Skip to Content

This blog is a brief about an actual project case where digital signature creation/validation was implemented in XI.

All messages flowing from the source application through our Messaging System – (SAP XI 3.0 & IBM WebSphere MQ) are digitally
signed. Upon receiving the messages, the target
application verifies the signature before processing the message. Digital signatures
authenticate the sender of the message, establish the integrity and
non-repudiation of the message.

Our Messaging system uses Java-based
Crypto toolkit for signing messages digitally. Digital signatures
use Hashing algorithms and Asymmetric key pairs (Private and Public Keys) and
work the following way:

image
Image Courtesy: www.unixwiz.net

1.A message digest using a Hashing Algorithm is computed based on the transformed source message. All required java programs written using Java-based Crypto toolkit are imported as archives into XI. Java mapping in XI created utilizing the
imported java archives, performs the digital signature creation for the messages originating from the source application and digital signature verification for the
incoming messages from target application.

image

5kl7R4JMYQKTBiDMFfdgKrE5D2mUfXtkEzPoT7j9G5XKfZKX5RIqlAmJ77BCHF11G9DlGA9uCt3YALLw3tKOVv57a2Odb0ZRMra2MfKJBIhr19koVADZlRuU5bU32U86UifquUQp7v7Ty1tasDQJH4wK4bmLDT+CJ2eLdtHB0=</DIGISIGN>

     </CRYPT>

</SAMPLEMSG>

</textarea>

To report this post you need to login first.

13 Comments

You must be Logged on to comment or reply to a post.

  1. Michal Krawczyk
    Hi Sridhar:)

    nice project but I got one question:
    did you consider doing those signatures
    in an adapter module? or maybe java mapping was better for some reason?

    Thx,

    Regards,
    michal

    (0) 
    1. Hi Michal,

      DigiSign Creation/Validation was just one of the many BPM steps we had (strictly in a particular order) . So it had to be implemented in the Java Mapping.

      Regards,
      Sridhar

      (0) 
      1. Michal Krawczyk
        ok:)

        (strictly in a particular order)
        this can be a good reason:)

        we used module with encription because you can easily specify some new parameters with it – like path to publickey but if you need order I guess it couldn’t be done:)

        thx for the info 🙂

        Regards,
        michal

        (0) 
        1. Hi Michal,

          What advantages did u have in using a user module over Java Mapping besides the one u have mentioned?

          Did u store the keys in the file system?

          Thanks 🙂

          Regards,
          Sridhar

          (0) 
          1. Michal Krawczyk
            Hi,

            because we didn’t need the correct order
            we didn’t want to to it with the mapping
            so the “encryption process” doesn’t interfere with the mapping – because we used it with mail adapter now if we want to attach encryption to this mail apdater we only insert this module
            and give a path to key 🙂 so it takes only a few minutes to encrypt every adapter previosly developed:) so the lack of aditional development was the biggest advantage , we also learned to use them:) in most cases we’ll try using them to extend standard adapters only if this is not possible we use proxies but obviously using “end user exits” is not always possible just like it was in your case

            Regards:)
            Michal

            (0) 
  2. Shridhar,

    I’m currently implementing a XI – webservice scenario where the xml messages to be exchanged between XI and the webservice need to be digitally signed. We are trying to implement a access to a webservice locally based but when I read your blog I realized it suits better our solution needs.

    I’d like to receive, if possible, more information on using digital signature inside XI (as in terms of implementation best practices).

    Thanks in advance.

    Henrique Pinto.

    (0) 
  3. Consultor Geral CSCorp
    Shridhar

    I really liked your Blog.

    I would like to undestand more about how does you used the JAVA toolkit into the XI ?

    How do you used the JAVA toolkit ? 
    How do you recomend to use a communication between R/3 system and a digital certifier ?

    Regards,

    Fernando Pinto.

    (0) 
      1. Rupash Krishna
        hi,

        How you used java cryptographic tool kit for this ..and the algorithm used for this purpose ..If you can send me the sample code will be very helpful …and the step by step method of implementing digital signature..
        Thanks in advance

        (0) 
    1. Rupash Krishna
      hi,

      How you used java cryptographic tool kit for this ..and the algorithm used for this purpose ..If you can send me the sample code will be very helpful …and the step by step method of implementing digital signature..
      Thanks in advance

      (0) 
    2. Nidhi Bansal
      I would like to undestand more about how does you used the JAVA toolkit into the XI ?

      I have a same scenario where I need to decrypt the response message from a target webservice using the hash algorithm.

      (0) 

Leave a Reply