Skip to Content

PGP Encryption/Decryption Issue with Concur Interface via PI

I am working on establishing Interface connectivity with Concur. Can someone help me understand the technical details of a SFTP connection to Concur?

Specifically, we’re using SFTP to transfer files using PGP encryption. We have both inbound & outbound files & we’re not able to encrypt / decrypt files with Concur using SAP PI 7.40 (we receive an error message regarding “illegal key size”).

We need details regarding the PGP Keys that were created (algorithms, bit size, etc) that works with Concur?

We have already tried RSA/RSA 2048, and DSA/ElGamal 2048 + We also updated unlimited strength JCA Policy Files but nothing seems to work within PI but if we use same keys(Public/Private) to encrypt/decrypt message using some freeware tool or OS Command for encryption/Decryption, We are able to encrypt/Decrypt the messages.

Regards,

Amit Singh

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Oct 26, 2015 at 02:08 AM

    Hi Amit

    I think that the "illegal key size" error might be related to the unlimited JCE.

    Do verify that the JCE is updated correctly by accessing the URL below

    http://<host>:<port>/BC/VerifyJCE

    This is mentioned in SAP note 1915999.

    As mentioned in Step 4 in the blog below, make sure to restart the engine so that the JVM is updated.

    B2B Adapters - Updating to JCE Unlimited Strength Jurisdiction Policy

    Rgds

    Eng Swee

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Amit Kumar Singh

      Hello Amit ,

      Have you updated the JCE policy files at all the locations in your PI server?

      Step 3 in the link provides the locations where files need to be replaced. However , I found 4 locations in my PI server where these files were there. So ask your BASIS team to search for these files and replace at all locations.

      B2B Adapters - Updating to JCE Unlimited Strength Jurisdiction Policy

      Further , hope you had restarted your servers post the JCE update.

      Thanks.

  • avatar image
    Former Member
    Oct 26, 2015 at 07:37 AM

    Were the keys uploaded via some FTP/SFTP client ? Do not use any SAP tcode to upload the keys as the keys are corrupted.

    Nevertheless, the error is different in case the keys are corrupted but just a hint.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 26, 2015 at 09:33 AM

    Hi Amit,

    Kindly cross check the Certificate key size.

    what is the key size you are using Like 34 bit Or 64 bit. same you can cross check with your partner also .

    Both are sink.

    Regards

    Srinivas

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Srinu,

      We tried to work with various Key Size Certificates. We tested with 1024 and 2048.

      For Inbound Scenario -  Vendor encrypted the message with the Public Certificate (1024) of the respective Key Size and We are using the Private Certificate(1024) of same Key Size to decrypt the message.