Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encrypt information using RC4 algorithm

Former Member

‎05-27-2014 7:17 PM

0 Kudos

Hi experts!!!!

I have a requeriment to send information by Web Services, i have to encrypt some confidential fields with RC4 using specific key (encryption seed).

Some one have experience?

Tnks!!!

5 REPLIES 5

Former Member

‎05-27-2014 9:16 PM

0 Kudos

Web Services has something called WS-Security, no need to come up with something yourself. Not to mention you should use HTTPS.

Former Member
In response to Former Member

‎05-27-2014 9:50 PM

0 Kudos

Tnks Samuli, is correct, the service is HTTPS. On the client of WS going to decrypt the values that i send, for it, i need encrypt the information.

Former Member
In response to Former Member

‎05-27-2014 10:01 PM

0 Kudos

WS-Security supports message encryption. The only reason for having single fields encrypted would be that you don't even want to see the clear text value in the client, only in the post-processing layers. If that's the case AS ABAP has a encryption API, see SAP note 1456433 for details.

Former Member
In response to Former Member

‎05-28-2014 7:06 AM

0 Kudos

Hi,

actually message encryption is also about encrypting single fields if required 😉

This is then called XML Encrption and is about protecting

elements that are sent as part of the SOAP message.

Please check the docs on WS Security. You can defined the fields to be encrypted in the SOAManager. The cryptographic operations are standardized and therefor interoperability between different systems should be a given, which is not the case, if you want to do this on your own.

More info on XMLencryption can be found in the W3C standard.

Regards,

Patrick

martin_voros
Active Contributor

‎05-28-2014 12:09 AM

0 Kudos

Hi,

I agree with Samuli. It's a really really bad idea to roll out your own crypto. Implementing crypto is really hard. Especially, key management for stream ciphers is really tricky. If you xor two ciphertext generated by stream cipher with same encrpytion key then you get xor of plaintexts. There are simple techniques that can recover plaintext if you have some basic information such as that it's in English language. I assumed that you want to have same key for every message. If not then you will have to figure out how to distribute keys and you are getting into bigger troubles. I would try to use standard API provided by SAP. There is also another API that allows you to use PKCS#7 for encrypting values.

Cheers