loading

PGP (Pretty Good Privacy) in SAP PI/PO using Secure Connectivity Add-on

SAP PGP in SAP PI/PO

 

When developing SAP PI/PO interfaces, one might come across a requirement to provide a more secure way of sending messages back and forth. Especially, when setting up communication with banks, you want to ensure files send to bank reach their destination with original content. We want to be sure nobody modified details of our payment. This requirement can be met with use of PGP (Pretty Good Privacy) software, provided with SAP PGP module and adapter modules it provides. The idea behind PGP is to encrypt the message in such a way that only the intended recipient can decrypt it?s content. This is achieved using shared keys.

In the example below, we use Secure Store feature to store encryption/decryption keys, however, SAP PI/PO file system can be used as well.

 

B2B Integration Cockpit

On the screenshot above we can see three keys imported into PGP Secure Store:

  • Own pair of keys (they can be generated with publically available software)
  • Public key that we share with third party (?LOCAL_PUBLIC?)
  • Private key we keep to ourselves (?LOCAL_PRIVATE?)
  • Public key provided by the third party (?3rdParty_PUBLIC?)

 

Sender Communication Channel

 

Now we can configure our communication channels to implement PGP security with provided adapter modules.

First, let?s set up decription for messages we receive from third party. For this purpose, we use ?localejbs/PGPDecryption? module in our sender communication channel:

  • ownPrivateKey ? name of our private key in Secure Store
  • partnerPublicKey ? name of third party public key as maintained in Secure Store
  • pwdOwnPrivateKey ? password to our private key (the password is set as part of key generation process)
  • useSecureStore ? indicates if we use Secure Store or file system

 

Sender Communication Channel

 

Receiver Communication Channel

 

In order to send out encrypted messages to third party, use ?localejbs/PGPEncryption? adapter module in our receiver channel and configure following parameters:

  • applyEncryption
  • applySignature- true if recipient expects the message to be signed
  • encryptionAlgo – algorithm used for encryption
  • format ? text or binary
  • ownPrivateKey – name of our private key in Secure Store
  • partnerPublicKey – name of third party public key as maintained in Secure Store
  • pwdOwnPrivateKey – password to our private key (the password is set as part of key generation process)
  • useSecureStore – indicates if we use Secure Store or file system for the keys

 

Receiver Communication Channel

 

Learn more!

 

For more details on additional parameters and allowed values, you can visit website below: https://help.sap.com/viewer/5336c62e683348a8886ff7ef4b15c40f/1.0.5/en-US/08d47f0c5abd4f4f9d0b167ff693b1a7.html

SAP Integration consultant with experience in SAP integration techniques (SAP PI/PO) and ABAP programming. Involved in several international projects. Knowledge of SAP Sales and Distribution, Material Management, Human Resources and Project System. Skilled at variety of tools and development techniques including OOP in ABAP, Enterprise Services, Proxy, BPM, ALE and EDI, Netweaver Gateway OData, HCP, Fiori, SAPUI5 and Sap Mobile Solutions.Well experienced and up-to-date with SAP integration techniques. Strong teamwork skills.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

INT4
ul. Bednarska 1
60-571 Poznan, Poland

 

office(at)int4.com

Write to us