We configured the encryption of credit card data primarily based on Note 662340 and 633462. Since quite a few programs and transactions are called, together with system parameter and environment variable changes, it is worth documenting it with detailed steps and screenshots.
Phase 1. Enable SSF encryption using SAPCryptolib
If SSF encryption has been configured before, please jump to Phase 2. Otherwise please follow the procedure below for Windows platform, or Note 662340 for other platforms.
Step 1. Download the SAPcryptolib from http://service.sap.com/swdc – “Download” – “SAP Cryptographic Software”.
Step 2. Copy the library and ticket file
Copy sapcrypto.dll and sapgenpse.exe to C:\usr\sap\SID\SYS\exe\run
Copy the ticket file to C:\usr\sap\SID\DVEBMGSxx\sec
Step 3. Change the environment virable for QASADM and SARServiceQAS
Step 4. Set the profile parameters and restart SAP
Step 5. Check that Tcode STRUST can be called successfully
Phase 2. Configure the encryption of credit card data
Step 1. Specify the applicaiton-specific SSF parameters in Tcode SSFA
Call Tcode SSFA, and specify “Private Address Book” and “SSF Profile Name”
Click on “New Entries” – get to next screen; then select “Encryption of Paymant Card in SAP system”, hit “Enter” key and Save. The default parameters should work.
Step 2. Check the folder “Encryption of Payment Card” created in Tcode STRUST
Step 3. Create PSE by calling program SSF_CREATE_PSE in Tcode SE38
Execute program SSF_CREATE_PSE from Tcode SE38. (We found that it is easier to call SSF_CREATE_PSE than using Tcode STRUST for this step.) Give the distinguished name you want to use. We also selected the longest key length for stronger security.
Step 4. Import/verify the certificate in Tcode STRUST
Call Tcode STRUST, expend “Encryption of Payment Card” on the left and double-click the item under it, then select the certificate displayed on the right (it should have the distinguished name you gave in the previous step). The self-issued certificate could be used. If you want to use external trust center, click on “Create Certificate Request” to get the request, and click “Improt Cert. Response” after the certificate is generated.
Step 5. Execute report SAPFACCG in Tcode SE38 once
Step 6. Maintain view CCARDEC_V in Tcode SM30
Call Tcode SM30 and maintain view CCARDEC_V. Add VISA, MC, and AMEX as Payment Card Type and check “Encrypted” respectively.
Phase 3. Check the configuration
Execute report CCARDEC_CHECK from Tcode SE38, only select P_TOOLS, and you should get the results like the following