Show TOC

Secure Store and Forward Mechanism (SSF)Locate this document in the navigation structure

You can use digital signatures and document encryption in your application to provide document security.

Documents are then protected as independent objects using Secure Store and Forward (SSF) mechanisms. This means that the documents are secured regardless of where they are stored or how they are transported.

You can apply a digital signature to any digital document or message, which is comparable to a handwritten signature on a paper document. The digital signature uniquely identifies the signer of the document or message. It is not forgeable and also protects the integrity of the document. If the document is changed after being signed, then the digital signature is no longer valid. Also, the signer of such a document cannot deny having signed the document at a later time.

In addition, you can encrypt documents so that only intended recipients can view their contents.

The functions for digital signatures and document encryption use public-key technology. Public-key technology is based on the use of a key pair; one of which is a private key and the other is a public key. The private key is to be kept secret; the public key is to be distributed as desired.

For more information about public-key technology, see Public-Key Technology.

What Do I Get from SAP NetWeaver Application Server?

SAP NetWeaver Application Server (SAP NetWeaver AS) provides Secure Store & Forward (SSF) mechanisms as an internal means to protect arbitrary data in the SAP system. SAP applications can use the SSF mechanisms to secure data integrity, authenticity and confidentiality.

By using SSF functions, you can "wrap" data and digital documents in secure formats before they are saved on data carriers or transmitted over (possibly) insecure communication links. The data does not need to remain within the SAP system; if you save the data in a secure format in the SAP system, it remains in its secured format even if you export it out of the system.

For more detailed information on the Secure Store and Forward Mechanism (SSF), see Secure Store & Forward Mechanisms (SSF) and Digital Signatures.

Restrictions

SSF requires the use of a third-party security product to provide its functions. As the default provider, we deliver SAP Cryptographic Library with SAP systems. For digital envelopes, encryption, or crypto hardware (for example, smart cards or crypto boxes), you need to use a external security product. SAP provides SAP Cryptographic Library (see SAP Note 184899 Information published on SAP site), or you can use a certified partner product.

For information about supported partner products, see the SAP-certified partners at http://www.sap.com/partnersInformation published on SAP site.

There are also laws in various countries that regulate the use of cryptography and digital signatures. These laws are currently controversial and may change. You need to keep yourself informed on the impact these laws may have on your applications, and make sure that you are aware of any further developments.

What Do I Need to Do?

The SSF library for the ABAP Stack is used in applications that are written in ABAP. It supports the functions for creating and verifying digital signatures (PKCS#7), and functions for encrypting and decrypting documents.

SSF provides the following ABAP function modules from the SSFG function group:

Table 1: ABAP Function Modules of the SSFG Function Group
Function Module Description

SSF_SIGN / SSF_KRN_SIGN

Creating digital signatures

SSF_VERIFY / SSF_KRN_VERIFY

Checking digital signatures

SSF_ENVELOPE / SSF_KRN_ENVELOPE

Encrypting documents

SSF_DEVELOPE / SSF_KRN_DEVELOPE

Decrypting documents

For a detailed description about these SSF function modules and example code showing how to call the appropriate function modules, see Secure Store and Forward (SSF) Programmer's Guide.

For further guidelines regarding digital signatures, see Digital Signatures in SAP Applications.

These documents can be found on SAP Service Marketplace at http://service.sap.com/securityInformation published on SAP site.

Further Information
  • Digital Signatures in SAP Applications at http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000668332&_SCENARIO=01100035870000000112&_OBJECT=011000358700000952762004E

  • Secure Storage and Forward (SSF) Programmers' Guide at http://service.sap.com/%7Esapdownload/011000358700003611992003E/SSFProgrammersGuide.pdfInformation published on SAP site

    These documents are available on SAP Service Marketplace at Start of the navigation path http://service.sap.com/security Next navigation step Security in Detail Next navigation step Secure Collaboration End of the navigation path.

  • Secure Store & Forward (SSF) API Specifications

    This document is available on SAP Community Network at Start of the navigation path http://www.sdn.sap.com/irj/sdn/icc Next navigation step All Integration Scenarios Next navigation step BC-SSF End of the navigation path.