on 03-06-2013 12:23 PM
I'm trying to use the SAP PGP-Module localejbs/PGPEncryption.
I generated public and private keys in some different ways but it does not work.
I also tried to use this How-To:
http://wiki.sdn.sap.com/wiki/display/XI/Generating+ASCII+Armored+PGP+Key+Pairs
The audit log always shows this:
06.03.2013 12:48:48.360 | Informationen | PGP Encryption Module: Reading public key at /usr/sap/E96/sst/ftp-test/bin/pubring.pkr |
06.03.2013 12:48:48.364 | Informationen | PGP Encryption Module: Reading private key at /usr/sap/E96/sst/ftp-test/bin/secring.skr |
06.03.2013 12:48:48.371 | Fehler | MP: exception caught with cause org.bouncycastle.openpgp.PGPException: Exception creating cipher |
06.03.2013 12:48:48.371 | Fehler | PGP Encryption Module: Could not extract private key (org.bouncycastle.openpgp.PGPException: Exception creating cipher) |
06.03.2013 12:48:48.379 | Fehler | Ausnahme aufgetreten beim Adapter-Framework: Exception creating cipher |
My configuration:
PGP | applyCompression | none |
PGP | applyEncryption | true |
PGP | applySignature | true |
PGP | asciiArmored | false |
PGP | dynamicFileName | true |
PGP | dynamicNamespace | true |
PGP | encryptionAlgo | AES_128 |
PGP | format | binary |
PGP | keyRootPath | /usr/sap/E96/sst/ftp-test/bin/ |
PGP | ownPrivateKey | secring.skr |
PGP | partnerPublicKey | pubring.pkr |
PGP | pwdOwnPrivateKey | **** |
PGP | signingAlgo | RIPEMD160 |
Note: I also used ASCII-keys - no difference.
1. Any ideas were the problem could be?
2. Do I have to use a special signing or encryption Algo???
3. I also wonder which "user-id" ist used for encrypting, because there can be more than one key in a key ring. But there is no parameter for specifying the receiver or sender.
Hi guys, I had the same issue and I resolved as soon as I corrected the JCE Policy:
I hope it helps
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you get this error resolved & How.
I got JCE installed too but the below error persists.
MP: exception caught with cause org.bouncycastle.openpgp.PGPException: Exception creating cipher
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I got it working for our needs. But there seems to be an incompatibility with some types of PGP-keys.
Actually, encrypting works even better than decrypting.
Unfortunately, the error messages are not really helpful in some cases...
Here are some hints, what you can try:
Hi Heiko,
Thanks for helping me out with your insights.
My Encryption works fine after I disabled the signing but my decryption does not work now.
Error is -
"PGPDecryption Module: org.bouncycastle.openpgp.PGPException: Exception creating cipher"
"PGPDecryption Module: Wrong Password for private Key"
But the password we are using is correct since we are able to decrypt the same file using command line.
Trouble-shooting steps:
1. Deployed unlimited JCE policies and restarted the system.
2. Tried with .skr format private key & passphrase upon failure tried regenerating the private key in .asc format & passphrase being used is correct.
3. Tried setting up decryption both ways: sender channel & receiver channel.
4. Tried without passphrase, same error
5. Ensured the the file is encrypted with our own public key.
In our case pgpi 6.5.8 from http://www.pgpi.org/, hpux version is used..
We have raised OSS notes but none of the solutions worked for us.
Let me know if there are any alternative solution of getting the decryption done in PI.
Like through PI command line etc. If so please guide me through the steps.
Hi Heiko,
Thanks for taking time & helping me out.... Your solution worked out.
Passphrase was right but it was unix version key hence it kept saying "PGPDecryption Module: Wrong Password for private Key".
As soon as I imported & exported with GNU-PGP (WIN), the key worked but it still gave the error message.
And the error message was clear enough to determine the issue.
Vendor used IDEA encryption Algo....
We have requested Vendor to use an alternative one but Vendor due to various security reasons cannot do so.
Trying to implement the same using command line if still stuck then will go with Java code.
I think SAP, for PGP addon should come up with alternative solution for IDEA Algo......
Yes, the common IDEA problem... We had that, too!!
Fortunatly, we had a SAP consultant in our project and got a SAP consultant solution here. They included the "extended-libraries" of bouncy castle (bouncycastle.org) in the PGP-package.
Now we can encrypt and decrypt IDEA.
Anyway, SAP decided not to include this into the standard package because of licence problems with the IDEA algo. SAP is not allowed to sell this.
However, before we had the solution, I also told some senders to use newer a PGP-version. Downloading GNU-PGP and creating a new "portable version" solved the problem.
Another workaround could be: Install PGP on the fileserver and use a script to decrypt.
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.