cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Sign the XML content with PKCS7 signer in CPI

former_member814241
Explorer

on ‎2023 Mar 16 9:11 AM

1,123

Hi,

I have the scenario that I need to Sign the complete XML message using PKCS7 Standard algorithm with attachment mode and the signed content should be converted to base 64.

I tried using the scenario in the iflow in CPI, but i did not get the correct ouput. Kindly help me with the scenario.

Regards,

Nisha.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (5)

Answers (5)

former_member814241
Explorer
‎2023 Apr 06 6:27 AM
0 Kudos

Hi Carlos,

Thank you for your information. But this blog says the input is encrypted and they are going to decrypt. But I am getting the input as XML and I need to sgin the whole xml messages.Kindly help me with that.

Regards,

Nisha.

Show replies
Show replies
CarlosRoggan
Product and Topic Expert
Product and Topic Expert
‎2023 Mar 22 7:56 AM
0 Kudos

Hello Nisha,

If I understand correctly:
- you have a message with xml content
- you want to create a digital signature and place it into the xml content

Right?
As far as I know, this is not compliant with the PKCS#7 or CMS standard, where the content and the security artifacts are stored in a CMS-structure.
Which would mean that the PKCS#7/CMS Signer in CPI cannot help you here.

You would need to implement it yourself in a groovy script.

There was a similar requirement in the past and Sunny created a blog post:
https://blogs.sap.com/2018/12/24/how-to-encryptdecrypt-xml-payload-with-aes256-cbc-and-rsa-algorithm...

Does that help?

Kind Regards,
Carlos

Show replies
Show replies
former_member814241
Explorer
‎2023 Mar 20 10:27 AM
0 Kudos

The above one is the required output.

Regards,

Nisha.

Show replies
Show replies
AbdulHammed
Participant
‎2024 Nov 20 6:19 AM
0 Kudos

Hello Nisha,
Hope you are doing well..!

I Have similar requirement where i need to sign the <Body> node and its child using key store certificate, convert to base64 and then place it under singautreValue tag like below before GZip.

could share me how you achieve your requirement so that i can simulate it with mine 

<?xml version="1.0" encoding="UTF-8"?>

<Message>

  <Header>

    <Sender>TEST</Sender>

    <Receiver>TEST</Receiver>

    <MessageType>TEST</MessageType>

    <MessageDescription>TEST</MessageDescription>

    <TimeStamp>2024-11-19T11:27:31</TimeStamp>

  </Header>

  <Body>

    <PayrollMessage>

      <PayrollMessageRef>TEST</PayrollMessageRef>

      <PayrollMessageType>TEST</PayrollMessageType>

      <PayrollTransactionCount>1</PayrollTransactionCount>

      <PayrollTransctionAmount>00000.00</PayrollTransctionAmount>

      <PayrollTransaction>

        <SequenceNum>00000</SequenceNum>

        <TransactionData>:20:43733

          :32A:241119XXX0000

          :50:TEST

          :52A:TEST

          :53B:/0000000000

          :57A:TEST

          :59:/00000000000000000000

          TEST

           CITY

          :70:TEST

          :72:000000

          00000,00

          0000,00

          00000,00

          0,00</TransactionData>

        </PayrollTransaction>

      </PayrollMessage>

    </Body>

    <Signature>

      <SignatureValue>MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0B==</SignatureValue>

    </Signature>

  </Message>

CarlosRoggan
Product and Topic Expert
Product and Topic Expert
‎2023 Mar 16 8:02 PM
0 Kudos

Hello Nisha,

thank you for the description of a scenario that might become interesting.

From what I see in the screenshots, you're referring with "attachment mode" to the normal signedData structure where the content is present (not the "external Signature" case, where the content is sent elsewhere)
As such, the signer creates a digital signature and packs it together with the plaintext content into a cms structure with binary data. This can be encoded to base64.

For me that looks correct, wrt spec: https://www.rfc-editor.org/rfc/rfc5652

Could you please kindly clarify, what would be the expected correct output?

Kind Regards,
Carlos

Show replies
Show replies
CarlosRoggan
Product and Topic Expert
Product and Topic Expert
‎2023 Mar 16 8:01 PM
0 Kudos

Hello Nisha,

thank you for the description of a scenario that might become interesting.

From what I see in the screenshots, you're referring with "attachment mode" to the normal signedData structure where the content is present (not the "external Signature" case, where the content is sent elsewhere)
As such, the signer creates a digital signature and packs it together with the plaintext content into a cms structure with binary data. This can be encoded to base64.

For me that looks correct, wrt spec: https://www.rfc-editor.org/rfc/rfc5652

Could you please kindly clarify, what would be the expected correct output?

Kind Regards,
Carlos

Show replies
Show replies
Ask a Question