Technical Articles
SAP Cloud Integration – Dynamic PGP Encryption UserId
Requirements
With SCPI as enterprise wide middleware, multiple systems and services make use of SCPI’s transfer mechanisms to transfer encrypted data from Point A to Point B. Sometimes, there are requirements using dynamic determination on which PGP userId to user for encryption.
Issue
The PGPEncryptor shape does not resolve User Id set as a property or header i.e., ${property.myDynamicPGPUserId} is not resolved and thus an error is received as – com.sap.it.rt.adapter.http.api.exception.HttpResponseException: An internal server error occured: Cannot PGP encrypt message. No public encryption key found for the User Ids [${property.myDynamicPGPUserId}] in the public keyring. Either specify other User IDs or add correct public keys to the keyring..
Solution
Passing a dynamic value in PGP User Id can be achieved with Camel PGP headers supported by Camel framework which allow us to override values in the Camel step of PGP encryption.
Further information can be found at – PGP :: Apache Camel
We need to set the Camel Header – CamelPGPDataFormatKeyUserids of the type List<String> in our script before PGP encryption step:
def Message pgpUsername(Message message){
List<String> pgpUsername = Arrays.asList("Your_PGP_Username_goes_here");
message.setHeader("CamelPGPDataFormatKeyUserids",pgpUsername);
return message;
}
Post this we can call the PGPEncryption step with User Id maintained as dummy user:
PGP Encryption Step
Do remember to set “Allowed Headers” in Runtime configuration of your iFlow to allow this Camel Header – CamelPGPDataFormatKeyUserids
Runtime Configuration
The Camel header will override the User ID maintained within PGP encryption step and your dynamic username will take precedence. Do test and let me know if you face any issues.
Thank you Former Member for a great blog and solving one of the key ask on PGP encryption. Solution is very simple and that is what making it more useful.
super blog very well explained!!
Thanks @Aditya, nice blog 👍
UserIds in the PGP process steps have been "dynamized" meanwhile by supporting camel expressions.
refer to:
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/7a07766899c84ed2bb38897e3a332032.html
https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/LATEST/en-US/d0dc511970b04f9bb4a844bcc3d5b89e.html