sftp based integration with signed files from ABAP and to pgp
We're working with a scenario where we are sending signed files over sftp to a partner.
The files are generated by a SAP ABAP system and placed on a file system. They files themselves must secured on this file system to prevent tampering, and we've choosen to add a PCKS#7 signature to them via SSF_KRN_SIGN_BY_AS. (the data itself is not confidential, it's just important that it cannot be changed during transit)
Our plan was to just use the file adapter in PI to pick up the files, and use the SFTP add-on to deliver them to the partner with no mapping or changes in the file.
Unfortunately, the partner only supports pgp signatures (not PCKS#7) so we cannot follow our original plan.
It is theoretically possible to generate pgp files in the SAP ABAP system via installing pgp on the application servers and using an external command. However, this is not a path we want to go as it complicates the system landscape and increases dependency on application server operating system.
PI has good support for pgp through the SAP NetWeaver Process Integration, secure connectivity add‑on 1.0 SP04 – SAP Help Portal Page (same add-on as the sftp support).
But how can we make the mapping from a signature created by the SAP ABAP system(PCKS#7) to a pgp based signature?
My initial evaluation is that we need to create an adapter module for the PI file adapter for removing the PCKS#7 signature, before using configuration to add the pgp signature. Found some relevant code in this thread http://scn.sap.com/thread/3501375