cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PGP Encryption and Decryption

Former Member

on ‎03-03-2014 5:59 AM

0 Kudos

Hi,

We are using SAP PI 7.1 AEX single stack.

For all communication with 3rd Party, we are planning to use SFTP adapter and PGP encryption & Decryption.

How the key exchange takes place between partner and SAP PI?

Can we use any open source to generate the PGP key and store in PI server give the path of same in Sftp or file adapter?

Is there any exchange of public key required between SAP PI and 3rd party ?

How 3rd party generates PGP key for their system?

Thanks,

Vertika

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎03-03-2014 7:17 PM
0 Kudos

Hi,

I posted this question just to get the clarification on prerequisite.

3rd party supports PGP encryption here.

And all communication Inbound/Outbound will have message level security using PGP. So, every Inbound File will come to PI as encrypted message, PI will decrypt the file and post the same to ECC.

All Outbound Files received in PI from ECC will be encrypted and send to 3rd party.

There may be various cases but I just wanted to get details on below points:

  1. If partner has purchased certified keys for PGP. Partner has to send the public key and SAP PI will install public key to decrypt the message.
  2. Similarly SAP PI has to share their public key with partner to decrypt the encrypted message sent from PI. How and where we generate the public key for PGP encryption in PI to share the same with 3rd party.
  3. Where in PI we need to install the PGP public key received from partner?
  4. How we can check the compatibility with partner for signing algorithm?

Thanks,

Vertika

Show replies
Show replies
Former Member
‎03-03-2014 7:40 PM
0 Kudos

Hi,

>>Where in PI we need to install the PGP public key received from partner

You don't need to install keys in PI server .

By default, the keys can be placed under the path usr/sap/<System ID>/<Instance ID>/sec. But in case you want to use a different path, then use the parameter keyRootPath to define your custom path.

Go through below blog for more clarity.

>>If partner has purchased certified keys for PGP. Partner has to send the public key and SAP PI will install public key to decrypt the message.

As above said public key is for encryption ,private key is for decryption.

If there are more interfaces to use PGP ,better to purchase licensed certified keys/generator.

If you want to go with that then use open source for keys generation by taking approval from client, you can find many in Google.

>>How we can check the compatibility with partner for signing algorithm?

for signing also will use the same keys ,but for signing will use private key,passphrase and for verifying will use public key

Regards

Venkat

Former Member
‎03-03-2014 9:19 AM
0 Kudos

Hi,

For encryption you do require public key .

For decryption you do require private key and pass phrase .

For signing you do require private key and pass phrase where as while verifying you do require public key.

>>Can we use any open source to generate the PGP key and store in PI server give the path of same in Sftp or file adapter?

Check with your client on this .Don't just jump into conclusion of using open source to generate keys .For us our client purchased certified keys .

Make sure your third party system folks also support PGP .Usual funda is the the person who decrypts the message holds both the keys and share the public keys to his clients to encrypt and send the message to him.

Regards

Venkat

Show replies
Show replies
Former Member
‎03-03-2014 6:14 AM
0 Kudos

Please check these

Regards

Raj

Message was edited by: Raja S Malledi

Show replies
Show replies
Ask a Question