always returns 'false'.

Within the SAP system, using, say, ABAP function SCMS_HTTP_DELETE; I can see the Input data for signing is –


length = 62


The ‘signed data’ created by SAP , passed as secKey is like –


( we then decode %2B back to ‘+’, %2F back to ‘/’, %3D back to ‘=’ )

The Java code is -

boolean res = true;

// Load the certificate.

InputStream inStream = new FileInputStream("Mandant_Certificate.crt");

CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);


// This is the secKey as received from R/3, with URL-encoded characters decoded.


// Decode the secKey from base64.

byte[] secKey = Base64.decode(base64SecKey);

// Load the secKey into an SsfDataPKCS7.

SsfDataPKCS7 secKeyData = new SsfDataPKCS7(new ByteArrayInputStream(secKey));

// Build an address book with our certificate in it.

ISsfPab pab = new SsfPabBasicImpl(new X509Certificate[]);

// Build the message. These are the parameter values from same URL

// that secKey came from.

String message = "O11200120DESCRDCN%3DMNDT,OU%3DDEV,O%3DMANDANT,C%3DGB20070927105414";

ISsfData messageData = new SsfDataPKCS7(new ByteArrayInputStream(message.getBytes()));

// Verify the signature. This prints "false".

SsfSigRcpList signer = new SsfSigRcpList();

try {

res = secKeyData.verify(pab, signer, messageData, cert);

} catch (SsfInvalidDataException e){

System.out.println("Error while verifying data "+e);


Has anyone already had this problem and solved it ?

Can anyone help me ?

Thank you in advance,


Former Member
Not what you were looking for? View more on this topic or Ask a question