PGPEncryption Module: A Simple How to Guide
I am sure many of you must have by now been made aware that SAP has released B2B and SFTP/PGP capabilities for SAP PI. Earlier, we had to depend upon third party vendors for this service but with SAP filling this gap, I strongly believe that PI is now in a better position to be provisioned and a true enterprise service bus.
If you are on PI 7.11, the prerequisite for installing and using these new add ons are SP08. I have been able to get my hands on a PI 7.11 SP08 machine and have successfully tested the PGP module as a start. In this blog, I will explain how to do PGP encryption using the SAP provided standard module PGPEncryption.
For simplicity sakes, I have created a simple scenario as follows;
A Basic Introduction to PGP Encryption:
1. Encryption Only
To do encryption, we will use the public key provided to us by the partner. Along with the public key, we also need to understand what is the encryption algorithm that is expected by the partner. There are various algorithms and the SAP standard module supports the following AES_128, AES_192, AES_256, BLOWFISH, CAST5, DES, 3DES and TWOFISH.
2. Sign and Encrypt
In this case along with the public key provided to us by the partner, we will also need our own private key and its passphrase that we will use to sign the message. We can also along with the encryption algorithm, choose what should be the signing algorithm. Currently the supported algorithms for signing are MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384 and SHA512.
We can also define the compression that needs to be carried out on the message which will help reduce the message size. This is an optional usage but if used the supported compressions are ZIP, ZLIB and BZIP2
Receiver Communication channel configuration:
In the below communication channel, we will use both Sign and encrypt while sending the message to Receiver.
Note that in the above, we have used the partners public key pubring.pkr for encryption and our private key didikey.skr along with its passphrase for signing the messages. Also we have used ZIP as the compression mode.
By default, the keys can be placed under the path usr/sap/<System ID>/<Instance ID>/sec. But in case you want to use a different path, then use the parameter keyRootPath to define your custom path.
Input file used;
Signed and Encrypted message;
In the next blog, I will show you how we can decrypt this file to a human readable content 🙂