on 02-15-2008 7:24 AM
Hey folks!
I am sending an XML request to a web service. The XML has to contain a password to be able to identify itself at the receiving side. I need to store the password in an ABAP table and from there extract it, put it into the XML and send it off without displaying the password before it is sent. The communication uses SSL with certificate and I cannot send the password encrypted as the receiver does not have any decryption methods.
What I am thinking is to encrypt the string in the table and decrypt it in the adapter module. The problem I see is that I don't know many encrypt/decrypt methods, and also how to decrypt in ABAP stack and then decrypt in Java stack.
Any experts in here done something like this before? Some input/help would be greatly appreciated...
Thanks!
mvh Ole
Edited by: Ole Mugaas on Feb 15, 2008 1:57 PM
I'm a little bit mean and edit this message to the top of the list ..:)
Hi,
I am not sure with your requirment,
May I kindly request you to elabortae your exact requirments so we could narrow down the suggestions if any.
As per subject line if you will be looking for security aspects, please refer below details
SSL Configuration
You need to setup SSL layer for HTTPS endpoint.
Possible HTTP security levels are (in ascending order):
HTTP without SSL
HTTP with SSL (= HTTPS), but without client authentication
HTTP with SSL (= HTTPS) and with client authentication
HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
● Server authentication
Only the HTTP server identifies itself with a certificate that is to be verified by the client.
● Client authentication
Additionally, the HTTP client identifies itself with a certificate that is to be verified by the server.
Please go through below link for referance (above information is from below link)
General guide
Message level security
Regarding message level you can encrypt the message using certificates.
For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
Check the following links.. you will get the information all about the securities...
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...
Also find soeminformation in these links
http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Step by step guide for SSL security
Thanks
Swarup
Edited by: Swarup Sawant on Feb 15, 2008 8:37 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey, thanks for answering!
All the requirements regarding SSL is ok.
My problem is that I need to decrypt an encrypted string in the File Adapter before it is sent to the receiver. This is to prevent anyone to see it if they try to debug the code og monitor the message...What I am looking for is a method that can encrypt the string in the table and a method that can decrypt the string in the adapter module. This method/algorithm has to comply with both ABAP and Java i guess, since I have to write the adapter module in Java...
I just put up the rest so that there would be no answers regarding how I am actually sending this...
Ole
Hi
Thanks for that! My requirement is still that the string (or whatever the dataelement i SAP table will be) needs to come encrypted to my proxy. I retrieve the dataelement from a table in my function module, and call the outbound proxy with this value. This means that the string must be encrypted in the ABAP environment and decrypted in Java environment. Is this possible with the PGP libraries?
The logic is all good and clear, but I cannot see that the method I use to encrypt the field in ABAP environment can be used to decrypt the field in Java environment. Are there any such method? Is it possible to use encoding for this, since encoding is something you can handle both within ABAP and Java..?
regards Ole
Hi ,,
send U r request to RFC adapter and it will send responce to soap ..The soap adapter has capability to take responce....
Is this is ur querry..If not let me know..
plz award points
thanq
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.