Enable Credit Card Encryption
We configured the encryption of credit card data primarily based on Note 662340 and 633462. Since quite a few programs and transactions are called, together with system parameter and environment variable changes, it is worth documenting it with detailed steps and screenshots.
Phase 1. Enable SSF encryption using SAPCryptolib
If SSF encryption has been configured before, please jump to Phase 2. Otherwise please follow the procedure below for Windows platform, or Note 662340 for other platforms.
Step 1. Download the SAPcryptolib from http://service.sap.com/swdc – “Download” – “SAP Cryptographic Software”.
Step 2. Copy the library and ticket file
Copy sapcrypto.dll and sapgenpse.exe to C:\usr\sap\SID\SYS\exe\run
Copy the ticket file to C:\usr\sap\SID\DVEBMGSxx\sec
Step 3. Change the environment virable for QASADM and SARServiceQAS
Step 4. Set the profile parameters and restart SAP
Step 5. Check that Tcode STRUST can be called successfully
Phase 2. Configure the encryption of credit card data
Step 1. Specify the applicaiton-specific SSF parameters in Tcode SSFA
Call Tcode SSFA, and specify “Private Address Book” and “SSF Profile Name”
Click on “New Entries” – get to next screen; then select “Encryption of Paymant Card in SAP system”, hit “Enter” key and Save. The default parameters should work.
Step 2. Check the folder “Encryption of Payment Card” created in Tcode STRUST
Step 3. Create PSE by calling program SSF_CREATE_PSE in Tcode SE38
Execute program SSF_CREATE_PSE from Tcode SE38. (We found that it is easier to call SSF_CREATE_PSE than using Tcode STRUST for this step.) Give the distinguished name you want to use. We also selected the longest key length for stronger security.
Step 4. Import/verify the certificate in Tcode STRUST
Call Tcode STRUST, expend “Encryption of Payment Card” on the left and double-click the item under it, then select the certificate displayed on the right (it should have the distinguished name you gave in the previous step). The self-issued certificate could be used. If you want to use external trust center, click on “Create Certificate Request” to get the request, and click “Improt Cert. Response” after the certificate is generated.
Step 5. Execute report SAPFACCG in Tcode SE38 once
Step 6. Maintain view CCARDEC_V in Tcode SM30
Call Tcode SM30 and maintain view CCARDEC_V. Add VISA, MC, and AMEX as Payment Card Type and check “Encrypted” respectively.
Phase 3. Check the configuration
Execute report CCARDEC_CHECK from Tcode SE38, only select P_TOOLS, and you should get the results like the following
The Blog is very good.
Can any one of you send the detailed document on Enabling Credit Card Encryption to the following mail id:Vali4sap@yahoo.co.in
Still it would be fantastic if you would publish the complete configuration document for Enabling Credit Card Encryption.
Regards,
DV.
We followed your instructions step by step but in the database tables, we still see unencrypted credit card number. We are on enterprise 4.72 system, IS Utilities CCS solution. We are currently at support pack level SAPKH47025. The tables we are specifically looking at are CCARD, DFKKOPC, DFKKOPKC.
We would really appreciate any help you can extend.
Phani.
We are running SAP on ISeries and are upgrading to ECC 6.0. We are trying to implement CC Encryption and I have made it through the technical install of SAPCRYPTO using note 758667 for ISeries. The problem is in Step 3 of your procedure. The program SSF_CREATE_PSE does not exist in ECC 6.0. Per note #662340 SAP suggests to use STRUST. Do you have any update to this blog using STRUST for creating the PSE and following steps?
Is the use of SAPCRYPTO limited to credit card encryption? I am working a solution to encrypt SAP IDOC files transmitted (ALE'd) from SAP rel 4.7 to SAP rel 6.0. We would prefer to encrypt only certain fields within the IDOC and use BADi IDOC_DATA_MAPPER with installing an encryption function in the BADi. Would enabling the lib to encrypt IDOC's be a solution? Or is there other encryption functionality we should consider?