You can use digital signatures and document encryption in your application to provide for document security. These documents are then protected as independent objects using Secure Store and Forward (SSF) mechanisms. This means that the documents are secured irregardless of where they are stored or how they are transported.
You can apply a digital signature to any digital document or message, which is comparable to a handwritten signature on a paper document. The digital signature uniquely identifies the signer of the document or message. It is not forgeable and also protects the integrity of the document. If the document is changed after being signed, then the digital signature is no longer valid. Also, the signer of such a document cannot deny having signed the document at a later time.
In addition, you can encrypt documents so that only intended recipients can view their contents.
Supported Formats
We support the use of digital signatures and document encryption for the following documentation formats:
Security Products
The server uses a security products to perform the security functions. Depending on the format used, the following products are available:
Security Products
Format | Product |
---|---|
PKCS#7 |
SAP Java Cryptographic Toolkit for PKCS#7 ( iaik_jce.jar ) |
S/MIME Version 2 |
SAP Java Cryptographic Toolkit for S/MIME ( iaik_smime.j ar) |
XML |
SAP XML Toolkit |
The export of software products that contain encryption is regulated and therefore not available to all customers. Therefore, when using document encryption in your application, make sure that the corresponding functions are available. If not, then return an error message.
Using Public-Key Technology
The functions for digital signatures and document encryption use public-key technology. Public-key technology is based on the use of a key pair; one of which is a private key and the other is a public key. The private key is to be kept secret; the public key is to be distributed as desired. The two keys belong and work together as follows:
The private key that a user or server uses for signing or decrypting documents is stored in the corresponding profile. If a user's or server's public-key has been certified by a Certification Authority (CA), then the public keys belonging to the CA, or chain of CAs) are also stored in the profile. The public keys belonging to other users or servers, which are used for verifying their digital signatures or for encrypting documents intended for them, are stored in a personal address book.
To access its profile and personal address book, the application has to create an object which implements the corresponding interface ISsfProfile or ISsfPab , respectively. This object can either be an object of type SSF<Profile/Pab>KeyStore or SSF<Profile/Pab>PKCS12File .
See also: