Skip to Content

This in continuation of the blog PGPEncryption Module: A Simple How to Guide.

In the earlier blog, we had signed and encrypted a file. In this blog, we will see how we can decrypt that file and read the original content.

High Level Scenario:

pgp_10apr2012_5.JPG

Basics of Decryption:


1. Decryption only

In case of decryption, we will need to use our private key and its passphrase. There is no need to exclusively specify the algorithm as it will be automatically detected by the module.

2. Decrypt and Verify

Here along with our private key and passphrase, we need to provide the partners public key for verifying the signature of the sender. There is no need to provide any algorithm information specifically in this case too.

Sender communication channel configuration:

pgp_10apr2012_6.JPG

In the above, we have used our private key secring.skr along with its passphrase for decryption and the partners public key didikey.pkr for verifying the sender signature.

Input Message:

pgp_10apr2012_4.JPG

Output Message:

pgp_10apr2012_7.JPG

End Note:

Even though I have used the file adapter in the blogs, please note that the PGP Modules can be used along with other adapters also. By default, all the keys can be stored on the OS level at the path ‘usr/sap/<System ID>/<Instance ID>/sec‘. But if required, you can store them in a different location and then use the parameter keyRootPath to specify the path in the module configuration. Note that the path and the keys should be accessible by the user <SID>adm.

To report this post you need to login first.

11 Comments

You must be Logged on to comment or reply to a post.

  1. Jacob Vandborg

    Hi Shabarish,

     

    Thanks for two great blogs regarding the possibilities of the PGPEncryption/PGPDecryption. These are two modules, which SAP has neglected for far too long and finally they are here.

     

    One thing I really don’t understand is why SAP cannot make up its mind on where to store certificates. In most configurations in PI the certificates are stored and accessed – in my mind correctly – in the keystore of the JEE and then we see this exception. Why would they choose to store the certificates for such a vital thing as this in the filesystem? It really bugs me that SAP hasn’t made an effort in streamlining handling of certificates towards using the keystore.

     

    Anyways, I was doing a bit of searching for the documentation on how to setup PGP and SFTP, but have not been able to find it. I would appreciate if you could maybe post a link to where SAP is hiding this documentation.

     

    Best regards,

    Jacob

    (0) 
    1. Shabarish Vijayakumar Post author

      Jacob,

      From what I understand SAP has used the bouncycastle API for developing their module. The api basically does a fileinputstream kind of read of the certificates and that seems to be the reason SAP is not storing it in the keystores but at the OS level

      Also regarding the documentation, i think it is not yet released on the SAP help site. You will have to follow Piyush’s blog on the B2B add on availability and follow the SAP notes. As part of the download mentioned in the note, you will find the documentation as a PDF.

      (0) 
      1. Sampath N

        Hi Shabarish,


        Based on ur’s blog i developed decryption module in my ftp 2 file  Interface .i am getting below error pls help me, how to avoid this error …it’s any configuration error or  we need to install any add_on  or  import any java api?



        Error:org.Bouncycastle.openpgp.PGPexception:checksum missmatch at 0 to 20.

        (0) 
  2. Juan Cruz

    Excellent blog. One question Shabarish: I have created the sender channel following the instructions and the Private and Secret Key are being referenced from OS level file system properly. However I have a secret key issue where the channel fails because the key is not being found.

     

    It seems that it’s happening due an inconsistant file *.skr.

     

    Any help will be appreciated.

     

     

    Thanks.

    (0) 
  3. Dheeraj Kumar

    Hi Shabarish,

     

    I have to do SFTP (.PGP) file to PO to Proxy interface with mapping involved.

    For this first I have to do decryption of .pgp file in sender sftp channel, is this correct? then only I will be able to do mapping, correct me if I am wrong.

     

    If this is correct then you have mentioned ownPrivatekey in your screenshot, from where I will get value for this. For public key I will ask from sender.

     

    Regards,

    Dheeraj Kumar

    (0) 
    1. Sahithi M

      HI Dheeraj,

       

           Yes,In Sender side you have to decrypt the encrypted file and then have to do mapping.

       

      Regarding Private Key:

       

      1) You have to generate your Public and Private key by using the tools provided.

      2) Exchange your public keys between you and your partner.

      3) In Module configuration provide your own Private key details.

      (0) 

Leave a Reply