Start of Content Area

Object documentation The SAP Security Library (SAPSECULIB)  Locate the document in its SAP Library structure

Definition

The SAP Security Library (SAPSECULIB) is the default security provider for the SSF mechanisms.

Use

The SAPSECULIB provides the functions for creating and verifying digital signatures within SAP Systems.

Integration

The SAPSECULIB is included as part of the standard SAP System installation. During the installation process, the system uses the SAPSECULIB to generate a Personal Security Environment (PSE) for each application server, called the system PSE. The application server can then use the information contained in the PSE to digitally sign documents and verify other components' digital signatures.

Note

In Release 4.5A, the system generates an individual system PSE for each application server.

As of Release 4.5B, the system generates a single system PSE and distributes it to all of the application servers.

The system PSE is created during the installation process and located in the following file in the directory <instance directory>/sec :

Note

When you upgrade from Release 4.5A to a later release, the system creates a new system PSE with the name SAPSYS.pse , but does not remove or rename the file SAPSECU.pse . Keep in mind that the system may need access to the old PSE to verify digital signatures that were created before the upgrade.

Each time an application server is restarted, the system automatically makes sure that the subdirectory sec exists and contains the system PSE for the server. In Release 4.5, if no system PSE is found at system start, then the system automatically generates a new one. As of Release 4.6, if a system PSE exists, then the system distributes the system PSE to the application server. If no system PSE exists in the database, then the system generates a new one for use by all of the application servers.

If you need to generate a new PSE for an application server after the installation process has already been completed, see the topic Maintaining the System PSE.

Note

UNIX platforms only:

So that the system can correctly load the SAP Security Library at application server startup, make sure that the UNIX environment variable for loading shared libraries contains the path referenced by the SAP System profile parameter DIR_LIBRARY (for example, /usr/sap/<SID>/SYS/exe/run ). Make sure the environment variable is set in the user environment for the user account under which the application server runs (for example, <sid>adm ). The corresponding UNIX environment variables are as follows: