SAP Cloud Integration – Dynamic PGP Encryption UserId

Requirements

With SCPI as enterprise wide middleware, multiple systems and services make use of SCPI’s transfer mechanisms to transfer encrypted data from Point A to Point B. Sometimes, there are requirements using dynamic determination on which PGP userId to user for encryption.

Issue

The PGPEncryptor shape does not resolve User Id set as a property or header i.e., ${property.myDynamicPGPUserId} is not resolved and thus an error is received as – com.sap.it.rt.adapter.http.api.exception.HttpResponseException: An internal server error occured: Cannot PGP encrypt message. No public encryption key found for the User Ids [${property.myDynamicPGPUserId}] in the public keyring. Either specify other User IDs or add correct public keys to the keyring..

Solution

Passing a dynamic value in PGP User Id can be achieved with Camel PGP headers supported by Camel framework which allow us to override values in the Camel step of PGP encryption.

Further information can be found at – PGP :: Apache Camel

We need to set the Camel Header – CamelPGPDataFormatKeyUserids of the type List<String> in our script before PGP encryption step:

def Message pgpUsername(Message message){
    List<String> pgpUsername = Arrays.asList("Your_PGP_Username_goes_here");
    message.setHeader("CamelPGPDataFormatKeyUserids",pgpUsername);
    return message;
}

Post this we can call the PGPEncryption step with User Id maintained as dummy user:

PGP Encryption Step

Do remember to set “Allowed Headers” in Runtime configuration of your iFlow to allow this Camel Header – CamelPGPDataFormatKeyUserids

Runtime Configuration

The Camel header will override the User ID maintained within PGP encryption step and your dynamic username will take precedence. Do test and let me know if you face any issues.