Show TOC

 Secure Store and Forward Mechanism (SSF)Locate this document in the navigation structure

Description

You can use digital signatures and document encryption in your application to provide document security. Documents are then protected as independent objects using Secure Store and Forward (SSF) mechanisms. This means that the documents are secured regardless of where they are stored or how they are transported.

You can apply a digital signature to any digital document or message, which is comparable to a handwritten signature on a paper document. The digital signature uniquely identifies the signer of the document or message. It is not forgeable and also protects the integrity of the document. If the document is changed after being signed, then the digital signature is no longer valid. Also, the signer of such a document cannot deny having signed the document at a later time.

In addition, you can encrypt documents so that only intended recipients can view their contents.

The functions for digital signatures and document encryption use public-key technology. Public-key technology is based on the use of a key pair; one of which is a private key and the other is a public key. The private key is to be kept secret; the public key is to be distributed as desired. For more detailed information on public-key technology, see Public-Key Technology .

What Do I Get from the SAP NetWeaver Platform?

The SAP NetWeaver platform provides Secure Store & Forward (SSF) mechanisms as an internal means to protect arbitrary data in the SAP system. SAP applications can use the SSF mechanisms to secure data integrity, authenticity and confidentiality.

By using SSF functions, you can "wrap" data and digital documents in secure formats before they are saved on data carriers or transmitted over (possibly) insecure communication links. The data does not need to remain within the SAP system; if you save the data in a secure format in the SAP system, it remains in its secured format even if you export it out of the system.

For more detailed information on the Secure Store and Forward Mechanism (SSF), see Digital Signatures and Document Encryption API .

Restrictions

The Java SSF Library is based on the IAIK Toolkit of Graz Technical University. This SSF Library also supports the generation and verification of digital signatures. To encrypt and decrypt documents, you need to install the IAIK Toolkit, which can be downloaded from the SAP Service Marketplace. Therefore, no external security product is required from our partners, and there is no SAP certification program for the Java SSF Library.

PKCS#12 and the Java Keystore are supported for key storage, meaning that it is currently only possible to generate digital signatures without cryptographic hardware.

Nthat the export of software products that contain encryption is regulated and therefore not available to all customers. Therefore, when using document encryption in your application, make sure that the corresponding functions are available. If not, then return an error message.

What Do I Need to Do?

The Java SSF Library is used in applications that are written in Java. It supports the functions for creating and verifying digital signatures and functions for encrypting and decrypting documents. The Java SSF Library supports the data formats PKCS#7, S/MIME and XML Signature/Encryption.

The Java SSF Library is delivered with SAP J2EE Server 6.30 and above.

The following interfaces and classes are supported:

  • Data format

    There is a central interface IssfData that contains all basic methods such as sign, verify, encrypt, and decrypt. This interface is implemented for the different classes ( SsfDataPKCS7 , SsfDataSMIME , SsfDataXML ) that provide specific methods for each format.

  • Key access

    An SSF profile that contains the private key and the certificate's upward path is required for signing and decryption. An SSF Public Address Book (PAB) that contains a list of trusted root certificates is required for verification and encryption.

  • XML-specific

    Help classes for implementing the XML signature.

For a detailed description of the interfaces and classes, see Interfaces and Classes for Using Digital Signatures and Encryption .

For example code regarding digital signatures, see Examples for Using Digital Signatures .

The Javadocs regarding SSF can be found at www.sdn.sap.com/irj/sdn/javadocs (see Web Application Server APIs   →  Secure Store and Forward).

For further guidelines regarding digital signatures, see also Digital Signatures in SAP Applications on the SAP Service Marketplace at service.sap.com/security .

Further Information
  • Digital Signatures and Document Encryption API
  • Digital Signatures in SAP Applications
    Note

    service.sap.com/~form/sapnet?_SHORTKEY=01100035870000668332&_SCENARIO=01100035870000000112&_OBJECT=011000358700000952762004E

  • SAP NetWeaver Javadocs
    Note

    www.sdn.sap.com/irj/sdn/javadocs