Encryption & Decryption of data using ABAP

Can we encrypt data with ABAP? I had been trying to find something out-of-box for a sometime. As usual I was searching SDN for some useful solutions, I found a code posted by Urgent Requirement: Encryption/Decryption in SAP in the forums and some pointer by Issuing cookies to the Class CL_HARD_WIRED_ENCRYPTOR. I just wanted to give a try to this one and to admit it was so easy to use. In this weblog I just take you through a simple example which uses all uses all the encryption and decryption methods of this class.

Declaration & Initial Part
DATA: o_encryptor TYPE REF TO cl_hard_wired_encryptor, o_cx_encrypt_error TYPE REF TO cx_encrypt_error.DATA: v_ac_string TYPE string VALUE ‘Welcome to ABAP’, v_ac_xstring TYPE xstring, v_en_string TYPE string, v_en_xstring TYPE xstring, v_de_string TYPE string, v_de_xstring TYPE string, v_error_msg TYPE string. START-OF-SELECTION.* Create object for Encryption CREATE OBJECT o_encryptor.

Encryption – String to String
*&———————————————————————** Encryption – String to String*&———————————————————————* WRITE / ‘Encryption – String to String’. TRY. CALL METHOD o_encryptor->encrypt_string2string EXPORTING the_string = v_ac_string RECEIVING result = v_en_string. CATCH cx_encrypt_error INTO o_cx_encrypt_error. CALL METHOD o_cx_encrypt_error->if_message~get_text RECEIVING result = v_error_msg. MESSAGE v_error_msg TYPE ‘E’. ENDTRY. WRITE:/ ‘Actual String: ‘, v_ac_string. WRITE:/ ‘Encrypted String: ‘, v_en_string. SKIP.

Decryption – String to String
*&———————————————————————** Decryption – String to String*&———————————————————————* WRITE / ‘Decryption – String to String’. TRY. CALL METHOD o_encryptor->decrypt_string2string EXPORTING the_string = v_en_string RECEIVING result = v_de_string. CATCH cx_encrypt_error INTO o_cx_encrypt_error. CALL METHOD o_cx_encrypt_error->if_message~get_text RECEIVING result = v_error_msg. MESSAGE v_error_msg TYPE ‘E’. ENDTRY. WRITE:/ ‘Encrypted String: ‘, v_en_string. WRITE:/ ‘Decrypted String: ‘, v_de_string. SKIP.

Encryption – String to Byte
*&———————————————————————** Encryption – String to Bytes*&———————————————————————* WRITE / ‘Encryption – String to Bytes’. TRY. CALL METHOD o_encryptor->encrypt_string2bytes EXPORTING the_string = v_ac_string RECEIVING result = v_en_xstring. CATCH cx_encrypt_error INTO o_cx_encrypt_error. CALL METHOD o_cx_encrypt_error->if_message~get_text RECEIVING result = v_error_msg. MESSAGE v_error_msg TYPE ‘E’. ENDTRY. WRITE:/ ‘Actual String: ‘, v_ac_string. WRITE:/ ‘Encrypted Bytes: ‘, v_en_xstring. SKIP.

Decryption – Byte to String
*&———————————————————————** Decryption – Bytes TO String*&———————————————————————* WRITE / ‘Decryption – Bytes TO String’. TRY. CALL METHOD o_encryptor->decrypt_bytes2string EXPORTING the_byte_array = v_en_xstring RECEIVING result = v_de_string. CATCH cx_encrypt_error INTO o_cx_encrypt_error. CALL METHOD o_cx_encrypt_error->if_message~get_text RECEIVING result = v_error_msg. MESSAGE v_error_msg TYPE ‘E’. ENDTRY. WRITE:/ ‘Encrypted Bytes: ‘, v_en_xstring. WRITE:/ ‘Decrypted String: ‘, v_de_string. SKIP.

Encryption – Bytes to Bytes
*&———————————————————————** Encryption – Bytes to Bytes*&———————————————————————* WRITE / ‘Encryption – Bytes to Bytes’. v_ac_xstring = ‘004E00650074005700650061007600650072’. CALL METHOD o_encryptor->encrypt_bytes2bytes EXPORTING the_byte_array = v_ac_xstring RECEIVING result = v_en_xstring. WRITE:/ ‘Actual Bytes: ‘, v_ac_xstring. WRITE:/ ‘Encrypted Bytes: ‘, v_en_xstring. SKIP.

Decryption – Bytes to Bytes
*&———————————————————————** Decryption – Bytes to Bytes*&———————————————————————* WRITE / ‘Decryption – Bytes to Bytes’. TRY. CALL METHOD o_encryptor->decrypt_bytes2bytes EXPORTING the_byte_array = v_en_xstring RECEIVING result = v_de_xstring. CATCH cx_encrypt_error INTO o_cx_encrypt_error. CALL METHOD o_cx_encrypt_error->if_message~get_text RECEIVING result = v_error_msg. MESSAGE v_error_msg TYPE ‘E’. ENDTRY. WRITE:/ ‘Encrypted Bytes: ‘, v_en_xstring. WRITE:/ ‘Decrypted Bytes: ‘, v_de_xstring. SKIP.

The Result

Adding to this there are methods for BASE64 encoding and decoding of binary data as well. Hope this is a very simple to use class for the encryption & decryption of data.

16 Comments

You must be Logged on to comment or reply to a post.

Former Member November 21, 2006 at 10:40 pm

Hi Kathirvel,

a very nice blog, but i cannot try it on my system. It’s a WAS 6.20 abap system, and the cl_hard_wired_encryptor class is unknown.

regards,
Hans

like (0)
1. Peter Inotai November 21, 2006 at 10:55 pm
  
  Hi Kathirvel,
  
  I agree with Hans, it’s a very useful blog. I wasn’t aware of this class.
  I couldn’t find this class on our 6.20 system only on our 6.40 system.
  Do you have an official info about this class availablilty? Is it possible to get it via SP to 6.20?
  Thanks,
  Peter
  
  like (0)
  1. Former Member Post authorNovember 21, 2006 at 11:50 pm
    
    Hi Hans & Peter
    Thanks for your comments. Yes you are right this class is available only from 6.40. I got this information from Thomas’s reply in the forum thread Issuing cookies
    I could not find any offcial information for this class availability or getting it via SP to SP to 6.20 at Service Market Place.
    I know this could be a disappointment, but there are some examples by Rich in the below thread Urgent Requirement: Encryption/Decryption in SAP This could work in your 6.20 system. Its worth a try.
    
    Regards
    Kathirvel
    
    like (0)
    1. Peter Inotai November 22, 2006 at 1:39 am
      
      Hi Kathirvel,
      
      Thanks for the info. It would be nice if SAP would a downport for this. Even there is kernel dependencied, most of the BC 6.20 system running with 6.40 kernel.
      However I don’t think it will happen, as 6.20 is already an “old” release. 🙁
      
      Peter
      
      like (0)
      1. Former Member November 22, 2006 at 1:48 am
        
        of this ???result_len(1) = the_byte_arrayoffs(1) bit-xor xor_val.i must be completely misunderstanding something…
        
        like (0)
        
        Peter Inotai November 22, 2006 at 2:02 am
        
        Hi Anton,
        
        You’re right.
        I didn’t check what is inside of this class. Now I can see that there is no “magic” inside. So it’s not a big deal to downport to a Z-class.
        However now it’s also clear based on the previous comment, that it wouldn’t make too much sense as this class doesn’t provide “real” encryption.
        
        Peter
        
        like (0)
  2. Former Member November 22, 2006 at 12:57 am
    
    Try encrypting using a java script inside ABAP.
    I guess that is available on 6.20 .
    
    like (0)
Nigel James November 22, 2006 at 12:20 am

If it is real encryption you are looking for then I would keep looking. The good thing about abap being ‘open source’ is that you can see this is just a XOR algorithm and would be very easily broken. Each byte is simply being XORed with 0x74 and the order is being reversed with a byte at the front as a marker.

I wouldn’t trust anything I expected to keep secure with this.

Hope this helps,
Nigel

like (0)
1. Former Member November 22, 2006 at 12:59 am
  
  Fully agree with you Nigel.
  I’d rather call this obscuration than encryption and it’s definitely useful (if at all) internally only.
  
  my 2 cents,
  anton
  
  like (0)
2. Peter Inotai November 22, 2006 at 1:54 am
  
  It seems guys in Walldorf are quite funny based on CL_HARD_WIRED_ENCRYPTOR->RUN_TEST “check string-to-string algorithms” part.
  Check the value of the ‘string_in’ :-)))
  Peter
  
  like (0)
  1. Former Member November 23, 2006 at 2:23 pm
    
    Hmm, Google translate gives this as “Outer one weia, the **** does not put eggs”. I assume this is a doubly encrypted (or at least doubly obfuscated) message, as it makes no sense in English!
    
    like (0)
    1. Former Member November 23, 2006 at 11:20 pm
      
      it actually translates to ‘my goodness, ***** don’t lay eggs’.
      
      one more evidence that google translate sucks (as do all translators).
      
      regards,
      anton
      
      like (0)
Former Member November 23, 2006 at 4:17 am

Hi Kathir, it’s nice to read you again -;)

Nice blog…Your doing a great job with encryptation or obfusting blogs -:)

Greetings,

Blag.

like (0)
Wolfgang Janzen January 29, 2009 at 12:18 pm

That’s no encryption, just Base64 encoding.
Since cryptographic software is subject to export control, you’ll not find such a feature in ABAP.

like (0)
Former Member June 11, 2015 at 9:33 am

Hi Kathirvel,

Well Explained.

My requirement is to hide my ABAP code in other systems. I want to assign a tcode to the program and don’t want to give code readability of my source code.

It would be great if you can provide some inputs..!! 🙂

Thanks in advance. !!

Jabin

like (0)
1. Wolfgang Janzen June 11, 2015 at 11:47 am
  
  Hi Jabin,
  
  I would not call ABAP to be “open source” but I’d state that it’s intended that ABAP coding is always visible. By intend there’s no mechanism to hide your ABAP coding.
  
  If you want to ensure that someone can only use your service but will not gain access to the source code, then you might consider to provide a cloud service. Or (classic on-Premise) to provide an executable which acts as RFC server and which can be called from ABAP programs.
  
  Regards, Wolfgang
  
  like (0)