Hello colleagues,
I 'm working at a customer who is implementing a SAP project (R/3 4.6C SR2), in which is involved the goverment.
The goverment is forcing to the customer to implement digital signature in some steps of his business process, one of this steps is running on SAP R/3 system. The digital signature will be used with digital signature in order to "package" some critical data like "billing amount", for instance.
The goverment is imposing the smartcard encryption solution, that is hardware encryption.
I have been looking for information about it, so I understood the following:
1._ Some smartcards vendors are compliance with SAP.
2._ I need to install in the server running SAP the smartcard and the smartreader in order to manipulate and to access the encryption functionality.
3._ The smartcard is configured in SAP by transaction SSFA and other reports.
4._ The encryption functionality is accessed by SSF function group.
I downloaded the documents "SSF user guide", "security quick guide: digital signature" and "digital signature in FI".
I've found into a paper called "Digital Signatures
in SAP Applications - Web App.Server 6.40" the following:
-
1.3.1. SSF for the ABAP Stack
The SSF Library for the ABAP Stack is used in applications that are written in ABAP. It supports the functions for creating and verifying digital signatures (PKCS#7), and functions for encrypting and decrypting documents.
SSF requires an external security product to provide these functions. The SAP Security Library (SAPSECULIB) is delivered with the SAP system as the default product. However, the SAP Security Library only supports digital signatures without cryptographic hardware (SmartCards, SmartTokens, Cryptoboards). Instead of the SAPSECULIB, customers can also use the SAPCRYPTOLIB, which can be downloaded from the SAP Service Marketplace. The SAPSECULIB supports the DSA (Digital Signature Algorithm) algorithm, and the SAPCRYPTOLIB supports both the DSA and the RSA algorithms. The algorithm that you must use in your signature process depends on the CA that issues the certificate. Most CAs use the RSA algorithm. Note that country-specific export guidelines apply in the case of the SAPCRYPTOLIB. For more information, see SAP Note 397175.
For support for encrypting and decrypting documents, and for generating digital signatures using cryptographic hardware, an external security products from our partners is required. These security products use SAPs SSF interface and are certified for this by SAP. For a list of the certified products, see the SAP Service Marketplace under http://service.sap.com/securitypartners, and then choose the link Partner for Secure Store and Forward, digital signatures (SSF).
The SSF Library for the ABAP stack is available as of SAP Basis 4.0.
-
I don't undertand how is the relationship between SAPCRYPTOLIB and the SmartReader Card established/configured.
We think about the "Government of Chile" will deliver the customer a SmartCard Reader from Schlumberger (Cryptoflex 16K Card).
Should be great if you can provide me with any useful information in order to understand how to implement this configuration.
Best regards, Carlos
Message was edited by: Carlos Guevara
Message was edited by: Carlos Guevara
Message was edited by: Carlos Guevara