05-27-2014 7:17 PM
Hi experts!!!!
I have a requeriment to send information by Web Services, i have to encrypt some confidential fields with RC4 using specific key (encryption seed).
Some one have experience?
Tnks!!!
05-27-2014 9:16 PM
Web Services has something called WS-Security, no need to come up with something yourself. Not to mention you should use HTTPS.
05-27-2014 9:50 PM
Tnks Samuli, is correct, the service is HTTPS. On the client of WS going to decrypt the values that i send, for it, i need encrypt the information.
05-27-2014 10:01 PM
WS-Security supports message encryption. The only reason for having single fields encrypted would be that you don't even want to see the clear text value in the client, only in the post-processing layers. If that's the case AS ABAP has a encryption API, see SAP note 1456433 for details.
05-28-2014 7:06 AM
Hi,
actually message encryption is also about encrypting single fields if required 😉
This is then called XML Encrption and is about protecting
elements that are sent as part of the SOAP message.
Please check the docs on WS Security. You can defined the fields to be encrypted in the SOAManager. The cryptographic operations are standardized and therefor interoperability between different systems should be a given, which is not the case, if you want to do this on your own.
More info on XMLencryption can be found in the W3C standard.
Regards,
Patrick
05-28-2014 12:09 AM
Hi,
I agree with Samuli. It's a really really bad idea to roll out your own crypto. Implementing crypto is really hard. Especially, key management for stream ciphers is really tricky. If you xor two ciphertext generated by stream cipher with same encrpytion key then you get xor of plaintexts. There are simple techniques that can recover plaintext if you have some basic information such as that it's in English language. I assumed that you want to have same key for every message. If not then you will have to figure out how to distribute keys and you are getting into bigger troubles. I would try to use standard API provided by SAP. There is also another API that allows you to use PKCS#7 for encrypting values.
Cheers