Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encrypt and Decrypt in ABAP with Advanced Encryption Standard (AES)

dirkhopf
Discoverer

‎01-28-2008 3:21 PM

0 Kudos

Hi,

is it possible to decrypt/encrypt a string with Advanced Encryption Standard (AES) in ABAP.

Regards,

Dirk

7 REPLIES 7

Former Member

‎01-29-2008 4:48 AM

0 Kudos

Hi there - try this link :

http://www.sap-img.com/abap/function-module-for-encryption-and-decryption.htm

Hope this helps.

Sam

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎01-29-2008 2:57 PM

0 Kudos

As you certainly know, cryptography is subject of export control.

That's why you need to obtain a "download approval" before you can obtain the SAPcryptolib from the [SAP Service Marketplace|http://service.sap.com/swdc].

SAPcryptolib offers cryptographic services for SSL, SNC and SSF - but no plain algorithms.

Maybe it would help if you could elaborate the intended use case in more detail.

Cheers, Wolfgang

dirkhopf
Discoverer

‎01-30-2008 7:43 AM

0 Kudos

Some further details of the use case:

- There is an IBM portal with single sign on for the users.

- In R/3 is a small Business Server Page application implemented.

- The BSP application is called from the portal via URL. This URL has as parameter the encrypted "import" parameters. I have to decrypt the URL parameter to select the requested data and display it via Business Server Page in the web browser.

- The encryption is made with AES.

Because of this I search especially information about decryption with AES (symmetric).

Regards

Dirk

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to dirkhopf

‎01-31-2008 9:41 AM

0 Kudos

I'm sorry - but I have to repeat: there is no support for any "plain" cryptographic algorithm in the product.

I propose that you develop a tiny RFC server which provides this decryption functionality and call it from the ABAP backend. Using SNC for the RFC communication will allow you to verify (at the external RFC server) that the RFC client request was indeed originated from the ABAP backend. Without such check you'll be vulnerable (because just anyone could use the provided AES decryption functionality ...).

The usage of an external RFC server might also have the advantage that only the RFC server has to have access to the AES key (required to perform the decryption). Otherwise you'd have to think about how to store that key in a secure way in the ABAP backend / database (notice: you cannot simply make use of the "secure storage" service provided by the ABAP system).

dirkhopf
Discoverer

‎03-05-2008 7:59 AM

0 Kudos

Like Wolfgang Janzen wrote:

It seems that there is no implementation of AES in ABAP at the moment.

The customer decided to do it in another way.

Thanks.

Dirk Hopf

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to dirkhopf

‎03-05-2008 8:28 AM

0 Kudos

> 

> Like Wolfgang Janzen wrote:
> It seems that there is no implementation of AES in ABAP at the moment.
> Dirk Hopf

Well, unless the law changes, there will be also no support for AES (or any other cryptographic algorithm) in the future. Notice: this is no technical constraint but a limitation due to export control regulations (which do not only effect SAP).

larshp
Active Contributor

‎07-12-2019 7:10 AM

0 Kudos

See https://github.com/Sumu-Ning/AES