Security Settings for Receiver Mail Adapter
If you have assigned the receiver agreement a communication channel with Adapter Type Mail, you can specify security settings for message security.
You can digitally sign and encrypt e-mails. Here, message security is based on the S/MIME internet standard (Secure Multipurpose Internet Mail Extension). The S/MIME implementation is based on the Cryptographic Message Syntax (CMS) standard, RFC 3852, July 2004.
The following constraints apply to this standard:
-
SAP does not perform any kind of canonization before signing a MIME unit.
-
Constraints for S/MIME version 3 message specification:
SAP does not support DSA (jd.dsa) as SignatureAlgorithmIdentifier.
SAP does not support Diffie-Hellman as KeyEncryptionAlgorithmIdentifier.
Specify which Security Procedure you want to configure:
-
Sign
-
Encrypt
-
Sign and Encrypt
-
Encrypt and Sign
Certificate for Signature
|
Field |
Meaning |
|---|---|
|
Keystore |
Enter the name of the local keystore (the local J2EE Engine). |
|
Keystore entry |
Enter the name of the private key (from the keystore specified above). The RSA algorithm is required as the signature algorithm. |
|
Add Signed Mail Certificates |
Set this indicator if you want to add the certificate chain of the private key according to RFC 2312 to the mail. |
|
Send Signed Mail in Non-Encoded Text |
Set this indicator if you want to send data in MIME type multipart/signed. The first package contains the non-encoded text and the second contains the signature. This indicator is only available if you have selected Sign as the security procedure. For more information about MIME types, see the table below. |
Certificate for Encryption
|
Field |
Meaning |
|---|---|
|
Encryption Algorithm |
The following algorithms are supported:
|
|
Keystore |
Enter the name of the local keystore (the local J2EE Engine). |
|
Keystore entry |
Enter the name of the public key (from the keystore specified above). The RSA algorithm is required as the encryption algorithm. |
|
Compress Data in ZLIB Format Before Encryption |
Set this indicator if you want to compress the data in ZLIB format before it is encrypted. The content type "application/x-zlib" is set. |
To define the various security settings, you can use the respective input help, which contains the keystore, the keystore entry, the issuer, and the owner. The entry selection is not checked.
Note that entries are case-sensitive.
Relationship Between Technical MIME Types and Configuration Settings
|
MIME Type |
S/MIME Type |
File Extension |
Description |
Configuration |
|---|---|---|---|---|
|
multipart/signed |
- |
- |
This message comprises the MIME entity and the signature |
Sign Send Signed Mail in Non-Encoded Text |
|
application/pkcs7-signature Old: application/x-pkcs7-signature |
- |
p7s |
Determines the second part of a multipart/signed message with the signature |
Sign Send Signed Mail in Non-Encoded Text |
|
application/pkcs7-mime Old: application/x-pkcs7-mime |
signed-data |
p7m |
Signed MIME message with enclosed original MIME entity included in the SignedData object |
Sign |
|
application/pkcs7-mime Old: application/x-pkcs7-mime |
enveloped-data |
p7m |
Encrypted MIME message EnvelopedData object |
Encrypt |
|
application/pkcs7-mime Old: application/x-pkcs7-mime |
certs-only |
p7c |
Use for transferring certificate chains or Certificate Revocation (CRL) Not supported by SAP |
|
|
application/pkcs10 Old: application/x-pkcs10 |
- |
p10 |
Used to query a certificate in PKCS#10 Not supported by SAP |