- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SSF signature using SHA1 and digtal certificate
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSF signature using SHA1 and digtal certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2014 7:42 PM
Hello
I have a requirement that I sign data in an internal table using a certificate and then append the detached signature to a file which is to be sent to the bank. I have managed to import the certificate and i am signing using ssf_krn_sign, however the bank says the digital signature being produced is too long, its supposed to be 128 characters, we are using SHA1 algorithm BTW.
Regards
Florence
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2014 8:36 AM
Hi,
what format is the bank expecting? SSF_KRN_SIGN signs a document using format PKCS#7. If the bank requires something else then it won't work.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2014 10:28 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2014 9:32 PM
OK, then how are you calling that FM? They might be expecting only signature and you might be passing certs or some other stuff.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2014 8:50 AM
This is how i am calling the function,
CALL FUNCTION 'SSF_KRN_SIGN'
EXPORTING
SSFTOOLKIT = l_SSFTOOLKIT
* STR_FORMAT = 'PKCS7'
* B_INC_CERTS = ' '
B_DETACHED = 'X'
* B_INENC = 'X'
* IO_SPEC = 'T'
OSTR_INPUT_DATA_L = datalen
STR_HASHALG = 'SHA1'
IMPORTING
OSTR_SIGNED_DATA_L = signeddatalen
CRC = crc
TABLES
OSTR_INPUT_DATA = lt_data_to_sign
SIGNER = lt_signers
OSTR_SIGNED_DATA = signeddata
EXCEPTIONS
SSF_KRN_ERROR = 1
SSF_KRN_NOOP = 2
SSF_KRN_NOMEMORY = 3
SSF_KRN_OPINV = 4
SSF_KRN_NOSSFLIB = 5
SSF_KRN_SIGNER_LIST_ERROR = 6
SSF_KRN_INPUT_DATA_ERROR = 7
SSF_KRN_INVALID_PAR = 8
SSF_KRN_INVALID_PARLEN = 9
SSF_FB_INPUT_PARAMETER_ERROR = 10
OTHERS = 11
.
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Regards
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2014 10:51 PM
Hi,
that looks good. I just did a quick test with report SSF01. Without including cert and data the response is 251-252 bytes long. This depends on key length but it seems like that is close enough. You can represent 256 bytes in hexadecimal with 128 characters. Do they expect bytes represented in hexadecimal?
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2014 10:17 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2014 9:02 PM
Then problem solved. Right? There is a class with static method that takes binary string and gives you corresponding base64 encoding as a string.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2014 3:17 AM
Hi
I am using a function SSFC_BASE64_ENCODE to get the base64 string, however the resulting characters are still too many, and also if they use the same certificate to sign the signatures just look different.
regards
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2014 11:56 PM
Hi,
I just did a test. Yes, you are right. If you encode 256 bytes (maximum size of signature with 2048 bit long key) then base64 encoding is 344 characters. Even for a signature with key length 1024 bits it's 172 characters. Now I am wondering how they can get output with only 128 characters. Hard yo really help without seeing data. Have you tried to encrypt file with OpenSSL and compare the results. COuld the bank provide code in some language that does what they want to do?
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2014 3:24 AM
Hi
I will ask for the code, I have not tried using OpenSSL after base64 encoding it is supposed to be 172 characters because the key length is 1024 bits, however using SSF_KRN_SIGN i am getting a signature of 360 bytes when i test using program SSF01 . On the other hand if i use SSFW_KRN_SIGN the sinature always is 172 characters after base64 encoding but then the bank says the signature is wrong so i think its possibly that SSFW_KRN_SIGN uses format PKCS#1-V1.5 and the bank had specified that we use PKCS7.
Regards
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2014 5:11 PM
