Digital Signature (CA-DSG)

Use

With the digital signature, the SAP system provides you with a tool to sign and approve digital data. The digital signature ensures that the signatory of a digital document can be identified unambiguously and his or her name is documented together with the signed document, the date, and the time. You can use the digital signature to approve documents or objects in all applications that are set up for its use.

Note

The objective of the signature tool is to provide a user dialog for the signing of documents:

The user can display the document that is to be signed. The user checks the document. If there are no problems, he or she provides a signature or cancels the digital signature if the checks that run when a signature is provided produce results that indicate errors. The data relating to the signature provided is saved and can be evaluated at a later point in time. This procedure is mandatory, particularly in a regulated environment, such as the pharmaceuticals industry, in order to be able to comply with legal requirements like CFR 21 Part 11 (Federal Drug Administration). For this reason, SAP does not recommend using the digital signature for mass approvals.

Implementation Considerations

Signature Tool

The digital signature is a class-based tool in the software component SAP_ABA (package DS). This component cannot be used alone; it can only be used in conjunction with an application.

Note

As of SAP R/3 release 4.0A, the digital signature was implemented for selected parts of SAP R/3 (software component SAP_APPL, package CJ). If there was a requirement for the digital signature to be integrated into other applications, the program code had to be extended specifically for the application. This was very time-consuming. This digital signature was thus only available for applications in ERP. You should therefore no longer use the component Electronic Signature (package CJ)if you want to link new applications to the digital signature.

Linking an Application to the Digital Signature

As of Basis release 6.20, the signature tool is available as a standardized and flexible programming interface. This allows the digital signature to be integrated in any application in any SAP system, such as ERP, APO, or CRM. The program code of the signature tool remains unchanged when it is integrated in applications, that is, all checks and database access are done independently of the calling application. To integrate the digital signature in an application, you must first make various settings and integrate the programming interface in your application. These settings are described in detail in the Implementation Guide for Digital Signature Tool. You will find this guide in Note 700495 Information published on SAP site .

Integration

Integration with SAP NetWeaver Components

The digital signature is implemented in the SAP system with the help of the component Digital Signatures and Encryptionand is based on Secure Store and Forward (SSF)mechanisms (see SSF Administration Tasks) and on public-key technology.

You can use digital signatures in SAP systems either together with a security product or without. A security product, such as SAP NetWeaver Single Sign-Onor an external security product, introduces features that are not directly available with the SAP system. One example here is the authentification of individuals using smart cards. However, for certain areas of application (for example, the SAP ArchiveLink content server HTTPinterface), the digital signature itself is sufficient without needing the extra features of an external security product. For this reason, we deliver SAP Security Library (SAPSECULIB)with the SAP system.

To use the digital signature, you must configure the SSF settings for the digital signature. These settings depend on the signature method you intend to use. The following signature methods are available:

System signature

Authentification is done here using the SAP user master and the password of the signatory. This can be the user logged on to the system or another system user.
User signature

Authentification is done here using a security product and not the SAP user master. You must integrate the security product in your SAP system with the aid of the component SSF. With a user signature, the user executes a digital signature using his or her own private key (public-key technology).

Note
The user's personal security environment (PSE) should not be stored in the file system (hard disk) but rather, for example, on a smart card. The PSE software does not fulfill the regulatory requirements for digital signatures.

For more information about how the components work together, see Signature Process Flow (Components Involved).

Customizing

You will find the Customizing settings for the digital signature in the Implementation Guide (IMG)under Start of the navigation path Cross-Application Components Next navigation step General Application Functions Digital Signature End of the navigation path .

Features

Execution of a digital signature
Display of the Signature Log (DSLOG)
Monitoring and Logging of Signature Processes
Use of Web Dynpro ABAP
Archiving Digital Signature (CA-DSG)

Constraints

Currently, the screens and dialog boxes for the digital signature can only be used in conjunction with an SAP WinGUI, but not with an HTML GUI. This restriction also applies for applications that are to run in an SAP EP.

The exchange of digital signature data between different systems (B2B scenarios) is not possible.
There is no connection between the digital signature and the SAP Workflow functions.