Start of Content Area

Function documentation Digital Signing of Documents  Locate the document in its SAP Library structure

Use

This function supports digital signing of  documents in Records and Case Management (RMPS). Qualified digital signatures contain the OSCP (Online Certificate Status Protocol), that is, the certificate status is checked and logged online in the trust center. This type of digital signature meets the requirements of the German signature law.

The signatories sign digitally at the front-end using their private key saved on a chip card (smart card) in connection with the corresponding public key certificate. This function also supports the automatic verification of externally signed attachments that are imported into RMPS as incoming post items in e-mail. The server verifies the signature and certificate using an external security product that exchanges data via the SSF interface (Secure Store and Forward) of the SAP system.

Note

Currently, the digital signature in RMPS is only supported with the security product SECUDE ®.

The following graphic illustrates the data transfer for digital signatures:

       1.      A digitally signed document in RMPS (such as an incoming post item with a digitally signed attachment) is forwarded to the external security product using the SSF interface.

       2.      The external security product checks the validity of the signature and checks the validity of the certificate used for the signature online in the trust center (certification centre). The result is entered in an OCSP.

       3.      The signed document and the corresponding OCSP are sent back to Records and Case Management and are then available for additional activities (such as display, other signatures, verifications).

Note that the OCSP is signed with a software certificate issued by SAP. The certificate is shown in the graphic below.

This graphic is explained in the accompanying text

Digital Signature with Online Certificate Status Protocol

Integration

The digital signature functions for Records and Case Management are only available in conjunction with the external security product SECUDE ® Library Version 7.4.53.

Prerequisites

For more information on the settings to be made in Records and Case Management and the SSF settings in the SAP system, see Configuration: Digital Signing of Documents.

Features

Signing and Verifying

You sign documents in a special SAP HTML Viewer Control. The document is converted to PDF format and is displayed as a PDF document in the HTML viewer.

Note

Note that only documents with the file types PDF, DOC, XLS, PPT, BMP, JPG, GIF or TIF can be used with the SAP HTML Viewer Control.

The digital signature in RMPS supports multiple signing of a document.  An OCSP is created for each signature. The signatures are verified in the background for performance reasons. This means that a large number of signatures can be processed at the same time.

The following activities are available in the dropdown menu of the RMPS application toolbar menu under This graphic is explained in the accompanying text Digital Signature and in SAP HTML Viewer Control:

Overview of Actions for Digital Signatures

Pushbutton This graphic is explained in the accompanying text Digital Signature

Sign

This calls SAP HTML Viewer Control for signing a document

Display Verification Result

Calls an overview of the last verification results of a document in the SAP HTML Viewer Control

This graphic is explained in the accompanying text(Check Successful)- verification was successful

This graphic is explained in the accompanying text(Check Open) - verification result is not yet available (this depends on the asynchronous background processing)

This graphic is explained in the accompanying text(Check Failed) - verification was not successful

Display Signature History

Calls the signature activities of a document logged in chronological order

SAP HTML Viewer Control

This graphic is explained in the accompanying text Display Log

Displays the OCSP of a signature

This graphic is explained in the accompanying text Start Verification Manually

Starts the verification of a digital signature manually.

Caution

Important note for all end users with smart cards: You are only guaranteed that the digital signature at the front-end is secure if you log onto the system using SNC. Never sign using your smart card if you are not logged on with SNC.

Automatic Signature Check for Incoming Post Items

Digitally signed documents are verified automatically if they were imported into Records and Case Management as e-mail attachments in the form of incoming post items. You can call up the result for a document in SAP HTML Viewer Control under Display Verification Result. 

The prerequisite for the automatic recognition and verification of digitally signed attachments is that the file name conforms to the naming convention <filenaem>.<original filetype>.<signaturefiletype>. The original file type (such as DOC, PDF, ...) describes in which file format the user data is saved in the PKCS#7 container.

For signature file types, the SAP system distinguishes between signed attachments and unsigned attachments.

 The SAP system has to recognize the signature file type as a MIME type application/pkcs7-signature (see the configuration document).

 

See also:

For more information on the general SSF functions in the SAP system, see the SAP Help Portal under SAP NetWeaver Components ® SAP Web Application Server ® Security (BC-SEC) ® Secure Store & Forward / Digital Signatures (BC-SEC-SSF) ® Public Key Technology.

 

End of Content Area