Skip to Content
Technical Articles
Author's profile photo OBULA REDDY CHEGIREDDY

SAP CPI – Encryption and Decryption using PGP keys

When we are doing HR or Bank related integration here main factor is data secure, so one of way is encrypt data using PGP keys.

In this tutorial I am going to explore

  1. How to generate PGP Keys using Kleopatra Software
  2. How to Encrypt data using PGP Public key in SAP CPI
  3. How to Decrypt the data using PGP Private Key in SAP CPI

Generating PGP Keys using Kleopatra Software

Open the Kleopatra application > File > New Key Pair

Provide the Key Pair Name > Advanced Settings > Select Validity

Enter the Passphrase

Click on Finish

 Key Pair are Successfully generated.

Now we need to export the PGP Public and Private keys.

Exporting PGP Public Key

Save as FileName .pgp format

Exporting PGP Private Key


Finally, we have generated the PGP public and private keys

These keys we are going to use in the SAP CPI Iflow to Encrypt and Decrypt the content.

PGP Encryption

In this case we need to get PGP public key from the Non-SAP/Third party application team.

CPI Flow Chart


Importing the PGP Public Key in Security Material


Step -2 Navigate to Design > Select Package > Artifact tab > Add Iflow

From the sender Drag the connecting arrow to connect to start action, from the Adapter Type box select the HTTPS.

  • In Connection tab, enter the Address or URL details
  • Enter /PGPEncryption Optionally, you can enter any value of your choice, but ensure that you use “/”symbol before specifying the endpoint name

 Groovy script for the payload logging

import java.util.HashMap;
def Message processData(Message message) {
    def body = message.getBody(java.lang.String) as String;
    def messageLog = messageLogFactory.getMessageLog(message);
    if(messageLog != null){
        messageLog.setStringProperty("Logging#1", "Printing Payload As Attachment")
        messageLog.addAttachmentAsString("ResponsePayload:", body, "text/plain");
    return message;

Step-3 PGP Encryptor

Here we are using the PGP Encryptor pallet to encrypt the incoming data

Drag and Drop the PGP Encryptor function from Security tab into Iflow space. In the Processing tab we can select the dropdown values to adjust the algorithm, Key length, Compression etc. values but MUST specify the UID(User ID) of Public/Private Key pair to be used for Encryption

Save and deploy the Iflow

Step-4 Testing the Integration Flow Using  Postman

PGP Decryption

In this case we need to generate PGP keys (Public and private), and public key will share with the third-party application team to encrypt the data.

CPI Flow Chart


Importing the PGP Private Key in Security Material


Here we are using the PGP Decryptor pallet to Decrypt the incoming content

In the Processing tab Specify the UID(User ID) of Public/Private Key pair to be used for Decryption

Step-3 Testing the Integration flow using Postman


Finally with this blog we can able to Encrypt and Decrypt the content using the PGP keys.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo d jaiswal
      d jaiswal

      Nice step by step demonstration.

      Here, you have created private and public key using kleopatra.

      In actual case if you need to share Public key of SAP CPI to third party,from where we can get these Private and Public key information. Are Keys  available on keystore or we need to create like this blog  steps , a new one.




      Author's profile photo OBULA REDDY CHEGIREDDY
      Blog Post Author

      Hi Deepak,


      It is depends on the requirement need to generate separate Public and Privates keys and import into Manage Security Material, but make sure when you installing the Keys

      Step-1 Download pubring and secring from Manage Security Material

      Step -2 import  these keys into GPA tool (which is generated in  this blog and Pubring/secring)

      Step-3 Export all keys into single file and import into Manage Security Material.




      Obula Reddy


      Author's profile photo Cristian Peiretti
      Cristian Peiretti

      Hello, I am starting work with cpi and I working with the same scenario. I couldn't find how change the message to binnary.
      In the step 2 you use a script. Could you put a example how to do that, please

      Author's profile photo lithin nasani
      lithin nasani

      Good day!!

      My name is Lithin K Nasani. Am looking for PGP Encryption and Decryption to be implemented on my web application if you could help me to implement i would be very greatful.I have been trying to contact you on Skype could you please respond to my request. Kindly accept my request and lets discuss further.