Skip to Content
Technical Articles
Author's profile photo Kaleo Fava-Kuntgen

HCI Encrypt with PGP


In this blog I want to show how to encrypt a message using PGP key.

Many HR interfaces needs to have a high level of security, so one way is encrypt the information with pgp keys.

Let’s think that you are extracting information from SuccessFactors and need to deliver this information to a third party, encrypt the information before you send is a very safe way to go,

It will be safe because you will encrypt the information with a public key, and only who has the private key of the public key will be able to decrypt and read the information.

So the idea is show the steps how to create a private and public key, upload it in the HCI and use to encrypt a date.

First thing is ask to your third party generate the public key and sent to you, in my example I will generate the public key and private key with Kleopatra Software.

Installation of Kleopatra

In the installation of Kleopatra, you should select to install GPA, and next, next, finish 😀

Creating PGP Keys

After installation, you can open and start to create the keys.

Click in “Create a personal OpenPGP key pair”.

In this step is very important to have a name conversion, because you can not have two keys with same key id.

Click in “Advanced Settings” and set the screen like below, Ok and Next.

In this screen will show the details of your key, I selected the Name because this information will be used later in CPI.

After click in Create, you need to define a password for your private key.

Finish 😀

Result should be it.


Export the public key

Now, let’s export the public key that will be used to encrypt the information.

Put a name for you file, save and we are done here.

We need to include our public key in the Security Material of CPI

 Attention, Uwaga, Aufmerksamkeit, Atenção,注意,Увага!!!!!

NEVER deploy your public key directly into Security Material, first you must download the file pubring, then include you public key in this file and only after it, you can deploy.

If you get your key and deploy, you will overwrite all the keys that is already there.

Let’s go again, go to Security Material and download the pubring.

Open the GPA program that you installed with Kleopatra and import the pubring file.

If your key is not in the list already, click in Import and select your pgp file.


Select all key that was in the pubring file before, your new key and click in Export.


Installing the PGP in HCI

Now in the Security Material, you can deploy the new pubring file.

Click in Add, select PGP Public Keying, select the pubring file and click in Deploy.


Integration Flow Configuration

And now finally we are in the Integration Flow.

We have a select in SuccessFactor getting data from CompoundEmployee, PGPEncryptor to encrypt the data and a groovy script to save the payload of message in the messageLog.

The important information here is the configuration of PGPEncryptor.

You need to add the “Encryption Key User IDs”, in this field you should put the user name of your key, when we created the key in Kleopatra, we use “IF13_SuccessFactors_0001”, please attention, I used this name when I exported the file and when I imported it in GPA, the name of file can be different, but the name that you put in the field “name” in Kleopatra must be equal.



Let’s deploy the iFlow and check.

In the Monitor Message Processing we can see the attach created.

Payload encrypted. Mission accomplished!!!!


Decrypt the information in Kleopatra

To finish the process, let’s download the file and decrypt it in Kleopatra to check if everything is ok, you can decrypt it in Kleopatra because when we did the steps in Kleopatra, we created the public key and the private key.

When you download the payload here, change the extension to .xml.pgp and double click, it will open the Kleopatra, put the password and save the file.

Save All

Now we have the encrypt and decrypt files.

If you open the file, it should be OK, sorry but I can show my result, it is HR information 😀

The other thing very interesting thing is that when we encrypt a xml, the size of file that we are delivering will be very small if we compare with the file decrypt.

Hope it helps.





Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Eder Torres de Souza
      Eder Torres de Souza

      Such a detailed blog with useful information. Well done!

      Author's profile photo Tomasz Szymczuk
      Tomasz Szymczuk

      @Kaleo Fava-Kuntgen  very great article, thank you.

      Do you know if it is possible to have dynamic User Id configuration on PGPEncryptor, I tried to use parameter under Encryption Key User IDs:  


      but then I've got an exception: Cannot PGP encrypt message. No public encryption key found for the User Ids [${property.PGP_USER_ID}]


      Author's profile photo Kaleo Fava-Kuntgen
      Kaleo Fava-Kuntgen
      Blog Post Author

      Hello Tomasz,

      It is no possible to use dynamic configuration for Encryption Key User IDs. I also opened an incident in SAP for it and got this  🙁

      I don't know if it help but you can add the name of ID as a configuration {{Key User ID}}

      Thank you


      Author's profile photo Former Member
      Former Member

      Hi Tomasz,


      Please refer - How to – Dynamic PGP Encryption UserId | SAP Blogs wherein you can set dynamic values to PGPUserId




      Author's profile photo Dipak Agarwal
      Dipak Agarwal


      First of all thank you for this blog.

      One quick question : You stated here that we can use any the name that you put in the field “name” in Kleopatra must be equal. I sense that you are talking about the user name and user ID that it asks at the initial stage. Correct me if I am wrong.

      However, when I use the user name that I specified for the field "Encryption Key User IDs" , then it says Cannot PGP encrypt message. No public encryption key found for the User Ids [Dipak Agarwal]

      Kindly help

      Author's profile photo Pratibha Singh
      Pratibha Singh

      Hello Kaleo

      Very well explained blog,

      i just have one doubt please

      >>NEVER deploy your public key directly into Security Material, first you must download the file pubring, then include you public key in this file and only after it, you can deploy.<<<here by file pubring means public key of CPI or third party public key?



      Author's profile photo Prashant Bhavsar
      Prashant Bhavsar

      Thanks Kaleo,

      Nice detailed bolg.

      Works as explained.


      Author's profile photo shekhar gautam
      shekhar gautam

      Very detailed and well sequenced blog. Thanks a Ton!

      Author's profile photo Dinesh M
      Dinesh M

      What about Private Key? How do i export that as it is required for decryption