Technical Articles
SAP CPI – Encryption and Decryption using PGP keys
When we are doing HR or Bank related integration here main factor is data secure, so one of way is encrypt data using PGP keys.
In this tutorial I am going to explore
- How to generate PGP Keys using Kleopatra Software
- How to Encrypt data using PGP Public key in SAP CPI
- How to Decrypt the data using PGP Private Key in SAP CPI
Generating PGP Keys using Kleopatra Software
Open the Kleopatra application > File > New Key Pair
Provide the Key Pair Name > Advanced Settings > Select Validity
Enter the Passphrase
Click on Finish
Key Pair are Successfully generated.
Now we need to export the PGP Public and Private keys.
Exporting PGP Public Key
Save as FileName .pgp format
Exporting PGP Private Key
Finally, we have generated the PGP public and private keys
These keys we are going to use in the SAP CPI Iflow to Encrypt and Decrypt the content.
PGP Encryption
In this case we need to get PGP public key from the Non-SAP/Third party application team.
CPI Flow Chart
Step-1
Importing the PGP Public Key in Security Material
Step -2 Navigate to Design > Select Package > Artifact tab > Add Iflow
From the sender Drag the connecting arrow to connect to start action, from the Adapter Type box select the HTTPS.
- In Connection tab, enter the Address or URL details
- Enter /PGPEncryption Optionally, you can enter any value of your choice, but ensure that you use “/”symbol before specifying the endpoint name
Groovy script for the payload logging
import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
def Message processData(Message message) {
def body = message.getBody(java.lang.String) as String;
def messageLog = messageLogFactory.getMessageLog(message);
if(messageLog != null){
messageLog.setStringProperty("Logging#1", "Printing Payload As Attachment")
messageLog.addAttachmentAsString("ResponsePayload:", body, "text/plain");
}
return message;
}
Step-3 PGP Encryptor
Here we are using the PGP Encryptor pallet to encrypt the incoming data
Drag and Drop the PGP Encryptor function from Security tab into Iflow space. In the Processing tab we can select the dropdown values to adjust the algorithm, Key length, Compression etc. values but MUST specify the UID(User ID) of Public/Private Key pair to be used for Encryption
Save and deploy the Iflow
Step-4 Testing the Integration Flow Using Postman
PGP Decryption
In this case we need to generate PGP keys (Public and private), and public key will share with the third-party application team to encrypt the data.
CPI Flow Chart
Step-1
Importing the PGP Private Key in Security Material
Step-2
Here we are using the PGP Decryptor pallet to Decrypt the incoming content
In the Processing tab Specify the UID(User ID) of Public/Private Key pair to be used for Decryption
Step-3 Testing the Integration flow using Postman
Conclusion
Finally with this blog we can able to Encrypt and Decrypt the content using the PGP keys.
Nice step by step demonstration.
Here, you have created private and public key using kleopatra.
In actual case if you need to share Public key of SAP CPI to third party,from where we can get these Private and Public key information. Are Keys available on keystore or we need to create like this blog steps , a new one.
Regards
Deepak
Hi Deepak,
It is depends on the requirement need to generate separate Public and Privates keys and import into Manage Security Material, but make sure when you installing the Keys
Step-1 Download pubring and secring from Manage Security Material
Step -2 import these keys into GPA tool (which is generated in this blog and Pubring/secring)
Step-3 Export all keys into single file and import into Manage Security Material.
Regards
Obula Reddy
Hello, I am starting work with cpi and I working with the same scenario. I couldn't find how change the message to binnary.
In the step 2 you use a script. Could you put a example how to do that, please
Regards
Good day!!
My name is Lithin K Nasani. Am looking for PGP Encryption and Decryption to be implemented on my web application if you could help me to implement i would be very greatful.I have been trying to contact you on Skype could you please respond to my request. Kindly accept my request and lets discuss further.
Regards,
Lithin