Introduction

Pretty Good Privacy (PGP) is a data encryption and decryption algorithm that provides cryptographic privacy and authentication for data communication.

With PI 7.11+, PGP is available as part of the SAP NetWeaver Process Orchestration Secure Connectivity Add-On.  PGP is an adapter user-module which can be used with any Java adapters, e.g. File/FTP, JDBC, SOAP, JMS, Mail, RFC, HTTP_AAE, IDoc_AAE, etc.  This add-on also includes the SFTP adapter. 

Both products are available for download from the SAP Service Marketplace without any additional cost. 

Download and Installation

PGP can be downloaded from SMP as part of the Secure Connectivity Add-On.  The download location:

Go to:  SAP Software Download Center

                                 Installations and Upgrades

                                                  Browse our Download Catalog

1. Select “SAP NetWeaver and complementary products”, and then “PI SFTP PGP ADDON”.
2. After extracting the downloaded ZIP file, use JSPM to deploy PIB2BPGP00_0.SCA on PI.

Concept

The PGP module uses the public key encryption method to secure the content of the business document.  The PGP module allows us to encrypt/decrypt and digitally sign or verify a message.

This method contains two sets of keys; their purpose is described below:

Public Key:  

• Your public key is used by all your business partners to encrypt a message when sending that message to you.  Therefore, you must send the public key to your partners first. 
• Your partner’s public key is used to verify the digital signature in the message when you receive that message from your business partner.  Therefore, your partner must send you his public key first.

Private Key:

• Your private key is used to decrypt a message when receiving it from your partner.  Your business partner will use your public key to encrypt the message.
• Your private key is used to digitally sign a message when sending it to your business partner.  Your business partner will use your public key to verify the digital signature.

The PGP keys can be generated by publicly-available programs and many web sites can generate them for you, both are available for free.  For your testing purposes, I created the following keys.  Copy-n-paste them to 2 files, e.g. testPGPPublic.txt and testPGPPrivate.txt.  (The 2 files are also attached with this blog.)

While copying, include the BEGIN and END lines.  The password for the private key is “test”.

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: BCPG C# v1.6.1.0

mI0EURFDPAEEAIk55y664cU2ueElz+DJXXWpnmo/kawMzA+WKwIauy86Zu65pFoZ

PgbKSLOxDvEIGhnQEPiyqJ8GB4Q+u8MYoN84ND7Zg8xjyaLQuZ6FPgJmgyvSiAUl

8oBangWGQ7qxLTxsc/CtXHpM5vLZnYnHqs5ld/ugou31wdHD7WxRjHf5ABEBAAG0

D2JpbGwwM0B0YWRpLmNvbYicBBABAgAGBQJREUM8AAoJEM1imjZSvCjysCED+gNE

HsWTC0NycNxykh6/10WzS00YfjrWKv5pi5+Z5wqiK9vWx49tXgObzSL994f+vmbA

u3Z7Pd8wQMf6kkDKromsQIU3PTdpwxYHjQWTFz4d4xvbs1R+skoXbKgm/pzbJoZ6

cUz6uDK2is/o3UlDvH+qTgQCBekiTZ/q1ciYMDCT

=/9ML

-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PRIVATE KEY BLOCK-----

Version: BCPG C# v1.6.1.0

lQHsBFERQzwBBACJOecuuuHFNrnhJc/gyV11qZ5qP5GsDMwPlisCGrsvOmbuuaRa

GT4GykizsQ7xCBoZ0BD4sqifBgeEPrvDGKDfODQ+2YPMY8mi0LmehT4CZoMr0ogF

JfKAWp4FhkO6sS08bHPwrVx6TOby2Z2Jx6rOZXf7oKLt9cHRw+1sUYx3+QARAQAB

/wMDAhxscq0soQxwYJTVOwH2+UivWK9VpcHdXfsjJ+lLuJg+/tjT9g2hBZrW78sZ

xHa27qHBI67Cndzc9QqC9ptISru4Ni20Z/WcoTkEp2dnpYugpwUbnF3Eee3z9LzI

rNsd4V45HTcs/i3jXqCxwdZYXKRgOJzRXwvPZT5aqYJZveNJu+XX1adeChMZF24P

wY6vJRCH85aBSf2zfyD1ckLyQSdF1U/fDuC/9fDAW/rro48PsC9TpbVLjgO8QXre

rRI1pPkBqsCxDzSp2gJHqI5Zsx0thr8Q6N2EYoBJig9L5E359Oxn2ueW6FV0lS6I

kmdfKddlNxaoXH/UcLPwU0TCLFQbf1GEgxqIDqHUelMQ5SqF2227T1pJeBuWBm6g

2/Xk0hEtlFIJ6b20sKU/XWcy9+SPC//vzL+GHs3t0N9fT2PVMq8uNWCAFadMuj1U

cne5sHHDFQsoF8rzMpq8tA9iaWxsMDNAdGFkaS5jb22InAQQAQIABgUCURFDPAAK

CRDNYpo2Urwo8rAhA/oDRB7FkwtDcnDccpIev9dFs0tNGH461ir+aYufmecKoivb

1sePbV4Dm80i/feH/r5mwLt2ez3fMEDH+pJAyq6JrECFNz03acMWB40Fkxc+HeMb

27NUfrJKF2yoJv6c2yaGenFM+rgytorP6N1JQ7x/qk4EAgXpIk2f6tXImDAwkw==

=vKXy

-----END PGP PRIVATE KEY BLOCK-----

User-Module Configuration

Please reference SAP HELP for details:
https://help.sap.com/saphelp_nwposc/helpdata/en/08/d47f0c5abd4f4f9d0b167ff693b1a7/frameset.htm

For this blog, we will be sending the messages to ourselves; therefore, for sending and receiving messages we will use the same public-private keys.

Receiver Communication Channel

The receiver communication channel is used to send a message to your partner.  Consequently, we will use your partner’s public key to encrypt the message, and we can optionally use your own private key to digitally sign the message.

1. Enter Module Name:  localejbs/PGPEncryption
2. Enter Module Parameters:
   • For encryption:
     • keyRootPath = <file directory of the private and public keys>
     • partnerPublicKey = <file name of the public key>  (this is your partner’s key)
   • For signing the message:  (optional)
     • applySignature: true  (the default is false)
     • ownPrivateKey: <file name of the private key>  (this is your own private key)
     • pwdOwnPrivateKey:  <password of the private key>  (for this blog, “test”)

Sender Communication Channel

The sender communication channel is used to receive a message from your partner.  Consequently, we will use your own private key to decrypt the message, and we can optionally use your partner’s public key to verify your partner’s digital signature in the message.

1. Enter Module Name:  localejbs/PGPDecryption
2. Enter Module Parameters:
   • For decryption:
     • keyRootPath = <file directory of the private and public keys>
     • ownPrivateKey: <file name of the private key>  (this is your own private key)
     • pwdOwnPrivateKey:  <password of the private key>  (for this blog, “test”)
   • For verifying the signature in the message:  (only used if the message is signed by your partner)
     • partnerPublicKey = <file name of the public key> (this is your partner’s key)