Skip to Content

Enable Note Assistant to Support Digitally Signed SAP Notes

SAP is making SAP Notes more secure by ensuring all SAP Notes are digitally signed. The SAP Notes files can get maliciously modified and the customer unknowingly can upload the maliciously modified SAP Notes files into their ABAP systems. Therefore, SAP plans to deliver all SAP Notes files with digital signature to protect SAP Notes files with increased authenticity and improved security.

We strongly recommend customers to upload only digitally signed SAP Note files . The digitally signed SAP Note files are available as SAR files. To enable Note Assistant (Transaction SNOTE) to upload digitally signed SAP Note files, please implement SAP Security Notes 2408073 , 2546220 . Without implementing this SAP Security Note, it will not be possible to upload a digitally signed SAP Note file.

Download of digitally signed SAP Notes from SAP One Support Launchpad is now enabled.

The Note Assistant tool will use the SAPCAR utility on the application server to verify the digital signature of the uploaded SAP Note. Please ensure required patch level of SAPCAR executable is available on your system. If not, the digital signature verification fails and the files are not extracted. Once you have implemented the Note, you may test the working of upload of digitally signed SAP Note feature by uploading a sample SAR file attached  to the SAP Security Note 2408073. Further details about enabling Note Assistant to support digitally signed SAP Notes are described in the user guide attached to the SAP Security Note 2408073.

The SAP Security Note 2408073 enables digital signature verification feature only for uploading digitally signed SAP Notes. The feature to download a digitally signed SAP Note is released with  SAP Note 2508268. An equivalent Transport-Based Correction Instruction (TCI) is available as SAP Note 2576306, containing the above  SAP Notes  2408073 ,2508268,  2546220,It is recommended to implement SAP Note 2576306 containing the TCI instead of applying the above three individual Notes.

Watch out the Note Assistant Page on SAP Support Portal, for the latest updates. For more details please refer 2537133 – FAQ – Digitally Signed SAP Notes, Replays of webinars in English, German & presentation.


You must be Logged on to comment or reply to a post.
  • Hi,

    we implemented the Download Service using TCI Note 0002576306. Report RCWB_UNSIGNED_NOTE_CONFIG was used to set “Do not download unsigned SAP Note”

    Report RCWB_SNOTE_DWNLD_PROC_CONFIG was used to set “Download service Application” as download procedure. When testing corresponding RFC to we get response 400 (Bad request).

    Nevertheless, we receive the error message “E:SCWN:810 SAP_DOWNLOAD_SERVICE” when trying to download a note which needs the download service (e.g. 2538018).

    Any suggestions?