on 06-19-2015 10:24 AM
Hi Experts,
I have a requirement to send a file via sftp to a third party which is signed and encrypted. To achieve this I use the PGP module in the sftp adapter. Following the blog PGPEncryption Module: A Simple How to Guide from Shabarish Vijayakumar, I have customized the module.
I started with a .pfx file which contains the private key, and a .cert file which has the public key in it. Via open SSL I have converted both files to .pem files.
When I test this I get the error: PGP Encryption Module: Invalid module configuration: No public key with encryption capability found in /usr/sap/XXX/XX/XX/xxx.pem. Trying to sign the message I get the same error for the private key.
I have configured the module that it only encrypts (please find attached the screenshot of the configuration).
I also have tested the public and private key via openSSL, and I was able to use these files for signing and encrypting, so it looks like the files are ok.
I have also tried to use other extensions (converted the files via openSSL) like the originals .pfx and cert, also .p12 (private key). but continuously the same error.
I would really appreciate help on this. Is there anybody who know what is going wrong here?
Thanks in advance for any suggestions!
Regards,
Jeroen
hi Experts,
I am still struggling with this requirements, does anybody have a good suggestion which can help me move forward?
Help will be much appreciated!
Kind regards,
Jeroen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jung,
The private key should be sorted on SAP PI Server. By default SAP PI checks for it, in folder usr/sap/<System ID>/<Instance ID>/sec on PI server. Please make sure private key is present there or set keyRootPath in PGP module.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jeroen
Try using GPG to generate ASCII Armored keys to use with the module instead. You can refer to the following wiki for the steps.
Generating ASCII Armored PGP Key Pairs - Process Integration - SCN Wiki
Rgds
Eng Swee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Eng Swee,
Thanks for you fast reply.
I am not sure if this blog is for me the right one. This is creating a new private and public key. I have to use the provided certificates.
The private certificate were issued by a trusted CA, the public certificate is provided by the third party.
Do you think that I can use the tool Gpg4win to create private and public keys from the existing certificates?
Regards,
Jeroen
Hi Jeroen
I've never used OpenSSL keys for PGP encryption/decryption. If you search about OpenSSL keys and PGP keys, there are differences between them - example below.
tls - Public keys on OpenSSL vs PGP? - Information Security Stack Exchange
Normally for PGP keys, we just use a self-signed key from the other party.
Anyway, you can try to see if you can convert the OpenSSL key into a PGP key following the site below
Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org
Rgds
Eng Swee
Hi Eng Swee,
I had a look at the links, thanks for sharing but didn't find how to proceed.
I used openSSL to get the keys from the files which I received. And searching on the internet I found how to use openSSL to do this. But I the end without any positive result.
My problem is that the third party is saying that other customers uses SAP in combination with the provided files, but they can't offer technical solutions.
I have tested the PGP module using another certificate, which we already use for another interface, and it works fine. I am stuck on how to get the right files from that .pfx file which I can upload to the server where the PGP module can pick it up and use it for signing with a private key.
For the encryption we received a public .cert file which is also not containing a valid public key according to the error.
I was hoping that someone knows how to convert this files to usable files in PI.
Kind regards,
Jeroen
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.