Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help Required - Encryption in PI and Decryption in ABAP

Former Member

‎08-20-2010 8:34 AM

0 Kudos

Hello Experts,

We are working on a customer engagement where we need to implement the following scenario.

Scenario:

The credit card file is sent from the external bank to PI and then PI sends it to ERP for processing.

Requirement:

The requirement is to encrypt the credit card number field when PI processes the received file in the PI file sender communication channel via custom adapter module (Adapter Engine in Java stack). Then PI sends this message with encrypted credit card number field to ERP via ABAP proxy then the credit card number field needs to be decrypted via ABAP before processing within ERP.

Challenge:

We are able to encrypt the credit card number field in PI using symmetric key algorithm like DES. This is done by custom java code in the custom adapter module using Java Cryptography Extension.

We are facing the challenge in implementing symmetric key algorithm such as DES in ABAP to decrypt the credit card number field using SAP Cryptography Library.

We seek your help/advice on how should we go about implementing this solution in ABAP. We are open to use any secure symmetric key algorithm in ABAP.

With the use of the Secure Store and Forward Mechanism (SSF) provided by SAP in ABAP which uses the SAP Cryptographic Library, we are able to use symmetric key algorithm but not able to specify the static key thatu2019s been used in PI for encryption.

Please help us if you have experienced similar requirement at your customer engagement and also let us know if there is any workaround / suggestions.

Warm Regards,

Nilesh Kumar

2 REPLIES 2

mvoros
Active Contributor

‎08-21-2010 1:59 AM

0 Kudos

Hi,

from [this thread|; it looks like you are a colleague of Subash. It would be nicer to continue with that thread to keep all related info in one place.

Anyway, as I wrote in that thread SSF supports only PKCS7 format. I advice you to use this format and modify your PI adapter. It's more secure than homemade crypto and it's not a problem at all to create a message in PKCS7 format in Java. But if you really persist on using DEC in CBC mode then I don't know about any ABAP function module which supports DES. SSF uses DES internally in CBC mode but it looks like API does not expose method for DES encryption only. So there are two solutions. Re-implement DES in ABAP. You can find a source code of DES implementation in many different languages so you just need to pick one which you like and rewrite it into ABAP. Another solution could be to use external command and decrypt credit card outside application server. For example if you system runs on top of Linux then you can easily use openssl. You will have to pass password in command line so you must check that it's not stored anywhere.

Cheers

Former Member
In response to mvoros

‎08-21-2010 10:03 AM

0 Kudos

Looks like spec-dumping of something Nilesh is charging for as well.

Threads locked (triplicate cross-posting)

Edited by: Julius Bussche on Aug 21, 2010 11:49 AM