In this post I’m going to show how to configure an interface with SAP PO to encrypt and decrypt a file using a PGP (Pretty Good Privacy).
Creating a key pair
Open the PGP Tool web site (https://pgptool.org), in Generate PGP Keys and complete the form with the required fields to create a new key pair and donwload the keys (public and private).
I’ve saved the files as ‘PGPprivate.key’ and ‘PGPpublic.key’, both files must be uploaded to SAP PO. Open the PGP Secure Storage (http://<host>:<port>/PGPSecureStore) and upload both keys.
Create an Integration Flow to encrypt the file
For this example I’ve created a simple iflow without Message Mapping, from the sender side is using a Sender Communication Channel (File/SFTP) to take the file, and the receiver side is using another Receiver Communication Channel (File/SFTP) to deliver the encrypted file.
Open the receiver channel and go to Modules tab, into the Process Sequence add the module 'localejbs/PGPEncryption' before of '/localejbsModuleProcessorExitBean' and add the next parameters in Module Configuration:
| Parameter Name | Parameter Value | |:---------------------|:-----------------------------------------------------------------------------------| | applyCompression | none | | applyEncryption | true | | applySignature | true | | asciiArmored | false | | dynamicFileName | FileName | | dynamicFileNamespace | FileName. | | dynamicNamespace | http://sap.com/xi/XI/System | | encryptionAlgo | AES_128 | | format | binary | | ownPrivateKey | PGPprivate.key | | partnerPublicKey | PGPpublic.key | | pwdOwnPrivateKey | Passphrase | | signingAlgo | SHA1 | | useSecureStore | true | | JNDIName | deployedAdapters/com.sap.aii.adapter.sftp.ra/shareable/com.sap.aii.adapter.sftp.ra |
This is an screnshot of the receiver channel configuration:
Save the changes, activate the iflow and deploy it.
Testing file encryption
When the iflow is executed, these entries must be showed into the Message Log:
And this is the result, the left side shows the input file and another side the output file signed and encrypted.
Create an Integration Flow to dencrypt the file
Similar to first iflow, create a new one without Message Mapping and create both SFTP channels:
Open the sender channel and go to Modules tab and add the 'localejbs/PGPDecryption' into Process Sequence before of 'localejbs/CallSapAdapter' and add the next parameters in Module Configuration.
| Parameter Name | Parameter Value | |:-----------------|:-------------------| | ownPrivateKey | PGPprivate.key | | partnerPublicKey | PGPpublic.key | | pwdOwnPrivateKey | Passphrase | | useSecureStore | true |
This is an screnshot of the sender channel configuration:
Testing file dencryption
Execute the iflow using the previous encrypted file, into the Message log shows the succesfully result:
In the PIMON the message can be opened to validate their content:
That’s all, bye =)
Jaehoo Weblog 