Show TOC Start of Content Area

Function documentation Using the SAP Cryptographic Library for SNC  Locate the document in its SAP Library structure


The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems. For example, you can use it for providing Secure Network Communications (SNC) between various SAP server components or for using the Secure Sockets Layer (SSL) protocol with the AS ABAP. This documentation describes using the SAP Cryptographic Library for SNC. For more information about using the library for SSL, see Using the Secure Sockets Layer Protocol with the AS ABAP.


You can only use the SAP Cryptographic Library for SNC between server components. If you want to use SNC for front-end components (for example, SAP GUI for Windows), then you must purchase an SNC-certified partner product.


When using the SAP Cryptographic Library for SNC, the following information is necessary for the communication infrastructure:

·        The server and its communication partners must be configured for using SNC.

·        The server must possess a public and private key pair and public-key certificate, which is stored in the server's Personal Security Environment (PSE). Although you may obtain a certificate from a trusted Certification Authority (CA), for easier administration we recommend using a certificate that is signed by the server itself (self-signed). This documentation refers only to configuring the server when using a self-signed certificate.

·        At run-time, the server must have active credentials. This is accomplished by using the configuration tool to "open" the server's PSE.

·        The server must be able to verify its communication partner's identity. This is accomplished by importing the partner's public-key certificate into the server's own certificate list. As an alternative, you can use the same PSE for all server components. For examples of these scenarios, see:

¡        Scenario 1: Using a Single PSE for All Components

¡        Scenario 2: Using Individual PSEs for Components


You must be able to receive the SAP Cryptographic Library according to the German export regulations.


The distribution of the SAP Cryptographic Library is subject to and controlled by German export regulations and is not available to all customers. In addition, the library may be subject to local regulations of your own country that may further restrict the import, use and (re-)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.

Additional Information

For more information, see:

·        Secure Network Communications (SNC)  

·        Using the Trust Manager




End of Content Area