cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP PI 7.3 (dual stack): ASC Key Pair Deployment

Go to solution
arkesh_sharma
Active Participant

on ‎10-06-2016 1:25 PM

0 Kudos

Hi Experts,

I have received encryption/decryption keys (with .ASC extension) from Business and now I need to deploy them on the dual stack of SAP PI 7.3.

I need to know the following:

1. Which Key Store do I need to choose - TrustedCAs or SFTP or TicketKeyStore ?

2. What will be the Entry Type - X.509 Certificate or PKCS #12 Key Pair or PKCS #8 Key Pair ?

I would really appreciate your help in this regard.

Regards,

Arkesh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

apu_das2
Active Contributor
‎10-06-2016 1:34 PM
0 Kudos

Hi Arkesh,

Import this in key store view TrustedCAs with decoding format X.509. If you want you can create your own key store view as well, but better to import in the default trusted one.

Thanks,

Apu

Show replies
Show replies
arkesh_sharma
Active Participant
‎10-06-2016 1:45 PM
0 Kudos

Hi Apu,

Thank you for your response.

I just wanted to clarify this once more as it is causing confusion to me.

For the entry type I understand that since I am deploying a public-private key pair, it should be either PKCS #12 key pair or PKCS #8 key pair.

Kindly confirm on this once more.

Regards,

Arkesh

GauravKant
Contributor
‎10-06-2016 1:56 PM
0 Kudos

Hi Arkesh,

You can select the entry type depending on your own requirements.

PFB blog for this.

Regards,

Gaurav

manoj_khavatkopp
Active Contributor
‎10-06-2016 2:15 PM
0 Kudos

Arkesh,



1. Which Key Store do I need to choose - TrustedCAs or SFTP or TicketKeyStore ?


2. What will be the Entry Type - X.509 Certificate or PKCS #12 Key Pair or PKCS #8 Key Pair ?

None of these.

The .asc keys are nothing but PGP keys , this is not supposed to be installed in NWA . even though you want you will get an error because NWA doesn't support PGP keys.

To confirm the file is of PGP key only open in notepad , you see the content like below .



-----BEGIN PGP PUBLIC KEY BLOCK-----


Version: BCPG C# v1.6.1.0






mQENBFf2T8kBCADZCv/upo7kvCH/nS5sVzdyLnkyN6DAMz/K/ODmyTu/OBlA4aco


kV+ETUR8rs/ujgIR6WqrOY7SRR6xjgd6eiDQP73dXZxOwZb776hlYCXtLTA84U+n


A/Kp/0zLYidgcRR9cdaelQWjRKiPXV7RR5HClsIx49NyixMcPuXnyLPUX4qmvCNX


RmPno2TeFN9q1yhwYXm1hV+9MxxDtQImCfOWls2cMQAsKPkKOLPEbewjQBlBgf2S


BOBzh4zQ++xCiZcZ4gPZiz81V/VHgWo1K6A7+cjGSnb0oH6Vlfrg0ADz3q9/wXal


gcFyhK+Wv7YKMGKOFoDpaeyuERoBKF8fL2m/ABEBAAG0DXRlc3RAdGV0cy5jb22J


ARwEEAECAAYFAlf2T8kACgkQVD2DinYygqEZoAf+OodgMfe0tAa3Ea9TY5TcOzXt


8KsJtpNpQdYj02ifHpvhO20FXrSqCNZG7XeoJ1HYCmqwEIJHIbhfMaBOIzyVkco8


0gn7756tzyV+ftSQ38UsNm30AsUEYrdSSvRzVywhf6tibLLTyq7UKlxuKLp+4b7p


xpjySVRbMzSZQesQCPRb5nMAeWnLanKvoGHIVkPUuHs95vxhIgz6pSA/7LPY+MCl


IoadWonXePOW5BoIRroVKP0+FepXjGX4b7Qt0q3hwS2AB3H0DPeLTOfoWc7c7kQT


4bwbEDMFbf9yTHR9HFEMPxUGjXWPlT3uDdaiwcBxr8hL8PUlcy1zi1Fsn12hXQ==


=syWf


-----END PGP PUBLIC KEY BLOCK-----

If you have B2B Cockpit you need to import there or else you need to save them in your OS level folders and then call these keys in the module for encryption/decryption.

br,

Manoj

arkesh_sharma
Active Participant
‎10-06-2016 2:30 PM
0 Kudos

Thank you for your time Gaurav.

I have already gone through the content in the link you provided but that didn't answer my question. Hence, I started this thread.

arkesh_sharma
Active Participant
‎10-06-2016 3:12 PM
0 Kudos

Hi Manoj,

Thank you for taking time out and providing me the details.

It would be helpful for me if you can provide some details/ link on how to deploy the ASC format keys on the PI system via B2B Cockpit.

I could see from the link that you provided that -

"By default, the keys can be placed under the path usr/sap/<System ID>/<Instance ID>/sec. But in case you want to use a different path, then use the parameter keyRootPath to define your custom path."

Regards,

Arkesh

manoj_khavatkopp
Active Contributor
‎10-06-2016 3:31 PM
0 Kudos

Hello Arkesh,

Is the content of .asc file begins with Begin PGP ??

If you have B2B Cockpit then chekc below screenshot.

Navigate to toolkit using the URL http://host:port/b2bic

If you dont have B2B Cockpit then you can ask your basis guy to deploy the file in folder  usr/sap/<System ID>/<Instance ID>/sec.

and do chekc this thread to check if have PGP modules in your system or not :

Br,

Manoj

Answers (0)

Ask a Question