Common issues in PO while working on PGP Encryption using SFTP
There are many blogs on how to use PGP encryption. Please refer the below blogs to understand the basics of Pretty Good Privacy(PGP) in SAP PI/PO:
Pre-requisites for PGP encryption module:
- Deploy PGP module in SAP PO.
- To encrypt the message, the partner public key is uploaded in PO
- To digitally sign the message, use your private key and provide the public key to the partner to verify the signature.
In this blog, I would go through some of the issues which might occur when using PGP encryption in SFTP adapter.
- Incorrect EJB module name: We might use the incorrect ejb module name for PGP
encryption for eg. localejbs/PGPEncryptionModule which causes the below error:
This error can be resolved using the correct module name ‘localejbs/PGPEncryption’ in SAP PO.
- Path of the public key: By default the keys are generally placed under the path usr/sap/<System ID>/<Instance ID>/sec. In our case, we had placed the keys in this path and it worked in all our non-production environment. But when we ran the interface in production it failed with the below error :
Due to security reasons in production environment, the OS path was not allowed in our production system and hence the error.
The parameter ‘useSecureStore’ is set to ‘false’ by default in the PGP module. If you set this value to ‘true’ and upload the certificate in the Secure Store location instead of the OS path, this error is resolved.
Link to secure Store location :
- File Name : If the parameter ‘dynamicFileName’ is not populated , the default file name is generated with the message ID. While using ASMA parameter for the file name, the namespace value http://sap.com/xi/XI/System is populated automatically:
When this parameter is left as is and tested, PO was still generating the messageID as the file name instead of the desired file name. To solve this issue, we changed the value of namespace in ASMA parameter to http://sap.com/xi/XI/System/File.
- Encryption Algorithm : If an incorrect algorithm is used in the parameter ‘encryptionAlgo’ it would throw the below error at run time:
Please make sure to use correct encryption algorithm for eg. DES. 3 DES, AES_128, IDES,CAST5,AES_256 which would resolve this error.
These were the major issues we faced while using PGP in our SFTP adapter. Let me know if you have faced any other issues.