Skip to Content
Technical Articles
Author's profile photo Yogananda Muthaiah

How to encrypt and decrypt files using GPG – SAP Commissions

Dear all,

While pushing your files for processing, you keep your data in form of files. But what if the data you are storing is sensitive. How can you protect that from unauthorized access? One of the ways is encrypting the files using GPG. In this blog, I’ll tell you what GPG is and how you can use it to encrypt and decrypt files when sending it fo sFTP Commissions dropbox for files to process…

What are GPG keys

GPG stands for GNU Privacy Guard. It uses the concept of Asymmetric encryption. Let’s see how asymmetric encryption works and how is it different from Symmetric encryption which we generally use.

In Symmetric encryption, there is only one key, generally known as password, which we use to encrypt/decrypt the files. Now the problem here is, how will you share the same password over the network to the sender/receiver. This problem is solved in Asymmetric Encryption. Le’s see how.

In Asymmetric encryption, there is a pair of keys, one public and one private. The owner can share the public key with anyone whosoever wants to send the files in an encrypted format. That encrypted file is then sent back to the owner and that can only be decrypted by the corresponding private key.

GPG Use Cases

  • Encryption: Used to encrypt files. We can some content to someone and you don’t want anyone in the middle to read it.
  • Signing Commits: Helpful for proving your identity. For eg, you can use this GPG key to sign your commits in Github, to basically verify that you’re the one actually done it.
  • Encrypting Passwords: Very helpful if you use a command line password utility like a password manager called pass. It uses your GPG keys to handle the encryption for all your secrets you want to store in that password manager.

Install GPG

For Windows

https://gnupg.org/download/index.html

For Ubuntu/any Debian based distributions

sudo apt install gnupg

For CentOS/ RHEL based distributions

sudo yum install gnupg

Verify Installation

gpg --version

List all GPG public keys

gpg --list-keys

List all GPG private key pairs

gpg --list-secret-keys

Export Public Key in ASCII Format

## Output to STDOUT
gpg --armor --export <email-Id>

## Output to a file
gpg --armor --export --output <file.txt> <email-Id>

Encrypt a file for a specific user using GPG (Using Asymmetric Encryption)

gpg --encrypt --recipient <recipient-user-email> <file-name>

Encrypt a file using GPG (Uses Symmetric Encryption)

gpg --symmetric <file-name>

## It will prompt for a password

Decrypt that encrypted file (For Both, Symmetric and Asymmetric Encryption)

gpg --decrypt <encrypted-file>

Let’s Understand SAP Commissions Customer & Support Process for Setup

Customers can compress their data using gzip and submit it to the dropbox to save bandwidth. Also customers can now encrypt their data after you installed GPG from above steps. In this case the filename will end with .gpg. (Officially SAP Commissions considers only gpg format)

Note : GNU’s implementation of GPG by default automatically compresses the file

Inbound & Outbound File Encryption/Decryption

If customer sends a file in an encrypted (inbound) file (gpg), customers will need an encryption public key from SAP Commissions Technical Support team – (formerly called Callidus). Customers have to open a case to request the Callidus Public encryption key for inbound files.

For outbound files sent to the customer by Callidus, the customer needs to provide their public key to Callidus for encryption.

SAP Commissions Support team will find out if your tenant is configured with list of keys :
To find a list of keys on the commissions app server, to review use the following command:

gpg –list-keys


Dropbox

The dropbox is an SFTP site. It is used by the customer to upload files for processing by ODI/CDL.

The authentication for the dropbox is always private key. Customers will submit their public key to in a support ticket to get access.

  • manual – This is the most commonly used folder that customers use to upload files to the dropbox. It automatically generates audit files (more on this later) for each file.
  • inbound – This directory is like the manual directory, but requires customers to drop their audit files along with their data files.
  • outbound – Some customers have custom data extracts. The extracts are available for pickup from the outbound directory.
  • badfiles – Any files that produce an ODI/CDL-ERROR email will be found here.



This process is applicable for both customers on Oracle & HANA.
Oracle uses ODI and HANA uses CDL for files to process

Encryption/ Decription Process FLow

 

More Info about SAP Commissions : Link

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Georg Triptrap
      Georg Triptrap

      Hi

      is it possible to use this technique in custom ODI workflow for the creation of outbound files, too? Which files are covered by this functionality.

      Thanks in advance, Georg

      Author's profile photo Yogananda Muthaiah
      Yogananda Muthaiah
      Blog Post Author

      HiGeorg Triptrap

      Thanks for reading the blog !!

      Above process is for standard ODI file types..

      For custom ODI file types, you will have to check with SAP CallidusCloud Support team with ticket if possible to enable as exception but case to case of different customer scenario, yes its possible.