Security Settings for the Receiver Mail
Adapter
Use
If you have
assigned the receiver agreement a communication channel with adapter type mail
on the
Integration Server
or the PCK, you can
specify security settings for message security.
You can digitally sign and encrypt e-mails. Here, message security is based on the S/MIME internet standard (Secure Multipurpose Internet Mail Extension). The S/MIME implementation is based on the Cryptographic Message Syntax (CMS) standard, RFC 3852, July 2004.
The following constraints apply to this standard:
● SAP does not perform any kind of canonization before signing a MIME unit.
● Constraints for S/MIME version 3 message specification:
SAP does not support DSA (jd.dsa) as SignatureAlgorithmIdentifier.
SAP does not support Diffie-Hellman as KeyEncryptionAlgorithmIdentifier.
Features
Specify which security procedure you want to make configure.
● Sign
● Sign and Encrypt
● Encrypt and Sign
Certificate for Signature
Field |
Description |
Keystore
|
Enter the name of the local keystore (the local J2EE Engine). |
Keystore Entry
|
Enter the name of the private key (from the keystore specified above). The RSA algorithm is required as the signature algorithm. |
Add Signed Mail Certificates
|
Set this indicator if you want to add the certificate chain of the private key according to RFC 2312 to the mail. |
Send Signed Mail in Non-Encoded Text
|
Set this indicator if you want to send data in MIME type multipart/signed. The first package contains the non-encoded text and the second contains the signature. This indicator is only available if you have selected Sign as the security procedure. For more information about MIME types, see the table below. |
Certificate for Encryption
Field |
Description |
Encryption Algorithm |
The following algorithms are supported: ● 3DES DES (Data Encryption Standard) ● RC2-40 ● RC2-CBC with block encryption 40 bit ● RC2-64 ● RC2-CBC with block encryption 64 bit ● RC2-128 ● RC2-CBC with block encryption 128 bit |
Keystore
|
Enter the name of the local keystore (the local J2EE Engine). |
Keystore Entry
|
Enter the name of the public key (from the keystore specified above). The RSA algorithm is required as the encryption algorithm. |
Compress Data in ZLIB Format Before Encryption
|
Set this indicator if you want to compress the data in ZLIB format before it is encrypted. The content type “application/x-zlib” is set. |
To define the various security settings, you can use the respective input help, which contains the keystore, the keystore entry, the issuer, and the owner. The entry selection is not checked.
Note that entries are case-sensitive.
Relationship Between Technical MIME Types and Configuration Settings
MIME Type |
S/MIME Type |
File extension |
Description |
Configuration |
multipart/signed |
- |
- |
This message comprises the MIME entity and the signature |
Sign Send Signed Mail in Non-Encoded Text |
application/pkcs7-signature Alt: application/x-pkcs7-signature |
- |
p7s |
Determines the second part of a multipart/signed message with the signature |
Sign Send Signed Mail in Non-Encoded Text |
application/pkcs7-mime Alt: application/x-pkcs7-mime |
signed-data |
p7m |
Signed MIME message with enclosed original MIME entity included in the SignedData object |
Sign |
application/pkcs7-mime Alt: application/x-pkcs7-mime |
enveloped-data |
p7m |
Encrypted MIME message EnvelopedData object |
Encrypt |
application/pkcs7-mime Alt: application/x-pkcs7-mime |
certs-only |
p7c |
Use for transferring certificate chains or Certificate Revocation (CRL) Not supported by SAP |
|
application/pkcs10 Alt: application/x-pkcs10 |
- |
p10 |
Used to query a certificate in PKCS#10 Not supported by SAP |
|