We have purchase AEADAPTIVE and uses their PGP modules for sending the files to third party.
For an encryption scenario, the third party has given their public key to us.
Please clarify me my understanding.
I assume we use their public key to encrypt the file and send it to them.
The third party will use their private key to decrypt the data sent by us.
In this, do we need to send our public key to the third party ?
I am a bit confused.
Please have a look at the same configuration for SAP standard adapter modules:
in Shabz's blogs
there is no need to buy any additional things to make them run,
Sometimes there is a reason to not use the new SAP PGP module.
You know... when encrypting the message with the SAP PGP module f.e. when using the file/sftp adapter and write it to a file f.e. called testfile.csv.pgp and the receiver doesn't use PI for message processing, but PGP on command line or GUI the file he decrypts wont be called testfile.csv (just stripped of the .pgp file extension as expected), but a new file will be created with a filename of the message-id.
In some cases this is totally unacceptable and therefor you need to use other modules or even shell scripts, especially in file to file scenarios where the decrypted filename cannot be the SAP message-id.
Btw. anyone knows a way to prevent the module to use the message-id as filename to be encrypted?
Based on a dialogue with SAP via OSS, SAP has confirmed that there is a limitation in the current release of PI B2B ADDON 1.0 for the PGP modules as documented above by Peter Hermanns. The source filename gets converted into a message-id due to the SAP module PGPEncryption
However something to look forward, SAP has confirmed that they would be fixing this issue in the next patch due for release in December 2012 , Support Package, SP01 of PI B2B ADDON 1.0
The usage of public key of recipient purely depends on who originates or starts the message.
In simple words during asymmetric cryptography, sender uses recipient public key to encrypt and send the message. The recipient on the other end uses his/her private key to decrypt the message. Hope this helps. Similarly if the recipient wants to send the message to the sender, he uses recipient public key for encrypt. Though this is little bit confusing, you might want to read this link. BTW, if you see Shab's link you will not that we dont need to purchase this in the later versions.
I am still bit confused as the third party has asked our public key as well for decryption/autentication.
As Basker mentioned, the sender will use receipients public key for encryption and the receiver should use his private key for decryption. Why would he require senders public key? Is it for autentication?
Also, when we asked them the pgp algorithm, they just gave the public key, should i be checking the algorithm in the public key. Please guide on this.
Your partner will use your public key for following purposes
SAP Supports following key generation alorithms.
You can generate the key pairs using any one of the above alogrithms. For more details, you can refer http://scn.sap.com/community/b2b-integration/blog/2012/07/12/its-all-about-keys-secure-connectivity-b2b-add-ons
Once the keys(Private & Public) are generated, you can use any one of the symmetric alogrithms mentioned in the list. For more details you refer this article.
Coming back to your specific question,
You are using RSA keys and now you can use any of the algorithms in the given list.
For Aedaptive, it is mandatory for me to specify the algorithm name.
Since the partner's public key is based on RSA_1, do you mean I can use any of the algorithms mentioned in the list and the partner can able to decrypt it.
I referred your document and it does not mention any algorithm for encyrption.
I am not sure whether this is something unusual. Our third party had asked me to encyrpt the file twice before sending using AES_256 and BLOWFISH.
I am not sure whether we can provide two algorithms in the same communication channel module. The other alternative would be to use NFS with one algorithm and another channel to pick up the same file with another algorithm.
Got it. You didn't use the module two times. Here is the approach. In the module list, use the encryption module 2 times.
1) localejbs/PGPEncryption, encryptAES
2) localejbs/PGPEncryption, encryptBlowFish
In the Module Configuration
encryptAES, encryptionAlgo = AES_256
encryptBlowFish, encryptionAlgo = BLOWFISH
This should work as expected. I would request you to try this appraoch in your test landsacpe by generating 2 different dummy key pairs. Link : http://wiki.sdn.sap.com/wiki/display/XI/Generating+ASCII+Armored+PGP+Key+Pairs
Apologize for not updating the case scenario. The vendor has agreed with us to encrypt the file either with blowfish or aes. Hence, I have updated the module BLOWFISH only.
I just want to make sure whether the module parameters used is correct. I have used pgp keymanager where initiall i generated the public keyring and added the vendor certificate into it and signed it.
I am not sure whether it is mandatory to sign it or not.
The one another confusing thing is assuming the partner has forwarded his public certificate.
Is it mandatory for us to add it in our public keyring and use it or can i directly refer the .asc in the module.
What is the difference between those? I can see in your document that you have referred the partners public key directly as .asc.
A simple question again, Are you using SAP's PGP module (or) AEADAPTIVE's PGP module?
Thanks! I am using PGP module provided by AEDAPTIVE and has checked the product documentation as well.
The file is getting encrypted without any issues as i checked the logs in adapter module.
Just want to reassure the basic concepts on this.
For AEDAPTIVE, providing the encryption algorithm is mandatory whereas for sap it is not. I assume adding the partners public key into our key ring is same across all PGP vendor modules.
Have you look at the below link which supports algorithm which you are looking for.
For your question, yes in the Aedaptive module its compulsory to have a Encryption algorithm or else the file will not be encrypted.
I have implemented the PGP Aedaptive module in my current project also we have decryption module in place.
Thanks and regards,