PGP and SFTP : FAQ Sheet
If you have read the following blogs on using the SFTP and PGP solutions in PI and still have questions unanswered, this blog with look at addressing the common queries on these subjects;
1. SFTP Adapter – SAP SFTP Adapter: A Quick Walkthrough
2. PGP Module
Note: The below list will be updated with further questions and answers appropriately.
The Big Question: Is the SFTP and PGP solution free or do I need a separate licence to use this?
The Simple Answer: It is free! If you are talking about licences, perhaps you are confusing yourself with the B2B add on, which is going to cost you. But the Secure Connectivity Add on i.e nothing but the SFTP adapter and the PGP modules, are absolutely free.
Dependencies? Is it mandatory to install the PGP add on along with SFTP adapter or vice versa?
Answer: NO. Both are independent of each other.
FAQ – SFTP Adapter
Q1. My file is not getting picked. What is going wrong?
Ans. Unlike the normal FTP adapter, the SFTP adapter expects a regular expression. Cross check your configuration and provide the correct regular expression for your file name.
Q2. I am getting the error, “Could not process message, Internal PGP Error (org.bouncycastle.openpgp.PGPException: Exception creating cipher)“
Ans: It could be a potential unlimited JCE issue. Try the settings as described in the section ‘Unlimited JCE’ of this document.
Q3. I am facing issues using the ASMA in the Receiver SFTP adapter.
Ans: Try to change the namespace to http://sap.com/xi/XI/System/File and the File Name Attribute as FileName
FAQ – PGP Module
Q1. When I have to do Encryption, what do I need to have?
Ans: You will need a public key, along with a confirmation on what Algorithm that needs to be configured.
Q2. Who will provide me the public key?
Ans: Usually, an encryption is used in scenarios where PI is supposed to send files to external or third party systems (vendors, suppliers, customers etc). In these cases, the public keys are provided by the respective vendor/supplier/customer.
Q3. When I have to Sign and Encrypt how is it different from Q1 and Q2?
Ans: To sign, PI will also need a private key along with its passphrase.
Q4: Who will provide me with the key for Signing?
Ans: Since this is a private key, your organization is responsible.
Q5. When I have to do Decryption, what do I need to have?
Ans: You will a private key and the passphrase associated with it.
Q6. Who will provide me the private key for decryption?
Ans: Usually, decryption is used in scenarios where PI is receiving files from external or third party systems (vendors, suppliers, customers etc). Your organization would have provided the public key to the third party and will own the private key. Hence your organization should be providing you with the private key for you to configure the adapter.
Q7. When I have to Decrypt and Verify how is it different from Q5 and Q6?
Ans: To verify, PI will also need a public key usually provided by the third party involved in the exchange of files.
Q8. Can I manage my keys using the PI Keystore?
Ans: No. At this point of writing this blog, SAP does not provide an option to do this. The keys are managed at an OS file directory level. The default location is ‘usr/sap/<System ID>/<Instance ID>/sec‘
Q9. Can I use PGP only for the File adapter?
Ans. No. PGP module is compatible with other adapters like Mail, JMS etc.