Encrypt and Decrypt Data between ABAP and JAVA

Former Member · ‎05-23-2011

Hi Experts,

I'm facing problem about Encrypt and Decrypt data between ABAP and JAVA. My scenario is that, I try to Encrypt data from ABAP program/function when it will send to save in external Database. After that Java Program will get this encrypted data and Decrypt it (for further use...) .

As my understand, COMMON algorithm will require for both side (ABAP and Java), I select DES algorithm as my solution but in ABAP side there is no Standard function for me to use (unlike JAVA side), In order to create it my own is not make any sense.

So, my question is, are there solution for this Scenario? Any simple Algorithm? or any example code that I can check it out.

PS, in order to use DES Algorithm, SAPcryptolib is require which I don't want to apply for this simple requirement.

Thanks in advance,

Win

Former Member · ‎05-23-2011

I've found this example:

https://cw.sdn.sap.com/cw/community/docupedia/sapnetweaverabap/blog/2010/01/25/encryption-of-text-fi...

I don't find anything about ssl encryption or similar...

Former Member · ‎05-23-2011

If you do not want to use encryption to achieve encryption, then you are in a so called "catch 22" ...

An exception is from the perspective of what is saved in the DB is tockenization - but that depends on which data this is and which application is writing and reading it (to support the tockenization functions).

Also the transmission of the data would require encryption software to protect for confidentiality. Only integrity of the data can be achieved without cryptographic libraries using digital signatures to "sign" it.

See the SSF* function modules for more infos.

Cheers,

Julius

martin_voros · ‎05-24-2011

Hi,

crypto is really hard. I mean super hard and you really need to know what you do. It's not only about selecting algorithm such as DES (BTW not a good choice). You have to choose encryption mode, message format and so on. Hence I would suggest to use library that offers high level functions such as take this binary blob and encrypt it using this symmetric key. There are multiple Java libraries so there is no problem on Java side. ABAP stack does not offer that much. Actually, it has only one API that is using PKCS#7 format to encrypt data (for example used for credit card data encyprtion). It's using public-key crypto but that should be OK for you. So I would suggest to use this API and do not try to come up with your own scheme. As Julius mentioned look for SSF_* function modeles. You cand efine your own application in table SSFARGS and define parameters there. AES would be better choice than DES.

Cheers

Former Member · ‎05-24-2011

Thx for all help, it helping me more understand about this Encrypt.

I decide to go for using this function, SSF_KRN_ENVELOPE for encrypt by using parameter in Table "SSFARGS"

But still hav no solution on this function, I try to use this function for encrypt but seem like nothing return out for me.

From my understand, I can use Parameter SSFARGS which already hav some parameter exist, such as -

SAPSECULIB PKCS7 SAPELEARN200.pse SAPELEARN200.pse SHA1 DES-CBC

this mean i'm using DES-CBC algorithm?

Any hince for using this function?

martin_voros · ‎05-24-2011

Hi,

it's a bit more complicated. PKCS#7 format is using hybrid encryption (symmetric and asymmetric). It means that a sender generates a content encryption key that is used to encrypt data using symmetric algorithm (for example DEC in CBC mode). Then the generated content encryption key is encrypted using public key of recipient. These two things are send to a recipient. The recipient uses her private key to decrypt the content encryption key and then she uses it to decrypt data. So if you want to use this format you need to perform the following things:

1) Generate new certificate which will be used for encryption.

2) Import certificate into your Java application (private and public key)

3) Import certificate into ABAP stack using transactions STRUST (public key only)

4) You need to set up an application in SSFARGS that will use PSE created in previous step.

5) Use SSF_KRN_ENVELOPE to encrypt data

6) Use suitable Java API to read a message in PKCS#7 format and decrypt it using generated certificate.

Cheers

Former Member · ‎05-24-2011

Hi Martin,

Your information is very very useful, that's what I spend all day search and understanding, but you come with all great conclusion. Many thanks from this...

I think I will decide not to use this solution for encrypt just only one field. It will took too many effort from that. I wil for simple encoding is much better. Function "SSFC_BASE64_ENCODE" might be my solution.

Thanks guys,

Win

martin_voros · ‎05-25-2011

Hi,

I just hope that you understand that base64 is just encoding and anybody can read it.

Cheers

Former Member · ‎05-25-2011

Hi Martin,

Thanks for remind me this encoding and encrypt, actually i still looking for Encrypt algorithm in ABAP (Standard one, for Decrypt in Java). Any solution recommended?

Cheers,

Win

martin_voros · ‎05-25-2011

unfortunately no. As I said ABAP stack does not offer too much. I've already described what you can use and in my opinion that's a good solution. It's not that hard to implement it. Please don't even think about using FMs like FIEB_PASSWORD_ENCRYPT. The word ENCRYPT is misleading there. There is no difference between that and base64.

You can try to avoid encryption on application level but that depends on your requirements. I don't know how you are going to transport data from one system to another. You could use SSL to protect data during transport.

Another option could be to call external utility to encrypt data. For example you dump data into binary file, you call external OS command (e.g. Java application) that creates a new file with encrypted data. ABAP stack reads the new file from disk and sends it to the external system. This one is not that secure because you write data in plain text to hard drive but it might be sufficient for your use case. Again, it depends on your requirements.

Cheers

Former Member · ‎05-25-2011

Martin,

Based on my request, they need to store some important data outside SAP (fetch from RFC function call via SAP .net connector). So I need to Encrypt data which will be Decrypt by Third party application. that's why I need to using Standard Encrypt Algorithm. Anyway, as your solution, I'm agree that it is good solution, but again, I really have no idea how to implement that. It would be nice, if you can suggest me step by step. Or any document I can learn (i did some search but still not understand all concept).

Many Thx,

Win

Former Member · ‎07-01-2011

If you are prepare to roll your sleeves up, you can easily code your own RSA asymmetrical encryption using ABAP, Java, etc. The following page might help you with some ideas. [http://sapninja.com/wiki/PublicKeyEncryption]

Former Member · ‎07-01-2011

thx for your informaiton, I did solve this case using quite simple encryption algorithm named "XORCipher" which require Public key as well.

Thanks,

Win

Former Member · ‎07-01-2011

Hi,

If what you are using is [Xor Cipher|http://en.wikipedia.org/wiki/XOR_cipher], this is not a really robust and strong encryption...

Regards,

Olivier

Former Member · ‎07-01-2011

i'm understand, but for my requirement, it should be enough.

Thank you very much for inform me.

Win

martin_voros · ‎07-01-2011

You are right, there is nothing hard to implement RSA algorithm but that's not enough. You really have to understand what you are doing. Implementing just plain RSA algorithm and using it for encryption is a really really stupid idea. There are standards which specify things like padding, parameters for key generation and so on.

In regards of using XOR cipher. If your key stream is truly random, then that's the best option what you can do. The problem is that it's not. Homemade ciphers are really a bad idea. I would really suggest to stick to standard library.

Cheers