Skip to Content
Author's profile photo Former Member

PGP Encryption and Decryption process in PI

            I would like to share information on security mechanism through PI when the sensitive customer and business data is sent through PI Interfaces to third party systems.

The AEDaptive created a tool was used for the encryption of files hand in hand with PGPkeys. This tool is an add on to the JAVA Application of the Process Integration 7.1 system and this tool was used for the two way encryption and decryption process with the one of our vendor.  One of the vendors of our client utilizes and implements credit card functionality for non banking institutions. We implemented the same for our client to run their business securely.

 

PGP (Pretty Good Privacy) in PI 7.1:

i)                    Introduction  to PGP:

PGP is a data encryption and decryption program that provides a secure method of sending and receiving information between two parties. To be able to utilize the encryption facility, each party will be required to send one another Public Keys, this Key is used to encrypt the file before the package is sent off. The recipient then utilizes the secret key to decrypt and extract the content of the package created by the sender.

 

ii)                  Importance of Keys and Key generation :

Keys can be generated using many PGP Key creation products, in this example we will be using PGP Desktop (Version 10).  

passPhrase

All keys, both public and private need to be placed in a folder that can be read by the SAP J2EE Engine, best option would be on a the PI system itself, this way you are guaranteed there will be no read issue against the file.

 keys11

There are 2 keys to be generated on each side.

 –  Public Key – Used to encrypt the file.

–  Secret Key- Used with a Passphrase to decrypt the file created using the Public Key.  

 

iii) The Encryption and Decryption process:

The Workflow of transferring files between two parties occurs with the encryption as first step and then the decryption as the second step, the following information provides the perquisites setup steps as well as the monitoring of the file transfer, note this only includes the steps within the PI environment.

  • Encryption Process:

                  – PI encryption Module is used to encrypt the files by using recipient generated public key.

                  – Send the encrypted file to the recipient

                  – Vendor decrypts the file using their own Secret Key and Passphrase.

 Encry 

Mandatory PI Adapter Encryption Module parameters:

a)      Algorithm – Many algorithms are being supported. Need to provide one algorithm at least to encrypt the message.

b)      Public Key – To identify the secret key in receiver party in decryption process.

c)       Recipient – Recipient name is important to identify the correct receiver, using the name of the Public Key should suffice.

Along with the above parameters there are additional module key parameters basing the encryption requirements.

Example: Hash key algorithm, compression, signer of the message and compatibility etc. 

 

Testing the encryption process:

Before Encryption:

test5

After Encryption:

test2

 

 

  • Decryption Process:

             – Vendor needs to use PI generated public key to encrypt the files.

             – Sends the encrypted Files to PI.

             – PI decryption module needs to be used to decrypt the files using the sender generated secret key and passphrase. (Passphrase is used in generation of keys)

 

Decryption 

 

Mandatory PI Adapter Decryption Module parameters:

a)      Public Key and Secret key –

                To Identify the correct key to decrypt the message

b)      passphrase                    –

                This passphrase is the one which should be used in Key generation    in sender party.

 

Testing the decryption process:

Content of encrypted file (pre-decryption)

  test3

After the decryption

test4  

 

iv) Monitoring:

Encryption and decryption process can be monitored by channel monitoring.

Encryption Log:

 log1

 

   log

 Decryption Log:   

 

log2

 

v) Trouble shooting

There are many trouble shooting techniques available in user guide. Common errors are mentioned in this document.

An error occurred when reading the secret key ring.

Check the parameter secretKeyRing. Either this parameter is omitted or the path to the secret key ring file is incorrect.

 

An error occurred when reading the public key ring.

Check the parameter publicKeyRing. Either this parameter is omitted or the path to the public key ring file is incorrect.  

 

vi) Reference

http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html 

http://www.aedaptive.com/index.php/solutions/pgp-for-sap-netweaver

Note: Please not that AEDAPTIVE was used during the set up of PI encryption and decryption process.

Assigned Tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Shabarish Vijayakumar
      Shabarish Vijayakumar
      Could you provide some clarification?

      1. is the module a custom module or was it predelivered by aedaptive?
      2. The public and private keys - are they loaded into the J2EE server (like certificated are loaded to the Trusted CA area) or it is placed on some path in the J2EE server?

      Author's profile photo Former Member
      Former Member
      Blog Post Author
      1.The modules are predelivered by AEDaptive.
      2.Please see section (ii).

      The keys need to be placed in a folder that can be read by the SAP J2EE Engine, best option would be on a the PI system itself, this way you are guaranteed there will be no read issue against the file.

      Regards,
      Sekhar

      Author's profile photo Mallikarjuna Rao Malisetti
      Mallikarjuna Rao Malisetti
      Thank you for sharing your experience
      Author's profile photo Prasad Ulagappan
      Prasad Ulagappan
      Good info and well documented.
      Small info regarding Aedaptive PGP encryption: 1. Apart from PGP desktop to generate those keys, there are few other tools provided by Aedaptive to do the same task. These tools would be a jar file to generate public and private keys. This would be useful if the user doesnt have admin rights to install PGP desktop.
      2. This wont directly work with Mail adapter with attachment. Main use of encryption comes only when we send attachment through mails. But there is some alternative to do the same.
      Regards
      Prasad U
      Author's profile photo Krishna Sharma Hari
      Krishna Sharma Hari
      Hi,

      Thanks for this post... I was looking for a topic on message encryption in 7.1 and this is quite helpful..

      I have a question though... When we mention the PGPEncryptionModule parameters, what name should be given under "recipient" ? Is it the BS Name of the Receiver ?

      Thanks and Regards,
      Krishna Sharma

      Author's profile photo Former Member
      Former Member
      Hi Sekhar,

      You have used keyrings (pkr and skr) in the example. Any clue if asc or armored keys are supported by AEDAPTIVE?

      Regards,
      Akhil

      Author's profile photo Former Member
      Former Member
      Hi Akhil,

      Yes "asc" keys are supported by Aedaptive PGP module.

      - Sundar