cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error when using pem certificate in PGP

former_member242177
Explorer

on ‎06-19-2015 10:24 AM

0 Kudos

Hi Experts,

I have a requirement to send a file via sftp to a third party which is signed and encrypted. To achieve this I use the PGP module in the sftp adapter. Following the blog PGPEncryption Module: A Simple How to Guide from Shabarish Vijayakumar, I have customized the module.

I started with a .pfx file which contains the private key, and a .cert file which has the public key in it. Via open SSL I have converted both files to .pem files.

When I test this I get the error: PGP Encryption Module: Invalid module configuration: No public key with encryption capability found in /usr/sap/XXX/XX/XX/xxx.pem. Trying to sign the message I get the same error for the private key.

I have configured the module that it only encrypts (please find attached the screenshot of the configuration).

I also have tested the public and private key via openSSL, and I was able to use these files for signing and encrypting, so it looks like the files are ok.

I have also tried to use other extensions (converted the files via openSSL) like the originals .pfx and cert, also .p12 (private key). but continuously the same error.

I would really appreciate help on this. Is there anybody who know what is going wrong here?

Thanks in advance for any suggestions!

Regards,

Jeroen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member242177
Explorer
‎06-29-2015 4:30 PM
0 Kudos

hi Experts,

I am still struggling with this requirements, does anybody have a good suggestion which can help me move forward?

Help will be much appreciated!

Kind regards,

Jeroen

Show replies
Show replies
RaghuVamseedhar
Active Contributor
‎06-22-2015 8:40 PM
0 Kudos

Jung,

The private key should be sorted on SAP PI Server. By default SAP PI checks for it, in folder usr/sap/<System ID>/<Instance ID>/sec on PI server. Please make sure private key is present there or set keyRootPath in PGP module.

Configuring the Encryption PGP Module - SAP Library

Show replies
Show replies
engswee
Active Contributor
‎06-22-2015 2:28 AM
0 Kudos

Hi Jeroen

Try using GPG to generate ASCII Armored keys to use with the module instead. You can refer to the following wiki for the steps.

Generating ASCII Armored PGP Key Pairs - Process Integration - SCN Wiki

Rgds

Eng Swee

Show replies
Show replies
former_member242177
Explorer
‎06-22-2015 9:20 AM
0 Kudos

Hi Eng Swee,

Thanks for you fast reply.

I am not sure if this blog is for me the right one. This is creating a new private and public key. I have to use the provided certificates.

The private certificate were issued by a trusted CA, the public certificate is provided by the third party.

Do you think that I can use the tool Gpg4win to create private and public keys from the existing certificates?

Regards,

Jeroen

engswee
Active Contributor
‎06-23-2015 3:02 AM
0 Kudos

Hi Jeroen

I've never used OpenSSL keys for PGP encryption/decryption. If you search about OpenSSL keys and PGP keys, there are differences between them - example below.

tls - Public keys on OpenSSL vs PGP? - Information Security Stack Exchange

Normally for PGP keys, we just use a self-signed key from the other party.

Anyway, you can try to see if you can convert the OpenSSL key into a PGP key following the site below

Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org

Rgds

Eng Swee

former_member242177
Explorer
‎06-24-2015 7:38 AM
0 Kudos

Hi Eng Swee,

I had a look at the links, thanks for sharing but didn't find how to proceed.

I used openSSL to get the keys from the files which I received. And searching on the internet I found how to use openSSL to do this. But I the end without any positive result.

My problem is that the third party is saying that other customers uses SAP in combination with the provided files, but they can't offer technical solutions.

I have tested the PGP module using another certificate, which we already use for another interface, and it works fine. I am stuck on how to get the right files from that .pfx file which I can upload to the server where the PGP module can pick it up and use it for signing with a private key.

For the encryption we received a public .cert file which is also not containing a valid public key according to the error.

I was hoping that someone knows how to convert this files to usable files in PI.

Kind regards,

Jeroen

Ask a Question