cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recycle Encryption Key for Credit Card information

Go to solution
Former Member

on ‎06-12-2009 4:58 PM

0 Kudos

Hi,

Does anyone know how to change the encryption key used for encrypting the Credit Card information that is stored in the database. We need to "recycle the encryption key", but I am not sure if the key is present in the PSE or some other place.

My question would be how do we go about changing the encryption key ? Would deleting and recreating the PSE change the encryption key, or is there another way to do it ? Can the key be seen somewhere (maybe a table entry) to make sure that it changed ?

I referred Notes 766703, 633462 and 662340 but I'm not absolutely certain if the deletion and recreation of the PSE would do the job.

Any help is greatly appreciated.

Thanks,

Kunal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-22-2009 10:01 PM
0 Kudos

I see, I did not realize your version was tad older than the OSS note is referring to.

The OSS note states

A new SSF application PAYCRV will be used for the versioned encryption.

so I am afraid that it is not possible with the versions your systems are on...

Key rotation is a relatively new concept and it is possible that older versions simply does not have the functionality.

I would raise OSS to ask if it is possible with your version. Maybe someone else in this forum knows otherwise.

Show replies
Show replies
Former Member
‎06-22-2009 10:44 PM
0 Kudos

Thanks Noriko. Unfortunately, this message has been open for a while and I haven't had too many responses. I plan to keep it open for a few more days to try my luck.

I did open up an OSS message but SAP came back saying that this was a consulting issue I have updated the message and am waiting for a response from them. Would be a good idea to ask them about the version question.

I will make sure to update this message with a resolution if/when I find one.

Thanks again !

Kunal

UPDATE : SAP just confirmed your reply. If the key is destroyed, the data cannot be retrieved. So they advised against doing it.

Edited by: Kunal Belnekar on Jun 29, 2009 12:04 PM

Answers (1)

Answers (1)

Former Member
‎06-22-2009 7:47 PM
0 Kudos

Hi Kunal,

I am assuming that you are using native SAP Encryption. If so, note 1151936 will give you a good guide.

Show replies
Show replies
Former Member
‎06-22-2009 8:26 PM
0 Kudos

Hi Noriko,

We are using SAPCRYPTOLIB for encryption. I had already seen the note you recommended but it is applicable to SAP_ABA Release 710 and we are on 700.

"This solution will be delivered with SAP NetWeaver 7.01" and we have Netweaver 7.00.

I read Note 1032588 as well and according to it "If a payment card number is stored encrypted, the system stores the encrypted values in the database table CCSEC_ENC." ; which does show up as encrypted information in the table in our system. So I know that encryption is configured (although not by me).

It is easy to assume that the private key is used in the encryption, since that is the only key that is unique to the system. But I dont seem to find ANY documentation that specifies this explicitly.

Thanks,

Kunal

Ask a Question