cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encryption types in PI 7.31 SP11

Go to solution
Former Member

on ‎02-03-2016 2:26 PM

0 Kudos

Hi Experts,

The scenario in PI is to drag the file from NFS folder of ECC and drop it to Intermdeiate server after encryption it using the public key. From Intermediate server Bank picks up the files by configuring the schedulers on Intermediate server. So when I made statement to Bank people saying that "I understand you need us to encrypt the file using PGP with AES128 algorithm for which we need public key from your end". They replied saying that "We will be only using AES 128 algorithm, PGP will not be used".

My question is if PI encrypts using PGP module then will it possible for bank to decrypt it by their own mechanism or should I request them to decrypt using only PGP? Please suggest.



Thanks,

Nithin.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

vadimklimov
Active Contributor
‎02-03-2016 4:38 PM
0 Kudos

Hi Nithin,

When you say that you tend to use a public key to encrypt outgoing messages, I would assume you deal with asymmetric encryption (where a pair of private and public keys makes sense), please confirm this. In symmetric encryption, there is no such differentiation between keys as private and public, there is only one single key used for encryption and decryption operations.

Next, I'd rather differentiate cryptographic standards and algorithms vs. cryptographic systems. AES is a cryptographic standard. AES 128 is an AES cryptographic standard which indicates a 128 bit key is used for an AES cipher.

PGP is one of cryptographic systems which implements encryption / decryption functionality based on given cryptographic algorithms and compliant with specific cryptographic standards.

Having written so, it isn't accurate to compare PGP and AES - it is like comparing apples and oranges. Adapter modules PGPEncryption / PGPDecryption of SAP PI/PO use PGP cryptographic system to encrypt / decrypt messages, and implement / support several cryptographic standards and algorithms, AES-128 being one of them. So if you need to encrypt outgoing file with algorithm compliant to AES-128, PGPEncryption adapter module available in SAP PI/PO, shall fulfil this requirement.


Recipient (bank system) can use any cryptographic system (PGP or some other system) that implements AES-128 and that is capable of decrypting incoming files, it shall work fine.

Regards,

Vadim

Show replies
Show replies
Former Member
‎02-04-2016 6:20 AM
0 Kudos

Hi Vadim,

Thank you very much for detailed explanation. In my case it is asymmetric type.Hence,PI should encrypt it by AES128 in PGP module in receiver channel using the public key provided by them. The Bank will pick up the encrypted file from Intermediate server posted by PI to their system and user from bank should be able to decrypt it again by their own Cryptographic system[other than PGP].

Thanks,

Nithin.

praveenkva
Explorer
‎10-18-2022 7:05 AM
0 Kudos

Hi Vadim,

Is there any way to configure the Symmetric Encryption method in Sap PI 7.40 including digital signature. We have a requirement to send the Data to the Bank where in they requested to include the digital signature in the Payload and encryt the message so that that can decrypt the message using the Key.

Any insights would be greatly appriciated

Answers (5)

Answers (5)

Former Member
‎02-15-2016 10:53 AM
0 Kudos

Hi Vikas,

Thank you for the reply.

The requirement got changed, here I am using ICO to drag and drop the file from ECC NFS to FTP. They replied saying:

"We will provide the encryption utility in the form of java binary file(.jar) file and we need to call the jar file once the payment file is generated from their erp in order to encrypt the payment files "

Is it possible to encrypt the file using .jar ? or could it be done easily by ABAP team? or should I request them to provide me public key?

Thanks,

Nithin.

Show replies
Show replies
vicky20691
Active Contributor
‎02-15-2016 12:26 PM
0 Kudos

Hi Nithin,

Now I am not sure on this. We apply jar files in our java mapping.

As the utility is jar file it cnt be done in ABAP that easily. I think you should go ahead and suggest them that you can provide encryption using pgpEncryption module.

That way performance will be better by using SAP Standard modules and the goal will also be achieved without complications.

Regards,

Vikas

Former Member
‎03-03-2016 10:35 AM
0 Kudos

Hi Vikas,

Thanks for your response!

The client has given us a JAR file say if it is placed in some physical path, then I could call the JAR file by giving full path of the file including file name and could encrypt a file manually and generate it in the same folder where actual file is placed with file name starting with alphabet "e" followed by actual file name. But pls suggest to achieve it automatically using command line feature in SAP PI?

I could encrypt manually by using the command highlighted here in cmd  " Java –jar  <<name of the jar file>>.jar  <<full path of the file>> ". Now need to do the same using .sh file in Linux and call it in PI.

The highlighted excel file is the encrypted file produced after executing the commands in first screenshot in cmd manually. Can you pls help on the script and .sh files in Linux and example syntax to be given in the command line feature in PI receiver/sender channel. As explained above this is a drag and drop scenario I am not using mapping objects here.

Thanks,

Nithin.

Former Member
‎02-12-2016 11:52 AM
0 Kudos

Hi Experts,

When I requested the bank team to provide me the public key to implement the above scenario and also to be double sure enquired whether they need symmetric/asymmetric type of encryption? they replied as below:

"We are providing two layers of encryption.

    1. File encryption- we will use AES 128 bit encryption for encrypt the file which is a symmetric encryption.

    2. Later the file will be transferred through sftp which using RSA which is an asymmetric encryption. Client will share their public key and

        we configure at our end." 

Please find the attached snippet explaining process flow.My question is to Implement the interface they will provide the public key which will be used in PI to encrypt it and later they decrypt it using their private key but why do they need public key from sender in this scenario? or how is the bank interfaces designed generally, do they need PI to encrypt it or cuteFTP client installed on Windows machine will encrypt it before transferring it to the bank server in this case? If PI do not encrypt it I mean just drag and drop the file then what might the security consequences? Can you please help me in this regard.

Thanks,

Nithin.

Show replies
Show replies
vicky20691
Active Contributor
‎02-12-2016 3:28 PM
0 Kudos

Hi Nithin,

It is pretty straight forward

1. They will share public key with you and you will encrypt in AES 128 and send to them, they will decrypt it.

2. Later they have to send it some client (may be sender again as a confirmation copy or something) so they send it to them via sftp. In this you don't have to involved it is between those 2 parties whatever asymmetric/symmetric approach they use

What i understood is you have to do symmetric encryption in AES128 encryption that is all.

Regards,

Vikas

Former Member
‎02-05-2016 7:03 AM
0 Kudos

Hi Vikas,

Thanks for your time. As elaborated by Vadim, even though PI encrypts by PGP cryptographic system by public key of Bank using AES128 algorithm the user of Bank after file picked up from intermediate server should decrypt it using their own private key by following any cryptographic system other than PGP. Please find below comments :

1. Have the JCE updated for PGP to work?

-  No not yet, is it required for AES 128 also? I mean do we have any URL to check whether AES 128 is supported or not similarly like we do for blowfish url:   http://<host>:<port>/BC//VerifyJCE as per link

2. The intermediate location should not do any change or do any encoding on the encrypted file.

   -  Here, Intermediate server is just a physical server for PI to post the files and where the            schedulers are installed to transfer.

Thanks,

Nithin.

Show replies
Show replies
vicky20691
Active Contributor
‎02-05-2016 9:00 AM
0 Kudos

Hi Nithin,

1. Yes it is needed in case the PGP keys are more than 128bits. Now a days mostly banks have 256 bits keys. But you can confirm it. The JCE has nothing to do with protocol AES, DES etc. it is for the key size supported.

2. Then its fine the bank user will be able to decrypt without any problem.

Regards,

Vikas

Former Member
‎02-05-2016 9:29 AM
0 Kudos

Hi Vikas,

Thank you for your time, that clears my doubts.

-Nithin.

vicky20691
Active Contributor
‎02-04-2016 9:55 AM
0 Kudos

Hi Nithin,

As the public key is given by Bank to you thus they will have the private key to decrypt it. You use any algorithm to encrypt they will be able to decrypt it using private key.

1. Have the JCE updated for PGP to work.

2. The intermediate location should not do any change or do any encoding on the encrypted file.

Regards,

Vikas

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎02-03-2016 3:22 PM
0 Kudos

Hi Nithin,

When you talk about PGP there are 2 ways :

  • Symmetric:  For this you need to use a unique key (or call it as a password ) which is used for both encryption and decryption of data.
  • Asymmetric : in this case key( certificates/private/public key ) are shared  between parties which is used for encryption(public) and decryption(private).

in you case i guess the Bank is asking to encrypt with AES with symmetric method in which case their would be no exchange of certificates only you need to decide a unique key (password) and share the same with bank and they decrypt it . Better get a confirmation on this with them first.

Br,

Manoj

Show replies
Show replies
Former Member
‎02-04-2016 6:28 AM
0 Kudos

Hi Manoj,

Thanks for your time, in my scenario it is asymmetric type.

Thanks,Nithin.

Ask a Question