cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PGP encryption in PI

Go to solution
Former Member

on ‎02-12-2013 1:53 PM

0 Kudos

Hi

I haven't had the chance to test out the PGP encryption/decryption on PI, so I have a question regarding this.

Using PGP decryption in PI - will message payload still be available for those monitoring XML logs after content has been decrypted?

I find that in most cases, decrypting a message in PI gives access to payload, which again means that end-to-end security is not end-to-end anymore, but rather end-to-"almost-there-end".

Our use-case is to avoid middleware admins access to the content, but on the other side, using PGP decryption in SAP backend is a cumbersome process and not something we want to go into.

Thank you

regards Ole

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

robertot4s
Active Participant
‎02-12-2013 4:14 PM
0 Kudos

Hi,

The PGP encryption is used to encrypt/decrypt messages between SAP PI and other systems. So the message payload will be available in XML logs.

The message encryption in SAP PI is a different concept. It's available in SAP PI 7.31:

http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/04/26/michals-pi-tips-encrypting-messag...

Regards,

Roberto

Show replies
Show replies
Former Member
‎02-13-2013 7:26 AM
0 Kudos

Hi

Thanks. This is what I expected.

regards Ole

Answers (3)

Answers (3)

Former Member
‎02-12-2013 8:40 PM
0 Kudos

Hi Ole,

Normally,PGP Encryption is used hen you are sending a message to 3rd party system and corresponding key is provided to 3rd party so that it can be used to decrypt the message.Thus a secure exchange of data happens between two system. This key is secret to system administrator. Suppose you receive a payload message to be proceed by your PI system,it should be decrypted 1st during processing by PI to corresponding ECC system. So,PGP encryption assures the secure transfer of files. Again,you can restrict the access to your PI administrator to XML Payload. But,if an administrator want to view the data,can manage to decrypt by using the key in back-end i think. So,only option to restrict the access to XML Payload in PI system is to restrict through authorization in SAP level.

I have experience in PGP encryption used in MFT application(Tool for managing file transfer by ERST Technologies) where files are encrypted/decrypted before sending/receiving to/from any other server. This files can be decrypted in back-end itself through command line. But trust on an administrator sometimes matters a lot. But,don't have experience on PGP where file transfer is handled by PI only without use of any non SAP tool. lets wait for others opinion.

Thanks

Ali

Show replies
Show replies
Former Member
‎05-29-2014 10:29 AM
0 Kudos

Thanks Ali

former_member205101
Participant
‎02-12-2013 7:53 PM
0 Kudos

Hello Ole,

You can achieve your request by restricting User / Admin authorization in PI system specific to that interface (Namespace, sender/Receiver interface) in NWA.

So that who ever has authorization can able to see XML payload in PI system, Others can not see payload or content in PI system for that interface.

"Our use-case is to avoid middleware admins access to the content,"

Note: Michal Krawczyk also mentioned in comment section of that blog

Thanks

Praba

Show replies
Show replies
Former Member
‎02-13-2013 7:27 AM
0 Kudos

Hi

Thanks. Yes I am aware of this option and we will most likely use it through either NWA or other roles.

regards Ole

nabendu_sen
Active Contributor
‎02-12-2013 7:06 PM
0 Kudos

Hi Ole,

You can not achieve this lower than SAP PI 7.3 EHP1 as mentioned in Michal's blog. Message will be shown in the payload.

Show replies
Show replies
Ask a Question