Hello,
I am faced with some problems while verifying signed data.
So far I have created a new PSE and generated a certificate request. This request has been used in the SAP support portal to create a test certificate. The resulting response has been imported into the PSE as well as the corresponding root certificate. This modified PSE is used to sign and verify some data. But verification is only possible when option "include certificate" (B_INC_CERT) is set to FALSE for function SSF_KRN_SIGN. Otherwise I get an error "signer or recipient is unknown" (CRC = 5) in function SSF_KRN_VERIFY. Does somebody know what I am doing wrong? I am usingSAPSECULIB (SSFLIBSO Version 1.555.26 ; SECUDE(tm) Version 5.4.28M-6 Copyright (c) SECUDE GmbH 1990-2007 #SAPSECULIB - digital signature / without encryption##compiled for Windows 9x/ME/NT/2K/XP/2K3 (32-bit x86)##)
My second question, how do I use function SSF_KRN_VERIFY (especially the mandatory fields for the private address book) to verify a signature on a second SAP system while using the included certificate information in the signature (without having to exchange public key information first)?
Regards,
Melanie