cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PGP Encryption/Decryption

Go to solution
Former Member

on ‎07-12-2012 3:14 PM

0 Kudos

Hello,

We have purchase AEADAPTIVE and uses their PGP modules for sending the files to third party.

For an encryption scenario, the third party has given their public key to us.

Please clarify me my understanding.

I assume we use their public key to encrypt the file and send it to them.

The third party will use their private key to decrypt the data sent by us.

In this, do we need to send our public key to the third party ?

I am a bit confused.

Regards

Anandh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-20-2012 9:57 AM
0 Kudos

Hi Anand,

Got it. You didn't use the module two times. Here is the approach. In the module list, use the encryption module 2 times.

1) localejbs/PGPEncryption, encryptAES

2) localejbs/PGPEncryption, encryptBlowFish

In the Module Configuration

encryptAES, encryptionAlgo = AES_256

encryptBlowFish, encryptionAlgo = BLOWFISH

This should work as expected. I would request you to try this appraoch in your test landsacpe by generating 2 different dummy key pairs. Link : http://wiki.sdn.sap.com/wiki/display/XI/Generating+ASCII+Armored+PGP+Key+Pairs

Thanks,

Siva

Show replies
Show replies
Former Member
‎08-20-2012 10:35 AM
0 Kudos

Hi Siva,

Apologize for not updating the case scenario. The vendor has agreed with us to encrypt the file either with blowfish or aes. Hence, I have updated the module BLOWFISH only.

I just want to make sure whether the module parameters used is correct.   I have used pgp keymanager where initiall i generated the public keyring and added the vendor certificate into it and signed it.

I am not sure whether it is mandatory to sign it or not.

Regards

Anandh.B

Former Member
‎08-20-2012 10:40 AM
0 Kudos

Hi Siva,

The one another confusing thing is assuming the partner has forwarded his public certificate.

Is it mandatory for us to add it in our public keyring and use it or can i directly refer the .asc in the module.

What is the difference between those?  I can see in your document that you have referred the partners public key directly as .asc.

Regards

Anandh.B

Former Member
‎08-20-2012 11:06 AM
0 Kudos

Hi Anandh,

  • Signing is optional
  • If you are encrypting the data, you need partner's public key in the key rings
  • .asc is a ASCII Armored format of the key ring (and it's an optional)
  • For the correctness of the module parameters, you have to verify against the product documentation.

A simple question again, Are you using SAP's PGP module (or) AEADAPTIVE's PGP module?

Thanks,

Siva

Former Member
‎08-20-2012 11:16 AM
0 Kudos

Hello Siva,

Thanks!  I am using PGP module provided by AEDAPTIVE and has checked the product documentation as well.

The file is getting encrypted without any issues as i checked the logs in adapter module.

Just want to reassure the basic concepts on this.

For AEDAPTIVE, providing the encryption algorithm is mandatory whereas for sap it is not.  I assume adding the partners public key into our key ring is same across all PGP vendor modules.

Regards

Anandh.B

Former Member
‎08-20-2012 11:51 AM
0 Kudos

You are correct. For SAP, if you didn't provide it will use 'CAST5' as a default

Thanks,

Siva

Answers (4)

Answers (4)

Former Member
‎07-31-2012 9:09 AM
0 Kudos

Hi,

I am not sure whether this is something unusual.  Our third party had asked me to encyrpt the file twice before sending using AES_256 and BLOWFISH.

I am not sure whether we can provide two algorithms in the same communication channel module. The other alternative would be to use NFS with one algorithm and another channel to pick up the same file with another algorithm.

Regards

Anandh

Show replies
Show replies
Former Member
‎07-31-2012 9:12 AM
0 Kudos

Very Simple. Can you try using the encryption module twice in the same communication channel?

Thanks,

Siva

Former Member
‎07-31-2012 10:19 AM
0 Kudos

Hi,

Have you look at the below link which supports algorithm which you are looking for.

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0956fc4-c48f-2f10-29ba-d2ea7ae4f...

Thanks

Chirag

Former Member
‎07-31-2012 2:05 PM
0 Kudos

Hi Siva,

I have already tried it and it picks only the last encryption algorithm given. I had given in two lines for AES and BLOWFISH and the channel log showed only BLOWFISH.

Regards

Anandh.B

Former Member
‎08-16-2012 10:23 AM
0 Kudos

Can you share the screenshot of the modules and it's parameter configuration?

Thanks,

Siva

Former Member
‎08-20-2012 9:48 AM
0 Kudos

Hello Siva,

Please find the screenshot.  Still the vendor mentions that he is not able to decrypt it.

We had added his certificate in our public key ring.

The recipient also is mandatory if we specify the encryption Algorithm as per aedaptive  guide.

r_s_kulkarni11
Participant
‎10-26-2012 3:06 PM
0 Kudos

Hello Anandhakrishnan,

For your question, yes in the Aedaptive module its compulsory to have a Encryption algorithm or else the file will not be encrypted.

I have implemented the PGP Aedaptive module in my current project also we have decryption module in place.

Thanks and regards,

Rahul

Former Member
‎07-24-2012 9:27 AM
0 Kudos

Hi,

I am still bit confused as the third party has asked our public key as well for decryption/autentication.

As Basker mentioned, the sender will use receipients public key for encryption and the receiver should use his private key for decryption. Why would he require senders public key? Is it for autentication?

Also, when we asked them the pgp algorithm, they just gave the public key, should i be checking the algorithm in the public key. Please guide on this.

Show replies
Show replies
Former Member
‎07-24-2012 9:32 AM
0 Kudos

Hi,

Your partner will use your public key for following purposes

  • When they want to send an encrypted data to you (Since encryption is always done using receiver's public key)
  • If you have sent signed message (digital signature) to your partner and they wants to validate your signature.

Thanks,

Siva

Former Member
‎07-24-2012 11:26 AM
0 Kudos

Hi,

Using my partners key, i can able to see the key type as RSA_1. How do you i find the algorithm for this.

AEADAPTIVE supports the following algorithms.

AES_256

 

 AES_192

 AES_128

 TRIPLE_DES

 TWOFISH

 BLOWFISH

 CAST5

 DES

Regards

Anandh.B

Former Member
‎07-24-2012 11:34 AM
0 Kudos

Hi,

SAP Supports following key generation alorithms.

  • RSA
  • DSA
  • ELGAMAL

You can generate the key pairs using any one of the above alogrithms. For more details, you can refer http://scn.sap.com/community/b2b-integration/blog/2012/07/12/its-all-about-keys-secure-connectivity-...

Once the keys(Private & Public) are generated, you can use any one of the  symmetric alogrithms mentioned in the list. For more details you refer this article.

http://scn.sap.com/docs/DOC-28872

Coming back to your specific question,

You are using RSA keys and now you can use any of the algorithms in the given list.

Thanks,

Siva

Former Member
‎08-16-2012 9:42 AM
0 Kudos

Hi Siva,

For Aedaptive, it is mandatory for me to specify the algorithm name.

Since the partner's public key is based on RSA_1, do you mean I can use any of the algorithms mentioned in the list and the partner can able to decrypt it.

I referred your document and it does not mention any algorithm for encyrption.

Regards

Anandh.B

baskar_gopalakrishnan2
Active Contributor
‎07-12-2012 3:52 PM
0 Kudos

The usage of public key of recipient purely depends on who originates or starts the message.

In simple words during asymmetric cryptography, sender uses recipient public key to encrypt and send the message. The recipient on the other end uses his/her private key to decrypt the message. Hope this helps.  Similarly if the recipient wants to send the message to the sender, he uses recipient public key for encrypt. Though this is little bit confusing, you might want to read this link. BTW, if you see Shab's link you will not that we dont need to purchase this in the later versions.

http://searchsecurity.techtarget.com/definition/asymmetric-cryptography

Show replies
Show replies
MichalKrawczyk
Active Contributor
‎07-12-2012 3:32 PM
0 Kudos

Hi,

Please have a look at the same configuration for SAP standard adapter modules:

http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/04/10/pgpencryption-module-how-to-guide

in Shabz's blogs

there is no need to buy any additional things to make them run,

Regards,

Michal Krawczyk

Show replies
Show replies
Former Member
‎08-24-2012 2:25 PM
0 Kudos

Sometimes there is a reason to not use the new SAP PGP module.

You know... when encrypting the message with the SAP PGP module f.e. when using the file/sftp adapter and write it to a file f.e. called testfile.csv.pgp and the receiver doesn't use PI for message processing, but PGP on command line or GUI the file he decrypts wont be called testfile.csv (just stripped of the .pgp file extension as expected), but a new file will be created with a filename of the message-id.

In some cases this is totally unacceptable and therefor you need to use other modules or even shell scripts, especially in file to file scenarios where the decrypted filename cannot be the SAP message-id.

Btw. anyone knows a way to prevent the module to use the message-id as filename to be encrypted?

Regards,

Peter Hermanns

Former Member
‎10-11-2012 9:26 AM
0 Kudos

Based on a dialogue with SAP via OSS, SAP has confirmed that there is a limitation in the current release of PI B2B ADDON 1.0 for the PGP modules as documented above by Peter Hermanns. The source filename gets converted into a message-id due to the SAP module PGPEncryption

However something to look forward, SAP has confirmed that they would be fixing this issue in the next patch due for release in December 2012 , Support Package, SP01 of PI B2B ADDON 1.0

Regards,

Sajay

Former Member
‎10-26-2012 2:37 PM
0 Kudos

SAP has released this note for the problem reported

Note 1779483 - SAP PGP Module: Message ID is used instead of the file name

Ask a Question