[SAP-CPI] USING PGP SECURITY TO PROTECT DATA EXCHANGE IN SAP CPI

CPI - Integration Scenarios, CPI - Tips & Troubleshooting, SAP CPI Leave a comment

Hi guys, in this article I want to share one more tip in CPI, that is PGP keys. First, kindly take a look diagram below

As you known in picture, all of thing which we need in scenario are

  • Create key pair and save private key (A) by yourself and send public key to partner. Partner will encrypt data by public key and send to your system (CPI). CPI will use private key to decrypt data.
  • Save public key (B) of partner in your system and use it to encrypt data which sent to system partner (B)

In SAP CPI, we will use PGP keys, PGP ENCRYPTOR, PGP DECRYPTOR to do this. OK let’s begin.

I. Create private key and public key

To do this, we will use software KLEOPATRA. you can download it over internet.

Click New Key Pair

Export public key

Export PGP private key

OK, public key and private key will be used in encryption and decryption data.

II. PGP Encryption

Scenario – Data plain text will sent by HTTPS adapter. In IFLOW, data will be encrypt by use component PGP ENCRYPTOR and send file XML to SFTP folder.

Step II – 1. Import PGP public key into PGP Keys

Step II-2. Design IFLOW with component PGP ENCRYPTOR

Step II-3. TEST by POSTMAN

III. PGP Decryption

Scenario – Receive data which encrypted before to IFLOW, use component PGP DECRYPTOR to decrypt data and send to backend

Step III-1. Import private key into PGP Keys.

Step III-2. Design IFLOW with component PGP DECRYPTOR

Step III-3. TEST by POSTMAN

This testing, kindly try by your self. Thanks.

IV. How to install many public key/private key in CPI

In PGP Keys of CPI, just allow add only one public key, if we add one more another public key, It will be overwrite. So, If we need add many public of many provider, how do we will do ?

The answer is very simple, we will add all public key into one file. And after that, add this file into CPI. This is steps

  • Add all public key into file
  • Add this file into CPI

NOTE

With private key, we need make sure all key have to the same pass phrase. If not, we will receive error when import into CPI.

SUMMARY

In this article, we worked together to understand and config PGP keys in SAP CPI. In fact, this configured will be a small part in big picture of data protection over un-secure network. Thanks for your reading and any advise, any discussion or any another blog about SAP CPI, SAP BTP… kindly leave your comment on this. I love CPI. Thanks

JOSEPH.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.