Terminology and Abbreviations
Before performing the SSF administration tasks, familiarize yourself with the following terms and abbreviations.
|
Term |
Definition |
|---|---|
|
Certification Authority (CA) |
A third-party instance that issues public-key certificates. The CA guarantees the identity of the certificate owner. |
|
Credentials |
User or component-specific information that allows users or components to access their security information. The credentials may be located, for example, in a protected file in the file system. They often have a limited life span. For example, the credentials of a user may be created when they log on to the security product and deleted when they log off. |
| Digital signature |
Security mechanism for protecting digital data. The digital signature serves the same function for the processing of digital data as a handwritten signature serves for paper documents. Its purpose is to guarantee that the individuals (or components) that sign digital documents really are who they claim to be. It also protects the integrity of signed data; if even 1 bit in either the signed data or in the signature is changed, the signature is invalid. The digital signature is based on public-key cryptography. Each signer is provided with a unique key pair consisting of a private key and a corresponding public key. The signer creates his or her digital signature by using his or her private key. He or she distributes the public key as desired. Recipients of signed data use the public key of the signer to verify his or her digital signatures. For example, in electronic commerce, paperless contracts are closed without using handwritten signatures. However, each country may define specific requirements for legally binding signatures. |
|
Digital envelope |
Type of security that protects a message from being viewed by anyone other than the intended recipients. A digital envelope is created using hybrid encryption. First, the message itself is encrypted using symmetric encryption (meaning that the same key is used to encrypt and decrypt the message). This key is then encrypted using public-key encryption and sent or saved with the encrypted message. Only the intended recipient of the message can decrypt the key that was used to encrypt the original message, and therefore, decrypt the message. |
|
Personal Security Environment (PSE) |
Secure location where the public-key information of a user or component is stored. The PSE for a user or component is typically located in a protected directory in the file system or on a smart card. It contains both the public information (public-key certificate and private address book) as well as the private information (private key) for its owner. Therefore, only the owner of the information should be able to access his or her PSE. For example, the SAP Cryptographic Library stores the information of the application server in a PSE. In this case, the PSE contains both the private address book for SAP NetWeaver Application Server (SAP NetWeaver AS) as well as the SSF profile. |
|
Private address book |
Location in the public-key infrastructure where the public keys of the users and components are stored. Depending on the security product that you use, it may be identical to the SSF profile. |
|
Public-key infrastructure (PKI) |
A system that manages the trust relationships involved with using public-key technology. The role of the PKI is to make sure that public-key certificates and CAs can be validated and trusted. The collection of services and components involved with establishing and maintaining these trust relationships is known as the PKI. |
|
Public-key technology |
Technology used for securing digital documents. Public-key technology uses key pairs to provide its protection. Each participant receives an individual key pair consisting of a public key and a private key. These keys have the following characteristics:
|
|
Public-key certificate |
A digital document that contains the necessary information to identify its owner and verify his or her digital signatures. Typical information contained in a public-key certificate include:
|
|
SAP Cryptographic Library (CommonCryptoLib) |
Default security provider provided with SAP NetWeaver AS compatible with the SAP Cryptographic Library (SAPCRYPTOLIB) and the SAP Security Library (SAPSECULIB). CommonCryptoLib not only supports the use of digital signatures in SAP Systems, but also provides for encryption. You can use it for example, as the security provider for Secure Network Communications (SNC) or for using the Secure Sockets Layer (SSL) protocol with the SAP NetWeaver Application Server, for Kerberos with SPNego, and for signing and encrypting documents with Secure Store and Forward (SSF). CommonCryptoLib is available for download from SAP. However, because the library includes encryption routines, its distribution is subject to and controlled by German export regulations and may not be available to all customers. The library may also be subject to local regulations of your own country that may further restrict the import, use, and (re-)export of cryptographic software. For more information, see SAP Note 1848999 |
|
SSF Profile |
Information in SAP NetWeaver AS where the private part of the public-key information of a user or component is stored (the private key). The SSF profile may be a file or any other information specifying the public-key information. The exact form of the profile depends on the security product that you use. |
|
System PSE |
The Personal Security Environment (PSE) for SAP NetWeaver AS. The system PSE is created by the SAP Cryptographic Library during the installation process and contains the private address book and the SSF profile for the SAP System. |
