cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encoding the Signed message request with Base64 Encoding

Go to solution
nitindeshpande
Active Contributor

on ‎08-25-2015 12:32 PM

0 Kudos

Hello Experts,

I have a scenario, where i am sending payment files to the bank and bank has requested for following things to be done before consuming their web-service -

  1. Get contents in Bytes to Sign (Using UTF-8 Encoding)
  2. Get the X509 Certificate (Private Key Certificate)
  3. Compute the Message Digest
  4. Sign the Message and generate attached Signature (use Detached/attached property of Signing Library)
  5. Encode your Signed Message into Base64 Encoding

For the Step 1, already the data by default in SAP PI is UTF-8, so no problem.

For step 2, i have generated the Certificate request and got it CA signed and the same certificate will be provided to the Bank's Server.

Step 3 - I do not what actually computing message digest mean? Can you please tell me what is this?

For Step 4 - I am using PGP encryption Module, and using only Signing feature of the module. Compression and Encryption are turned off. For signing i have generated public and private keys. Using private key i am signing the request and with public key bank will verify the message from their end.

Step 5 - Encoding the message using Base64 Encoding. For this i came across many links, which tells about performing this mapping using Java mapping.

But mapping during encoding does not help, because Bank wants the encoding to be done after the message has been signed and signing is happening in the receiver adapter, hence i must do encoding in the receiver adapter itself.

Doing it in receiver adapter, i came across a link where it requires developing a Customer Adapter Module -



Developing a Custom Adapter Module may require some time. I was looking if there is any easy method to encode this message using Base64?

Also please let me know if my understanding is correct on other steps and i am going on the right track?

Any help on this highly appreciated as we are very near to go-live and urgently need help on this.

Regards,

Nitin Deshpande

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

asdasd_asdasd
Active Participant
‎08-25-2015 1:43 PM
0 Kudos

For step 3:

  1. see How PGP works (section "Hash functions")
  2. https://en.wikipedia.org/wiki/Pretty_Good_Privacy
  3. https://en.wikipedia.org/wiki/Cryptographic_hash_function
  4. How to use in PI Map_PGP_Generic/BcPGP.java at master · js1972/Map_PGP_Generic · GitHub ( method "signEncryptFile" )

For step 5:

  1. add the import "import com.sun.org.apache.xml.internal.security.utils.Base64;"
  2. and use  "Base64.encode( <BYTES> )"

Regards.

Show replies
Show replies
nitindeshpande
Active Contributor
‎08-25-2015 2:12 PM
0 Kudos

Hello Max,

Thanks for your reply.

For step 5 where do i write this code? In UDF of graphical mapping? During mapping the message will not be signed yet, it will be signed during the message is sent to the receiver, in the receiver channel using PGPEncryption Adapter Module Bean.

And the receiver Bank to which i am sending the file requires the message to be encoded after signing of the message has been done. Hence i will not be able to use mapping for this To do it in mapping i must drop the file in temporary and then pick it up and do mapping in which i will have base64 encoding code and then send the web-service request to bank, this needs an extra interface to be created and makes the work tedious.

Any other method through which i can use to convert the message into Base64 encoding.

Regards,

Nitin

asdasd_asdasd
Active Participant
‎08-25-2015 2:20 PM
0 Kudos

Ok, use the ( you should use the "Base64EncodeConverter" ), everything is coded you should only deploy

nitindeshpande
Active Contributor
‎08-27-2015 1:48 PM
0 Kudos

Hello Max,

Thanks a lot for your reply.

Now for the signing, Bank needs the message request signed using SHA-1 algorithm using a private key and we need to provide them the public key, such that they can verify the request message at their end.

And they want the public key to be X.509 certificate.

Can you please let me know if we can use X.509 certificates as PGP keys?

If not, then can you please let me know how can i achieve this Signing? And the signing must be done using SHA-1 Algorithm.

Kindly help me on this.

Regards,

Nitin Deshpande

asdasd_asdasd
Active Participant
‎08-27-2015 2:14 PM
0 Kudos

Please check this for encrypt and sign, and this Configuring the Encryption PGP Module - SAP NetWeaver Process Integration, secure connectivity add-o... for the values ( for example the parameter "signingAlgo" the values are "MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384 ,and SHA512").

About of the certificate x 509 let me take a test and then will answer to you.

nitindeshpande
Active Contributor
‎08-27-2015 3:09 PM
0 Kudos

Hello Max,

I have already configured PGP encryption. And keys i had generated were of ASCII armored keys. But the Bank with which i am working is expecting the signing to be done using the X.509 certificate. Hence i want to know, if PGP supports signing using X.509 certificates?

Kindly check from your end and let me know. I searched a lot on this. But i dont seem to get a link which specifies if i can use certificates for signing in PGP module.

Also i came across below blog, which says signing using X.509 certificates, but it doesnt consist of public and private key pair. Also i wanted to know this WS Security profile uses which signing algorithm to sign the request?

Regards,

Nitin Deshpande

nitindeshpande
Active Contributor
‎08-31-2015 10:54 AM
0 Kudos

Hello Max,

Can you please let me know your findings on this? Please find below the note for the latest problem i am facing

Request your help on this too -

Regards,

Nitin Deshpande

asdasd_asdasd
Active Participant
‎08-31-2015 3:20 PM
0 Kudos

Hi,

Using standard modules I have not found anything, you'll have to develop a module for this using bouncycastle.org API ( you do not sign with certificates, one verifies the signature of someone with a certificate ), if you're interested I found this to transform PGP keys to X.509 Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org

nitindeshpande
Active Contributor
‎09-01-2015 8:28 AM
0 Kudos

Hello Max,

The above method doesn't seem to be feasible, considering the project timelines. Any ways i have planned to use two ICOs.

First one will sign the request using WSSE and in the SOAP receiver channel of 1st ICO i would give the details of second ICO SOAP sender channel and in 2nd ICO i will use Dummy interface and then in the SOAP receiver channel of 2nd ICO i will encode it with Base64 and send it to the Bank server.

This adds a overhead for the transmission, but i do not see any other way. Do you have any other way to handle it?

Regards,

Nitin Deshpande

Answers (0)

Ask a Question