Skip to Content
Why XML encryption is important ?
In this blog I would like to discuss on XML encryption in a business scenario that uses web services. Have you ever thought of how a business that uses Web services to conduct online credit card transactions takes measures to ensure that the credit card numbers and other key information does not end up in the wrong hands ? Well it has been possible through the user name/password XML signature which enables you to sign a Web service message to ensure authenticity, data integrity and non-repudiation. This means that only the password will be secured with XML encryption, but not the full message content. So here is the first SAP solution provided by SAP NetWeaver Exchange Infrastructure to enable XML Encryption. Now, customers can ensure authenticity and confidentiality as they can encrypt entire Web service message payloads during the transport. By taking advantage of SAP NetWeaver XI’s mapping capabilities and using them along with adapters, an SAP system can act as a Web services sender or receiver with non-Web services based interfaces. Thus, companies can map to multiple interfaces and route to multiple partners.
An Example on XML Encryption.
Suppose there are two business partners X and Y. Now business partner X wants to consume a web service from business partner Y but he does have an interface for that and also he does not want to develop one. In this case he can use SAP NetWeaver Exchange Infrastructure to access an existing interface without coding a web service client. The interface in this case can be an RFC enabled function module. Instead of calling another application business partner X will execute a call to SAP NetWeaver XI RFC adapter. As soon as the call is executed the RFC message is converted to XML by the RFC adapter and is passed to the integration server. This integration server maps the XML structure of the RFC message with the web service interface document structure. The SOAP adapter is used to encrypt the message leveraging the Web Services Security standard. Both SOAP and SAP NetWeaver XI protocols are supported by this standard. There are two keys : Public and Private. Public key in system Y’s certificate is used by the SOAP adapter of system X to encrypt the message. This message when reaches system Y, it decrypts using its private key which is unique and known only to him. We should remember one thing that both system X and Y should be first configured to enable XML encryption.
Following are few brief steps for configuring XML encryption: 1.You need to deploy IAIK cryptographic library on the J2EE server of the adapter engine. It can also be downloaded from the SAP service marketplace at http://service.sap.com/sw-center .
2.Deploy Java Cryptographic Extension (JCE) to the Java Runtime Environment (JRE). Get the correct version (1.4) when you download JCE policy files. Check that the each file is about 5kb and if it is around 3kb then that means wrong version has been downloaded.
3.Create public and private key certificates for encryption and decryption. For creating a public key certificate the SAP J2EE Visual Administration tool’s Key Storage service is used by the receiver.
4.Configure XML encryption or decryption in SOAP adapter communication channel.
For complete explanation on how to configure SAP NetWeaver XI adapter, and for the Partner Connectivity Kit for Web Services Security, please see the guide ‘‘How To Configure Message Level Security in SAP XI 3.0,’’ available at http://service.sap.com/nw-howtoguides :- Exchange Infrastructure.
XML encryption comes as a part of SAP NetWeaver Exchange Infrastructure after the release of SAP NetWeaver 2004s and Support Package Stack (SPS) 15 of SAP NetWeaver 2004. The sap system supports synchronous scenarios for SAP NetWeaver Exchange Infrastructure SPS 19, or SAP NetWeaver 2004s Process Integration SPS 10 so these directions can be used to encrypt request as well as response messages.
So this was a brief overview of the use of XML encryption in a web service based scenario. I hope through this blog I am able to provide some useful information which might help you in some or the other way.
To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Shabarish Vijayakumar
    When there is already a How to guide on the same subject (“How To Configure Message Level Security in SAP XI 3.0”) which clearly higlights each and every step involved, i fail to understand the need for another weblog enforcing the same.

    Can you please explain the need for a deja-vu ?

    (0) 
    1. Aparna Chaganti Post author
      Hi Shabarish,

      I understand that you are not clear with the defination of a weblog. You can refer this link –http://www.worldwidelearn.com/elearning-essentials/elearning-glossary.htm#b
      In a blog we are free to present our own views on any topic of our choice and it need not be 100% correct always. Since I had come across this subject and felt like sharing it with others so I posted this blog. Moreover, everyone does not have the useid/password to access the SAP marketplace where the How to guide is present. So I believe this blog is not a deja-vu in any case.
      Well I am also planning to post another blog on the same in a more elaborate way. he he 🙂

      (0) 
        1. Michael Nicholls
          Hi Stefan

          But it would be even better as a how-to-guide XI wiki. That way it can be kept up to date and a beginner can find it without having to search for a blog.

          Cheers

          (0) 
      1. Community User
        That although you are correct – blogs here on SDN are viewed somewhat differently and there are certain expectations from the community concerning blogs.

        I know you will keep that in mind in the future, thank you!

        Craig Cmehil
        SDN Community Manager

        (0) 
        1. Aparna Chaganti Post author
          Thank you Craig, Stefan and michael.
          This is my first blog on SDN. I dont have much idea about Wiki. Well I’ll keep your points in mind.

          Regards,
          Aparna

          (0) 
      2. Shabarish Vijayakumar
        thanks for highlighting the definition of a weblog 🙂

        But then any blog is welcomed which can carry forth a content appreciated by others … it was not the content that got me confused but the motive of a repost when u urself hinted on the How to guide there. If people start posting weblogs and finally say “ref. this How to guide.. it says the same”, well kinda tough to digest aint it 😉

        Anyway … first blog .. i understand the excitement … looking forth with more new content from your side !!!

        (0) 

Leave a Reply