Security Settings for Receiver Mail Adapter

Use

If you have assigned the receiver agreement a communication channel with Adapter Type Mail , you can specify security settings for message security.

You can digitally sign and encrypt e-mails. Here, message security is based on the S/MIME internet standard (Secure Multipurpose Internet Mail Extension). The S/MIME implementation is based on the Cryptographic Message Syntax (CMS) standard, RFC 3852, July 2004.

The following constraints apply to this standard:

SAP does not perform any kind of canonization before signing a MIME unit.
Constraints for S/MIME version 3 message specification:

SAP does not support DSA (jd.dsa) as SignatureAlgorithmIdentifier.

SAP does not support Diffie-Hellman as KeyEncryptionAlgorithmIdentifier.

Features

Specify which Security Procedure you want to configure:

Sign
Encrypt

You create a digital envelope. This process uses a two-level (hybrid) encryption to make digital documents more secure.
Sign and Encrypt
Encrypt and Sign

Certificate for Signature

Field	Meaning
Keystore	Enter the name of the local keystore (the local J2EE Engine). Note The keystore is a file containing security information such as public and private keys, as well as trusted Certification Authorities.
Keystore entry	Enter the name of the private key (from the keystore specified above). The RSA algorithm is required as the signature algorithm.
Add Signed Mail Certificates	Set this indicator if you want to add the certificate chain of the private key according to RFC 2312 to the mail.
Send Signed Mail in Non-Encoded Text	Set this indicator if you want to send data in MIME type multipart/signed. The first package contains the non-encoded text and the second contains the signature. This indicator is only available if you have selected `Sign` as the security procedure. For more information about MIME types, see the table below.

Field

Meaning

Keystore

Enter the name of the local keystore (the local J2EE Engine).

Keystore entry

Enter the name of the private key (from the keystore specified above).

The RSA algorithm is required as the signature algorithm.

Add Signed Mail Certificates

Set this indicator if you want to add the certificate chain of the private key according to RFC 2312 to the mail.

Send Signed Mail in Non-Encoded Text

Set this indicator if you want to send data in MIME type multipart/signed. The first package contains the non-encoded text and the second contains the signature.

This indicator is only available if you have selected Sign as the security procedure.

For more information about MIME types, see the table below.

Certificate for Encryption

Field	Meaning
Encryption Algorithm	The following algorithms are supported: 3DES DES (Data Encryption Standard) This is a cryptographic algorithm that uses a 56-bit secret key for the encryption and decryption of messages (symmetric cryptography). RC2-40 RC2-CBC with block encryption 40 bit RC2-64 RC2-CBC with block encryption 64 bit RC2-128 RC2-CBC with block encryption 128 bit
Keystore	Enter the name of the local keystore (the local J2EE Engine).
Keystore entry	Enter the name of the public key (from the keystore specified above). The RSA algorithm is required as the encryption algorithm.
Compress Data in ZLIB Format Before Encryption	Set this indicator if you want to compress the data in ZLIB format before it is encrypted. The content type "application/x-zlib" is set.

Field

Meaning

Encryption Algorithm

The following algorithms are supported:

3DES
DES (Data Encryption Standard)

This is a cryptographic algorithm that uses a 56-bit secret key for the encryption and decryption of messages (symmetric cryptography).
RC2-40
RC2-CBC with block encryption 40 bit
RC2-64
RC2-CBC with block encryption 64 bit
RC2-128
RC2-CBC with block encryption 128 bit

Keystore

Enter the name of the local keystore (the local J2EE Engine).

Keystore entry

Enter the name of the public key (from the keystore specified above).

The RSA algorithm is required as the encryption algorithm.

Compress Data in ZLIB Format Before Encryption

Set this indicator if you want to compress the data in ZLIB format before it is encrypted.

The content type "application/x-zlib" is set.

Relationship Between Technical MIME Types and Configuration Settings

MIME Type	S/MIME Type	File Extension	Description	Configuration
multipart/signed	-	-	This message comprises the MIME entity and the signature	Sign Send Signed Mail in Non-Encoded Text
application/pkcs7-signature Old: application/x-pkcs7-signature	-	p7s	Determines the second part of a multipart/signed message with the signature	Sign Send Signed Mail in Non-Encoded Text
application/pkcs7-mime Old: application/x-pkcs7-mime	signed-data	p7m	Signed MIME message with enclosed original MIME entity included in the SignedData object	Sign
application/pkcs7-mime Old: application/x-pkcs7-mime	enveloped-data	p7m	Encrypted MIME message EnvelopedData object	Encrypt
application/pkcs7-mime Old: application/x-pkcs7-mime	certs-only	p7c	Use for transferring certificate chains or Certificate Revocation (CRL) Not supported by SAP
application/pkcs10 Old: application/x-pkcs10	-	p10	Used to query a certificate in PKCS#10 Not supported by SAP