Show TOC Start of Content Area

Background documentation Secure Store and Forward Mechanism (SSF)  Locate the document in its SAP Library structure

Description

You can use digital signatures and document encryption in your application to provide document security. Documents are then protected as independent objects using Secure Store and Forward (SSF) mechanisms. This means that the documents are secured regardless of where they are stored or how they are transported.

You can apply a digital signature to any digital document or message, which is comparable to a handwritten signature on a paper document. The digital signature uniquely identifies the signer of the document or message. It is not forgeable and also protects the integrity of the document. If the document is changed after being signed, then the digital signature is no longer valid. Also, the signer of such a document cannot deny having signed the document at a later time.

In addition, you can encrypt documents so that only intended recipients can view their contents.

The functions for digital signatures and document encryption use public-key technology. Public-key technology is based on the use of a key pair; one of which is a private key and the other is a public key. The private key is to be kept secret; the public key is to be distributed as desired. For more detailed information on public-key technology, see Public-Key Technology.

What Do I Get from the SAP NetWeaver Platform?

The SAP NetWeaver platform provides Secure Store & Forward (SSF) mechanisms as an internal means to protect arbitrary data in the SAP system. SAP applications can use the SSF mechanisms to secure data integrity, authenticity and confidentiality.

By using SSF functions, you can "wrap" data and digital documents in secure formats before they are saved on data carriers or transmitted over (possibly) insecure communication links. The data does not need to remain within the SAP system; if you save the data in a secure format in the SAP system, it remains in its secured format even if you export it out of the system.

For more detailed information on the Secure Store and Forward Mechanism (SSF), see Secure Store & Forward Mechanisms (SSF) and Digital Signatures.

Restrictions

SSF requires the use of a third-party security product to provide its functions. As the default provider, we deliver the SAP Security Library (SAPSECULIB) with SAP Systems. The SAPSECULIB, however, is limited to providing digital signatures only. For digital envelopes, encryption, or crypto hardware (for example, smart cards or crypto boxes), you need to use a external security product. SAP provides the SAP Cryptographic Library free of charge, or you can use a certified partner product.

The SAP Cryptographic Library is available for download on the SAP Service Marketplace at service.sap.com/download. Note, however, that this German export regulations apply to this library, and it is therefore not available to all customers.

For information about supported partner products, see the SAP-certified partners (www.sap.com/softwarepartner).

There are also laws in various countries that regulate the use of cryptography and digital signatures. These laws are currently controversial and may change. You need to keep yourself informed on the impact these laws may have on your applications, and make sure that you are aware of any further developments.

What Do I Need to Do?

The SSF Library for the ABAP Stack is used in applications that are written in ABAP. It supports the functions for creating and verifying digital signatures (PKCS#7), and functions for encrypting and decrypting documents.

The SSF Library for the ABAP stack is available as of SAP Basis 4.0.

SSF provides the following ABAP function modules from the SSFG function group:

        SSF_SIGN / SSF_KRN_SIGN                   Creating digital signatures

        SSF_VERIFY / SSF_KRN_VERIFY                 Checking digital signatures

        SSF_ENVELOPE / SSF_KRN_ENVELOPE     Encrypting documents

        SSF_DEVELOPE / SSF_KRN_DEVELOPE     Decrypting documents

For a detailed description about these SSF function modules and example code showing how to call the appropriate function modules, see the Secure Store and Forward (SSF) Programmer's Guide.

For further guidelines regarding digital signatures see also Digital Signatures in SAP Applications.

These documents can be found on the SAP Service Marketplace at service.sap.com/security.

Further Information

      Digital Signatures and Encryption

      Secure Store & Forward Mechanisms (SSF) and Digital Signatures

      Digital Signatures in SAP Applications

Link to external website

service.sap.com/~form/sapnet?_SHORTKEY=01100035870000668332&_SCENARIO=01100035870000000112&_OBJECT=011000358700000952762004E

      Secure Storage and Forward (SSF) Programmers’ Guide

Link to external website

service.sap.com/~sapdownload/011000358700003611992003E/SSFProgrammersGuide.pdf

These documents (3 and 4) are available on the SAP Service Marketplace at service.sap.com/security under Security in Detail Secure Collaboration.

      Secure Store & Forward (SSF) API Specifications

Link to external website

www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/icc/Secure%20Store%20and%20Forward%20SSF%20API%20Specifications.pdf

This document is available on the SAP Developer Network at www.sdn.sap.com/irj/sdn/icc under Integration Scenarios (alphabetical) BC-SSF.

 

 

End of Content Area