If you have read the following blogs on using the SFTP and PGP solutions in PI and still have questions unanswered, this blog with look at addressing the common queries on these subjects;

1. SFTP Adapter – SAP SFTP Adapter: A Quick Walkthrough

2. PGP Module

          a. PGPEncryption Module: A Simple How to Guide

          b. PGPDecryption Module: A Simple How to Guide

Note: The below list will be updated with further questions and answers appropriately.

Generic Questions:

The Big Question: Is the SFTP and PGP solution free or do I need a separate licence to use this?

The Simple Answer: It is free! If you are talking about licences, perhaps you are confusing yourself with the B2B add on, which is going to cost you. But the Secure Connectivity Add on i.e nothing but the SFTP adapter and the PGP modules, are absolutely free.

Dependencies? Is it mandatory to install the PGP add on along with SFTP adapter or vice versa?

Answer: NO. Both are independent of each other.

FAQ – SFTP Adapter

Q1. My file is not getting picked. What is going wrong?

Ans. Unlike the normal FTP adapter, the SFTP adapter expects a regular expression. Cross check your configuration and provide the correct regular expression for your file name.

Q2. I am getting the error, “Could not process message, Internal PGP Error (org.bouncycastle.openpgp.PGPException: Exception creating cipher)

Ans: It could be a potential unlimited JCE issue. Try the settings as described in the section ‘Unlimited JCE’ of this document.

Q3. I am facing issues using the ASMA in the Receiver SFTP adapter.

Ans: Try to change the namespace to http://sap.com/xi/XI/System/File and the File Name Attribute as FileName


FAQ – PGP Module

Q1. When I have to do Encryption, what do I need to have?

Ans: You will need a public key, along with a confirmation on what Algorithm that needs to be configured.

Q2. Who will provide me the public key?

Ans: Usually, an encryption is used in scenarios where PI is supposed to send files to external or third party systems (vendors, suppliers, customers etc). In these cases, the public keys are provided by the respective vendor/supplier/customer.

Q3. When I have to Sign and Encrypt how is it different from Q1 and Q2?

Ans: To sign, PI will also need a private key along with its passphrase.

Q4: Who will provide me with the key for Signing?

Ans: Since this is a private key, your organization is responsible.

Q5. When I have to do Decryption, what do I need to have?

Ans: You will a private key and the passphrase associated with it.

Q6. Who will provide me the private key for decryption?

Ans: Usually, decryption is used in scenarios where PI is receiving files from external or third party systems (vendors, suppliers, customers etc). Your organization would have provided the public key to the third party and will own the private key. Hence your organization should be providing you with the private key for you to configure the adapter.

Q7. When I have to Decrypt and Verify how is it different from Q5 and Q6?

Ans: To verify, PI will also need a public key usually provided by the third party involved in the exchange of files.

Q8. Can I manage my keys using the PI Keystore?

Ans: No. At this point of writing this blog, SAP does not provide an option to do this. The keys are managed at an OS file directory level. The default location is usr/sap/<System ID>/<Instance ID>/sec

Q9. Can I use PGP only for the File adapter?

Ans. No. PGP module is compatible with other adapters like Mail, JMS etc.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Krishna Chauhan

    Hi Shabarish,


    Really, good piece of questions and answers….. it will clear the basic concept what kind of keys (public/private) are required for what (encript/decript).



    Krishna Chauhan

  2. Felipe Forero Guzman

    Another question to consider:

    You can use File Content Conversion after encrypt?

    Answer: No, because after encrypting data will not be sorted in xml format, so no conversion can be made.

    It would be good that the PGP module could work after making Content Conversion.
    For this case, you will have to use a module to make your own File Content Conversion and then apply the  PGP module.

  3. R-jay Galbizo

    For Question number 9:


    Has this been updated? I mean..Is the file adapter still not compatible with PGP module?


    Thank You!





    1. Hareesh Gampa

      >>>Has this been updated? I mean..Is the file adapter still not compatible with PGP module?


      It was always compatible

      The question was can this be used with others adapters in addition to the File Adapter? and the answer is yes(works fine with all other adapters)

      1. Markus Stöhr

        Hi Haressh,


        for Q9 I need further information, maybe you or someone else can help me. Is it possible to secure the SSL connection which is established by the REST-Adapter using PGP technology?


        Thx & BR


  4. Hanee Gupta

    Hi Shabarish,

    Can we use\implement S/MIME message level encryption-decryption in SFTP Adapter in SAP PO 7.4. This is the urgent requirement.

    Could you please provide your valuable inputs ASAP.

    Is there any alternate for this. Thanks!

    1. Vikas Kumar Singh

      Hi Hanee,


      I think its not possible. SSH keys can do encryption but for TCP communication, in case of SFTP communication it must serve only authentication.


      Alternate is to use PGP for encryption/decryption.

  5. R-jay Galbizo

    From what I know, PI uses only PGP/AS2 for AES128 algorithm. So maybe you need to get back to them that these are the only approach your PI has unless you customized your adapter to adapt their needs.


    Simple logic:

    if you use PGP to encrypt..it will be decrypted using PGP

    if you use AS2 to encrypt..it will be decrypted using AS2


    Not that I know of (as an alternative) from experience I have. If there are people who have experienced it, hope the’lly reply to your query.





  6. Venu Panthangi

    Hi Shabarish,


    will PGP decryption work when we use file as an attachement with SFTP sender, we need to pick different type of files from ftp folder and need to place in applicatin server where our sender is doing PGP encryption and i need to decrypt it in PI, its like pass through interface, can this work if we pick files as an attachments.





Leave a Reply