Skip to Content
Technical Articles
Author's profile photo Gourab Dey

File encryption and decryption using ABAP

  1. This blog post is intended to give an overall idea on file encryption and decryption process using a key in ABAP. By end of this blog post, we will be able to learn ‘how to encrypt a text file or data using a key and in the end we will also able know “how to decrypt the encrypted data using the same key”.

You can also try this blog post if you are getting run time error “CX_SEC_SXML_ENCRYPT_ERROR” in class “CL_SEC_SXML_WRITER” during decryption of the data.

Requirement:

Recently I came across a requirement where we have to encrypt the generated file while placing it in application server( t-code – AL11 ). The third party middle-ware reads the file from SAP application server and sends it to the target system. To avoid the misutilization of any sensitive data by the third party middle-ware, we have encoded the file using a key(key is generated every-time, hence the key is unique always) and the key has been shared with the concerned person of the target system via e-mail. I thought to share this so that it can be helpful to someone.

The mechanism mentioned above is called “Symmetric Key Encryption” in Cryptography(as the same key is used in the encryption and decryption process, hence the name “Symmetric”).

We will be using the class “CL_SEC_SXML_WRITER” for encryption and decryption process. The class “CL_SEC_SXML_WRITER” contains 3 algorithm for encryption and decryption. Below are the details.

  • AES Algorithm 128 Bit
  • AES Algorithm 192 Bit
  • AES Algorithm 256 Bit

These are the algorithms been followed universally, so even if the target system is a non-SAP system, the encrypted file from SAP can be decrypted using the correct key in the target system and vice-versa(and yes, the algorithm used during encryption process should be used during decryption process, of course).

So, let’s demonstrate the complete process of encryption and decryption using a key in ABAP. We will be creating 2 different program. Below are the details.

  • Program 1: We will create a program with name “ZFILE_ENCRYPTION”. In this program we will do the following task:-
    • Creation of the file which needs to be encrypted
    • Generation of the “KEY” which will be used in encryption process
    • Encrypting the file with the generated key
    • Sharing the key with intended person via e-mail
  • Program 2: We will create another program with name “ZFILE_DECRYPTION” for decrypting  the encrypted file using the generated key. For the scenario that I have worked on(mentioned above) , this program was not required by me as the decryption has been done in the target system. However, this program can be useful if you are in the receiving end of the encoded file. For demonstration purpose, I will be explaining it in this blog post.The program will do the following task:-
    • Reading the encoded file from application server(t-code : AL11)
    • Decrypting the encode file using the key been received on email
    • Downloading the decrypted file(in readable format)

Let’s walks through the both program one after one in details.

Program 1: ZFILE_ENCRYPTION – Encrypting the file using a key

Note: Complete source code has been provided in the end of this blog post.

Step 1: Preparing the text file which needs to be encrypted

This step is pretty straight forward. For demonstration purpose, I will be uploading a text file from presentation server. Below is the sample code for file upload. The data object “LV_DATA” contains the desire data which needs to be encrypted.

You can also generate the file string programmatically instead of uploading it from presentation server.

    DATA:
      lt_data   TYPE string_t,
      lv_data   TYPE string,
      lv_str    TYPE string.
    CALL METHOD cl_gui_frontend_services=>gui_upload
      EXPORTING
        filename                = p_path
        filetype                = 'ASC'
      CHANGING
        data_tab                = lt_data
      EXCEPTIONS
        file_open_error         = 1
        file_read_error         = 2
        no_batch                = 3
        gui_refuse_filetransfer = 4
        invalid_type            = 5
        no_authority            = 6
        unknown_error           = 7
        bad_data_format         = 8
        header_not_allowed      = 9
        separator_not_allowed   = 10
        header_too_long         = 11
        unknown_dp_error        = 12
        access_denied           = 13
        dp_out_of_memory        = 14
        disk_full               = 15
        dp_timeout              = 16
        not_supported_by_gui    = 17
        error_no_gui            = 18
        OTHERS                  = 19.
    LOOP AT lt_data INTO lv_str.
      IF lv_data  IS INITIAL.
        lv_data = lv_str.
      ELSE.
        lv_data = |{ lv_data }{ cl_abap_char_utilities=>newline }{ lv_str }|.
      ENDIF.
    ENDLOOP.

Source file is looking like this:

Step 2: Generating the key for encryption

We have to generate the “KEY” which will be used in encryption process. “GENERATE_KEY” method of the class “CL_SEC_SXML_WRITER” can be used for that. The method always returns a unique “XSTRING” every-time.

DATA:
  lv_key TYPE xstring.

lv_key = cl_sec_sxml_writer=>generate_key( algorithm = cl_sec_sxml_writer=>co_aes128_algorithm  ).

Important: Please do not use the class “CL_ABAP_CONV_OUT_CE” for generation of the “KEY” for encryption. If you do so, you the program will dump if the encryption and decryption program are different. Below is the screenshot of the dump.

Step 3: Encrypting the file using the key

Till now we have prepared the data which needs to be encrypted and the key is also generated which will be used for encryption. For that we have to use the method “ENCRYPT” of class “CL_SEC_SXML_WRITER”. The arguments of the method is the key which been derived in the above step, the data(which needs to be encrypted) in “XSTRING” format and the name of the algorithm which needs to be used. Below is the sample code

DATA:
  lv_data_xstr TYPE xstring,
  lv_msg       TYPE xstring.

"Converting the data - From string format to xstring. You can use any other method or function module which converts the string to xstring format
lv_data_xstr = cl_bcs_convert=>string_to_xstring(
  iv_string = lv_data    " Input data
).

"Encrypt the data using the key
cl_sec_sxml_writer=>encrypt(
  EXPORTING
    plaintext =  v_data
    key       =  v_key
    algorithm =  cl_sec_sxml_writer=>co_aes128_algorithm
  IMPORTING
    ciphertext = lv_msg ).

Step 4: Saving the encrypted file in application server

Now that we have encrypted the file, we have to save the encrypted file in application server(t-code: AL11). But, please note the encrypted file in “XSTRING” format. So, how to transfer the “XSTRING” to application sever. Yes, you are right, just assign the “XSTRING” to a “STRING” data object and transfer the string to the application server. As simple as that. Below is the code snipet.

DATA:
 lv_str TYPE string.

CONSTANTS:
 lc_filepath TYPE string VALUE '\\PGRDEV\sapmnt\trans\file_after_encryption.txt"
 
lv_str = lv_msg.

"Split at 132 position
CALL FUNCTION 'CONVERT_STRING_TO_TABLE'
  EXPORTING
    i_string         = lv_str
    i_tabline_length = 132
  TABLES
    et_table         = lt_str.

OPEN DATASET lc_filepath IN TEXT MODE FOR OUTPUT ENCODING DEFAULT.

"Loop at all the line
LOOP AT lt_str INTO lv_str.
  TRANSFER lv_str TO lc_filepath.
ENDLOOP.

CLOSE DATASET lc_filepath.

Encrypted file in AL11 looks like below. Now the data is been encrypted using the key.

Step 5: Sending generated key with concerned person via email.

There are many blog post and thread available for explaining how to send email in ABAP. So, I am not covering that in this blog post. However, you can find the code in the bottom section of this blog post.

Program 2: ZFILE_DECRYPTION : Decrypting the file using the generated key

Note: Complete source code has been provided in the end of this blog post.

Step 1: Reading the encrypted file from application server

We are reading the encrypted file from application server(t-code: AL11) using “OPEN DATASET”. Please refer to below link if you are new to this.

https://help.sap.com/doc/abapdocu_750_index_htm/7.50/en-US/abapopen_dataset.htm

DATA:
  lv_str  TYPE string,
  lv_data TYPE string.

CONSTANTS:
 lc_filepath TYPE string VALUE '\\PGRDEV\sapmnt\trans\file_after_encryption.txt'.

OPEN DATASET lc_filepath FOR INPUT IN TEXT MODE ENCODING DEFAULT.

DO.
  READ DATASET lc_filepath INTO lv_str.
  IF sy-subrc NE 0.
    EXIT.
  ENDIF.
  lv_data = |{ lv_data }{ lv_str }|.
ENDDO.

 

Step 2: Decrypting the file using the key

Now that we have read the encrypted data from application server(t-code: AL11) and we have the received the generated key(the key is received over email – refer to Step 5 of Program 1 above), we have to decrypt the data using method “DECRYPT” of class “CL_SEC_SXML_WRITER” . The methods has the arguments for “encrypted data”, “the key which was used during encryption”, “the algorithm which was used during “encryption”.

The data object “LV_DATA” has the encrypted data(derived from above step). The data type the data object is “string”. We have to assign it to a data object  of type “XSTRING”. Then we can decrypt the data. Below source code for reference

    DATA:
      lt_binary TYPE STANDARD TABLE OF x255.

    DATA:
      lv_message_decrypted TYPE xstring,
      lv_str               TYPE string,
      lv_key               TYPE xstring,
      lv_data_xstr         TYPE xstring,
      lv_data_text         TYPE string, 
      lv_length            TYPE i.

    "Received key - As already discussed the key has been shared with the cocern person. The key has been assign here so that we can decrypt the file
    lv_key = '38451B52187A3A4AECA26B27AE79D147'
    
   "Assign the encrypted data derived in previous step to to xstring data object so that the same can be decrypted
   lv_data_xstr = lv_data.

    "Decrypt message
    cl_sec_sxml_writer=>decrypt(
      EXPORTING
        ciphertext = lv_data_xtr
        key       =  lv_key
        algorithm =  cl_sec_sxml_writer=>co_aes128_algorithm
      IMPORTING
        plaintext =  lv_message_decrypted ).
      
    "LV_MESSAGE_DECRYPTED data object now contains the decrypted data in xstring format. So, to make as human readable, we have to convert the xstring to string.

    "Convert xstring to binary
    CALL FUNCTION 'SCMS_XSTRING_TO_BINARY'
      EXPORTING
        buffer        = lv_message_decrypted
      IMPORTING
        output_length = lv_length
      TABLES
        binary_tab    = lt_binary.

    "Binary to string
    CALL FUNCTION 'SCMS_BINARY_TO_STRING'
      EXPORTING
        input_length = lv_length
      IMPORTING
        text_buffer  = lv_data_text
      TABLES
        binary_tab   = lt_binary
      EXCEPTIONS
        failed       = 1
        OTHERS       = 2.

Now that you have got the decrypted data, you can process it or can download to presentation server as per the requirement. I have download the file to the presentation server for demonstration. Please refer to attached source code file for details.

Decrypted file looks like below

Conclusion:

So, in this blog post we are able to encrypt the data/text file using a key(the key was generated during run-time). The key has been shared with the concerned person over e-mail. A separate decryption program has been created which decrypts the data using the key been shared.

Hope this blog post will help someone.

Complete source code has been given below for both the program – encryption and decryption

Prorgram: ZFILE_ENCRYPTION

*&---------------------------------------------------------------------*
*& Report  ZFILE_ENCRYPTION
*&
*&---------------------------------------------------------------------*
*&
*&
*&---------------------------------------------------------------------*

REPORT zfile_encryption.

PARAMETERS:
  p_path TYPE string OBLIGATORY LOWER CASE.

*----------------------------------------------------------------------*
*       CLASS lcl_encryption DEFINITION
*----------------------------------------------------------------------*
*
*----------------------------------------------------------------------*
CLASS lcl_encryption DEFINITION.

  PUBLIC SECTION.

    CLASS-METHODS:
      select_file,
      upload_file
        RAISING cx_bcs,
      encrypt_file,
      send_email.

    CONSTANTS:
      c_filepath TYPE string VALUE '\\PGRDEV\sapmnt\trans\encrypted_file.txt'.

  PRIVATE SECTION.

    CLASS-DATA:
      v_data TYPE xstring,
      v_key  TYPE xstring.

ENDCLASS.                    "lcl_encryption DEFINITION

AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_path.

  "Select file
  lcl_encryption=>select_file( ).

START-OF-SELECTION.

  "Upload file
  lcl_encryption=>upload_file( ).

  "Encrypted file
  lcl_encryption=>encrypt_file( ).

*----------------------------------------------------------------------*
*       CLASS lcl_test IMPLEMENTATION
*----------------------------------------------------------------------*
*
*----------------------------------------------------------------------*
CLASS lcl_encryption IMPLEMENTATION.

  METHOD select_file.

    DATA:
      lt_file TYPE filetable,
      ls_file TYPE file_table,
      lv_rc   TYPE i.

    CALL METHOD cl_gui_frontend_services=>file_open_dialog
      CHANGING
        file_table              = lt_file
        rc                      = lv_rc
      EXCEPTIONS
        file_open_dialog_failed = 1
        cntl_error              = 2
        error_no_gui            = 3
        not_supported_by_gui    = 4
        OTHERS                  = 5.

    IF sy-subrc EQ 0.

      READ TABLE lt_file INTO ls_file INDEX 1.

      IF sy-subrc EQ 0.
        p_path = ls_file.
      ENDIF.

    ENDIF.

  ENDMETHOD.                    "upload_file

  METHOD upload_file.

    DATA:
      lt_data   TYPE string_t,
      lv_data   TYPE string,
      lv_str    TYPE string.

    CLEAR v_data.

    CALL METHOD cl_gui_frontend_services=>gui_upload
      EXPORTING
        filename                = p_path
        filetype                = 'ASC'
      CHANGING
        data_tab                = lt_data
      EXCEPTIONS
        file_open_error         = 1
        file_read_error         = 2
        no_batch                = 3
        gui_refuse_filetransfer = 4
        invalid_type            = 5
        no_authority            = 6
        unknown_error           = 7
        bad_data_format         = 8
        header_not_allowed      = 9
        separator_not_allowed   = 10
        header_too_long         = 11
        unknown_dp_error        = 12
        access_denied           = 13
        dp_out_of_memory        = 14
        disk_full               = 15
        dp_timeout              = 16
        not_supported_by_gui    = 17
        error_no_gui            = 18
        OTHERS                  = 19.

    LOOP AT lt_data INTO lv_str.

      IF lv_data  IS INITIAL.
        lv_data = lv_str.
      ELSE.
        lv_data = |{ lv_data }{ cl_abap_char_utilities=>newline }{ lv_str }|.
      ENDIF.

    ENDLOOP.

    "Convert to xstring
    v_data = cl_bcs_convert=>string_to_xstring(
      iv_string = lv_data    " Input data
     ).

  ENDMETHOD.                    "upload_file

  METHOD encrypt_file.

    DATA:
      lt_str TYPE string_t,
      lv_str TYPE string,
      lv_msg TYPE xstring.

    v_key = cl_sec_sxml_writer=>generate_key( algorithm = cl_sec_sxml_writer=>co_aes128_algorithm  ).

    "encrypt using AES256
    cl_sec_sxml_writer=>encrypt(
      EXPORTING
        plaintext =  v_data
        key       =  v_key
        algorithm =  cl_sec_sxml_writer=>co_aes128_algorithm
      IMPORTING
        ciphertext = lv_msg ).

    lv_str = lv_msg.

    "Split at 132 position
    CALL FUNCTION 'CONVERT_STRING_TO_TABLE'
      EXPORTING
        i_string         = lv_str
        i_tabline_length = 132
      TABLES
        et_table         = lt_str.

    OPEN DATASET c_filepath IN TEXT MODE FOR OUTPUT ENCODING DEFAULT.

    "Loop at all the line
    LOOP AT lt_str INTO lv_str.
      TRANSFER lv_str TO c_filepath.
    ENDLOOP.

    CLOSE DATASET c_filepath.

    "Send email
    send_email( ).

    MESSAGE 'File saved in AL11' TYPE 'I'.

  ENDMETHOD.                    "encrypt_file

  METHOD send_email.

    CONSTANTS:
      lc_subject TYPE so_obj_des VALUE 'Encryption key',
      lc_raw     TYPE char03     VALUE 'RAW'.

    DATA:
      lr_send_request  TYPE REF TO cl_bcs,
      lr_bcs_exception TYPE REF TO cx_bcs,
      lr_recipient     TYPE REF TO if_recipient_bcs,
      lr_sender        TYPE REF TO cl_sapuser_bcs,
      lr_document      TYPE REF TO cl_document_bcs.

    DATA:
      lv_mlrec         TYPE so_obj_nam,
      lv_sent_to_all   TYPE os_boolean,
      lv_email         TYPE adr6-smtp_addr,
      lv_subject       TYPE so_obj_des,
      lv_str           TYPE string,
      lv_text          TYPE bcsy_text.

    TRY.

        "Create send request
        lr_send_request = cl_bcs=>create_persistent( ).

        "Email FROM...
        lr_sender = cl_sapuser_bcs=>create( sy-uname ).

        "Add sender to send request
        CALL METHOD lr_send_request->set_sender
          EXPORTING
            i_sender = lr_sender.

        "Email TO...
        lv_email = 'testing@testing.com'.

        lr_recipient = cl_cam_address_bcs=>create_internet_address( lv_email ).

        "Add recipient to send request
        CALL METHOD lr_send_request->add_recipient
          EXPORTING
            i_recipient = lr_recipient
            i_express   = 'X'.

        "Email BODY
        lv_str = |Encryption key :{ v_key }|.

        APPEND lv_str TO lv_text.

        lr_document = cl_document_bcs=>create_document(
            i_type    = lc_raw
            i_text    = lv_text
            i_length  = '12'
            i_subject = lc_subject ).

        "Add document to send request
        CALL METHOD lr_send_request->set_document( lr_document ).

        "Send email
        CALL METHOD lr_send_request->send(
          EXPORTING
            i_with_error_screen = 'X'
          RECEIVING
            result              = lv_sent_to_all ).

        IF lv_sent_to_all = 'X'.
          WRITE 'Email sent!'.
        ENDIF.

        "Commit to send email
        COMMIT WORK.

        "Exception handling
      CATCH cx_bcs INTO lr_bcs_exception.

        WRITE:
          'Error!',
          'Error type:',
          lr_bcs_exception->error_type.

    ENDTRY.

  ENDMETHOD.                    "send_email

ENDCLASS.                    "lcl_test IMPLEMENTATION

Prorgram: ZFILE_DECRYPTION

*&---------------------------------------------------------------------*
*& Report  ZFILE_ENCRYPTION
*&
*&---------------------------------------------------------------------*
*&
*&
*&---------------------------------------------------------------------*

REPORT zfile_decryption.

PARAMETERS:
  p_key TYPE string OBLIGATORY LOWER CASE.

*----------------------------------------------------------------------*
*       CLASS lcl_encryption DEFINITION
*----------------------------------------------------------------------*
*
*----------------------------------------------------------------------*
CLASS lcl_decryption DEFINITION.

  PUBLIC SECTION.

    CLASS-METHODS:
      read_file,
      decrypt_file,
      download_file.

    CONSTANTS:
      c_filepath TYPE string VALUE '\\PGRDEV\sapmnt\trans\encrypted_file.txt'.

  PRIVATE SECTION.

    CLASS-DATA:
      v_data      TYPE xstring,
      v_data_text TYPE string,
      v_key       TYPE xstring.

ENDCLASS.                    "lcl_encryption DEFINITION

START-OF-SELECTION.

  "Upload file
  lcl_decryption=>read_file( ).

  "Decryptfile
  lcl_decryption=>decrypt_file( ).

  "Download file
  lcl_decryption=>download_file( ).

*----------------------------------------------------------------------*
*       CLASS lcl_test IMPLEMENTATION
*----------------------------------------------------------------------*
*
*----------------------------------------------------------------------*
CLASS lcl_decryption IMPLEMENTATION.

  METHOD read_file.

    DATA:
      lv_str  TYPE string,
      lv_data TYPE string.

    v_key = p_key.

    OPEN DATASET c_filepath FOR INPUT IN TEXT MODE ENCODING DEFAULT.

    DO.

      READ DATASET c_filepath INTO lv_str.
      IF sy-subrc NE 0.
        EXIT.
      ENDIF.
      lv_data = |{ lv_data }{ lv_str }|.

    ENDDO.

    v_data = lv_data.

  ENDMETHOD.                    "upload_file

  METHOD decrypt_file.

    DATA:
      lt_binary TYPE STANDARD TABLE OF x255.

    DATA:
      lv_message_decrypted TYPE xstring,
      lv_str               TYPE string,
      lv_length            TYPE i.

    "Decrypt message
    cl_sec_sxml_writer=>decrypt(
      EXPORTING
        ciphertext = v_data
        key       =  v_key
        algorithm =  cl_sec_sxml_writer=>co_aes128_algorithm
      IMPORTING
        plaintext =  lv_message_decrypted ).

    "Convert xstring to binary
    CALL FUNCTION 'SCMS_XSTRING_TO_BINARY'
      EXPORTING
        buffer        = lv_message_decrypted
      IMPORTING
        output_length = lv_length
      TABLES
        binary_tab    = lt_binary.

    "Binary to string
    CALL FUNCTION 'SCMS_BINARY_TO_STRING'
      EXPORTING
        input_length = lv_length
      IMPORTING
        text_buffer  = v_data_text
      TABLES
        binary_tab   = lt_binary
      EXCEPTIONS
        failed       = 1
        OTHERS       = 2.

  ENDMETHOD.                    "upload_file

  METHOD download_file.

    DATA:
      lv_filename TYPE string,
      lv_path     TYPE string,
      lv_fullpath TYPE string,
      lt_string   TYPE string_t.

    "File save dialog
    CALL METHOD cl_gui_frontend_services=>file_save_dialog
      CHANGING
        filename                  = lv_filename
        path                      = lv_path
        fullpath                  = lv_fullpath
      EXCEPTIONS
        cntl_error                = 1
        error_no_gui              = 2
        not_supported_by_gui      = 3
        invalid_default_file_name = 4
        OTHERS                    = 5.

    APPEND v_data_text TO lt_string.

    CALL METHOD cl_gui_frontend_services=>gui_download
      EXPORTING
        filename                = lv_fullpath
        filetype                = 'ASC'
      CHANGING
        data_tab                = lt_string
      EXCEPTIONS
        file_write_error        = 1
        no_batch                = 2
        gui_refuse_filetransfer = 3
        invalid_type            = 4
        no_authority            = 5
        unknown_error           = 6
        header_not_allowed      = 7
        separator_not_allowed   = 8
        filesize_not_allowed    = 9
        header_too_long         = 10
        dp_error_create         = 11
        dp_error_send           = 12
        dp_error_write          = 13
        unknown_dp_error        = 14
        access_denied           = 15
        dp_out_of_memory        = 16
        disk_full               = 17
        dp_timeout              = 18
        file_not_found          = 19
        dataprovider_exception  = 20
        control_flush_error     = 21
        not_supported_by_gui    = 22
        error_no_gui            = 23
        OTHERS                  = 24.

  ENDMETHOD.                    "download_file

ENDCLASS.                    "lcl_test IMPLEMENTATION

Assigned Tags

      19 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Jorge Sousa Villafaina
      Jorge Sousa Villafaina

      Very useful! Great job!

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Thank You Jorge.

      Author's profile photo Bradley Stevens
      Bradley Stevens

      Hi am new to encrypting information, but I need to write a C# program to decrypt a file created using your process described above. Please assist. Whcih key should I use in my C# program and what is the difference with using xstring?

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Hi Bradley Stevens,

      This blog post explain the symmetric key encryption and decryption in SAP. The key is in xstring format only but it needs to be generated with the relevant class as mentioned in the blog post.

      You have to look for more help for relevant classes and methods in C# as this process explain the encryption process from SAP prospective.

      Thanks,

      Gourab

      Author's profile photo satish kumar
      satish kumar

      Hi Gourab Dey ,

      Very nice block  and detail explanation  with code .

      I have some doubts

      1) In this approach we are generating the keys using algorithms. if these 3 algorithms are not used in  non sap systems  how  non sap system will  decrypt .

      2) if third part guys will sharing the public and private key's .How to encrypting using these key.

      Thanks ,

      Satish.

       

       

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Hi satish kumar,

      Please find my comments below:

      • The algorithm mentioned here are standard algorithm in cryptography and not confined to SAP. There is fair chance that third party system will follow the same algorithm.
      • Public key and private key comes under asymmetric encryption concept. The blog post explains the symmetric key encryption where the same key is used for encryption and decryption.

      Also, please note you have to generate the key for encryption using "generate_key" of class "cl_sec_sxml_writer". If you use any other key for encryption, you may get dump during the decryption process. Please refer to the dump mentioned in step 2 of this blog post.

      Hope this helps. Cheers!

      Gourab

      Author's profile photo satish kumar
      satish kumar

      Hi Gourab,

       

      Thank you for your replay,Now I got the difference between asymmetric and symmetric encryption.

      My third part system will accept only PGP(asymmetric) encryption.Do you have any idea about asymmetric or PGP encryption Could please share details.

      Thanks ,

      satish.

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Hi Satish,

      As per my knowledge, Pretty Good Privacy (PGP) can be done using SAP PI/PO. I am bit afraid as I have not came across asymmetric key encryption yet.

      Thanks,

      Gourab

      Author's profile photo Vip Shiv
      Vip Shiv

      Hi Gourab ,

      I am trying to use this  but i am not able to decrypt  whole file which is encrypted using this program can you provide me solution .

       

      Thanks Vipul

      Author's profile photo Joydip Lodth
      Joydip Lodth

      Great Job Gourab.

       

      It seems data level encryption.

      Do we have any option to make file level encryption?

       

      Thanks,

      Joydip

       

      Author's profile photo Raghavender Anmanagandla
      Raghavender Anmanagandla

      Hello All,

      There is requirement in one of the Interface to generate public and private key for encryption and decryption. The reason behind this is we will share public key with Non-SAP system and they will encrypt the file using public key share by S4 and later on once we received encrypted file we will decrypt that file with the help of private key.

       

      Let me know if you also come across this scenario, any lead will be appreciated.

       

      Author's profile photo Srinivas Sunki
      Srinivas Sunki

      DECRPT is not working, plz help in decryp the .DAT.GZ files coding.

       

       cl_sec_sxml_writer=>decrypt(
      EXPORTING
      ciphertext v_data
      key       =  v_key
      algorithm =  cl_sec_sxml_writer=>co_aes128_algorithm
      IMPORTING
      plaintext =  lv_message_decrypted ).

      Author's profile photo Shekhar Tagra
      Shekhar Tagra

      PLEASE NOTE

      Per note 2972991 - 'Neither the class CL_SEC_SXML_WRITER nor its methods , including the whole SEC_SXML package and SSF functions for en-/decryption are released for customer usage.
      All existing functions and methods exist exclusively for legal business requirements of SAP genuine applications and original for web service security (SOAP).'

      Also this note https://launchpad.support.sap.com/#/notes/3074516

      These methods use Kernel level functions and SAP has suggested not to use them, they are not supported and SAP won't service them and can change them without any warning .

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Hi Shekhar Tagra,

      Thanks for sharing the info. Yes, the class is not marked as released for customer. But, as you might already know, if a object is not released, that means SAP will not provide the support if any incident is raised. This does not mean those object cannot be used. What if you have a customer requirement which needs this? Those objects can definitely used, no harm in it.

      Thanks,

      Gourab

      Author's profile photo Shekhar Tagra
      Shekhar Tagra

      No, it also means that SAP can change it anytime in patch upgrade without any notification or release notes, and your code can break. If there is a requirement, you should try it hosting it outside your ABAP system, and do it using a service.

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Hosting outside ABAP is not a straight forward solution. It requires additional infrastructure including Dev, QA, Production with a team structure which is not a easy call to take. First of all we are only using the public methods and there is no enhancement to the standard objects. So, even if SAP changes the code, during upgrade testing that can be tested and necessary fix can be done. I don't see a problem with that. I will definitely prefer this way rather than setting up an external system for the requirement.

      Author's profile photo Shekhar Tagra
      Shekhar Tagra

      It should not be a practice to use the code which is not released for customer. I hope it is mentioned in the blog post so that folks who intend to use it know the possible repercussions.

      Also most companies have Java based systems, I was glad that I was able to find that standard SAP note suggesting to not use it, and was able to do it in our Java systems. If Kernel level changes come up without notification, it can break things. Unrelease code is unnecessary technical debt especially during upgrade.

      Author's profile photo Gourab Dey
      Gourab Dey
      Blog Post Author

      Definitely should not be used if alternative is available which is released for customer. Some company may have external system, but not all. So, the question is.

      Author's profile photo Nicolas sen
      Nicolas sen

      Hello everyone i need help if it is possible, somebody know how to recover encrypted files RZFU , my pc was attacked and all my files have now RZFU type , thanks