Additional Blogs by Members
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member

            I would like to share information on security mechanism through PI when the sensitive customer and business data is sent through PI Interfaces to third party systems.

The AEDaptive created a tool was used for the encryption of files hand in hand with PGPkeys. This tool is an add on to the JAVA Application of the Process Integration 7.1 system and this tool was used for the two way encryption and decryption process with the one of our vendor.  One of the vendors of our client utilizes and implements credit card functionality for non banking institutions. We implemented the same for our client to run their business securely.

 

PGP (Pretty Good Privacy) in PI 7.1:

i)                    Introduction  to PGP:

PGP is a data encryption and decryption program that provides a secure method of sending and receiving information between two parties. To be able to utilize the encryption facility, each party will be required to send one another Public Keys, this Key is used to encrypt the file before the package is sent off. The recipient then utilizes the secret key to decrypt and extract the content of the package created by the sender.

 

ii)                  Importance of Keys and Key generation :

Keys can be generated using many PGP Key creation products, in this example we will be using PGP Desktop (Version 10).  

All keys, both public and private need to be placed in a folder that can be read by the SAP J2EE Engine, best option would be on a the PI system itself, this way you are guaranteed there will be no read issue against the file.

 

There are 2 keys to be generated on each side.

 -  Public Key - Used to encrypt the file.

-  Secret Key- Used with a Passphrase to decrypt the file created using the Public Key.  

 

iii) The Encryption and Decryption process:

The Workflow of transferring files between two parties occurs with the encryption as first step and then the decryption as the second step, the following information provides the perquisites setup steps as well as the monitoring of the file transfer, note this only includes the steps within the PI environment.

  • Encryption Process:

                  - PI encryption Module is used to encrypt the files by using recipient generated public key.

                  - Send the encrypted file to the recipient

                  - Vendor decrypts the file using their own Secret Key and Passphrase.

  

Mandatory PI Adapter Encryption Module parameters:

a)      Algorithm – Many algorithms are being supported. Need to provide one algorithm at least to encrypt the message.

b)      Public Key – To identify the secret key in receiver party in decryption process.

c)       Recipient - Recipient name is important to identify the correct receiver, using the name of the Public Key should suffice.

Along with the above parameters there are additional module key parameters basing the encryption requirements.

Example: Hash key algorithm, compression, signer of the message and compatibility etc. 

 

Testing the encryption process:

Before Encryption:

After Encryption:

 

 

  • Decryption Process:

             - Vendor needs to use PI generated public key to encrypt the files.

             - Sends the encrypted Files to PI.

             - PI decryption module needs to be used to decrypt the files using the sender generated secret key and passphrase. (Passphrase is used in generation of keys)

 

 

 

Mandatory PI Adapter Decryption Module parameters:

a)      Public Key and Secret key -

                To Identify the correct key to decrypt the message

b)      passphrase                    –

                This passphrase is the one which should be used in Key generation    in sender party.

 

Testing the decryption process:

Content of encrypted file (pre-decryption)

  

After the decryption

  

 

iv) Monitoring:

Encryption and decryption process can be monitored by channel monitoring.

Encryption Log:

 

 

   

 Decryption Log:   

 

 

v) Trouble shooting

There are many trouble shooting techniques available in user guide. Common errors are mentioned in this document.

An error occurred when reading the secret key ring.

Check the parameter secretKeyRing. Either this parameter is omitted or the path to the secret key ring file is incorrect.

 

An error occurred when reading the public key ring.

Check the parameter publicKeyRing. Either this parameter is omitted or the path to the public key ring file is incorrect.  

 

vi) Reference

http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html 

http://www.aedaptive.com/index.php/solutions/pgp-for-sap-netweaver

Note: Please not that AEDAPTIVE was used during the set up of PI encryption and decryption process.

7 Comments