Skip to Content
author's profile photo Former Member
Former Member

PGP Encryption SAP PI 7.3- File Adapter error

Hi,

I am trying to encrypt a file using standard PGP encryption module provided by SAP . I stuck up at soem point where the channel shows error while encrypting the file.

Error info :

PGP Encryption Module : could not process message, Internal PGP Error (org.bouncycastle.openpgp.PGPException: exception encrypting session key)

I searched the blogs below:

http://scn.sap.com/thread/3225517

http://www.didisoft.com/wp-content/uploads/OpenPGP_Java_2_4.pdf

These 2 blogs says about updating the latest JCE policies, but I have checked and our server have the latest JCE policies .

But we are still facing the same issue. Could you please help me in solving this issue. Thank you.

Regards,

Kiran

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Dec 18, 2013 at 11:16 AM

    Hi Kiran,

    Did you find a solution to this issue? I had the same problem in our Dev and QA environment. I was able to solve the problem in our Dev environment by redeploying the PIB2BPGP component. But this didn't work in QA.

    I have also checked the JCE version, and it is correct and aligned in all environments.

    Hoping for good news.

    Regards,

    Emil

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      I thought I would do a follow-up, in case others someday face the same issue.

      Interesting enough, the problem in our case was indeed the JCE files. When doing a standard installation using SAPJVM, you will have installed the following files:

      local_policy.jar

      US_export_policy.jar

      BUT!! in a SAPJVM installation, only the US_export_policy.jar is unlimited. The local_policy.jar is still limited. I checked this by adding the local_policy.jar files to a java project in NWDS and then check the MANIFEST.MF file:

      Manifest-Version: 1.0

      Created-By: 1.6.0-rc (Sun Microsystems Inc.)

      Crypto-Strength: limited

      Name: exempt_local.policy

      SHA1-Digest: 1UkwMAnKbHaX2CkqWE5ZOpCbvTo=

      Name: default_local.policy

      SHA1-Digest: AcamqLZm8lRSljqbbjP5l8KvKqA=

      So you will still have to update this file even if it already exist. Check the locations in this blog:

      http://scn.sap.com/community/b2b-integration/blog/2012/07/12/b2b-adapters--updating-to-jce-unlimited-strength-jurisdiction-policy

      SAP released a nice application for checking the JCE settings in note:

      1915999 - Verify JCE Unlimited Strength Jurisdiction Policy and fixes

      This is part of the PIB2BPGP SP1 patch 2 - It specifies that you can check your JCE settings here:

      Go to http://<host>:<port>/BC/VerifyJCE

      BUT 2!!! For some reason this JCE verification application is not available if you have upgraded the PIB2BPGP component to SP2 patch 0. ??

      Hope this proves helpful to someone. It did cost us some pain to get there.

      Regards,

      Emil

  • author's profile photo Former Member
    Former Member
    Posted on Dec 03, 2015 at 11:07 AM

    Hi All,

    Is PGPEncryption module supported in NFS protocol?

    -Nithin.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 04, 2015 at 01:57 PM

    Hi Kiran,

    Just resolved this issue in UAT environment yesterday.

    Blindly follow the following link as pointed by Emil

    B2B Adapters - Updating to JCE Unlimited Strength Jurisdiction Policy

    Download the version 6 assuming you are using SAP PI 7.31/ SAP PI 7.4 single stack . For SAP PI/PO intallation only 2 locations will be available-


    \usr\sap\<SID>\J<XX>\exe\sapjvm_6\jre\lib\security

    \usr\sap\<SID>\SYS\exe\jvm\NTAMD64\sapjvm_<Version>.<Patch>\sapjvm_<Version>\jre\lib\security


    If you do not update on both the locations even after restart the changes will not take effect. To Verify the changes just go to


    http://<host>:<port>/BC//VerifyJCE


    and then you should see the following screen


    image.png (65.8 kB)
    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.