Skip to Content

Signing and Encrypting using Bouncy castle libraries

Hi Experts ,

I'm using CPI as a middleware to send data to a Bank server via SFTP .

The payload should be singned first and then encrypted . However as per the standard PGP encryptor in CPI , It encrypts first and then signs . Therefore target system is unable to decrypt it as it isnt signed first .

I came to know that using bouncy castle libraries , we can sign a payload first and then encrypt it in CPI .

Could anybody guide me on that as to what needs to be done in CPI and what libraries/codes need to be uploaded in the groovy script ?

Any pointors are appreciated .

Thanks ,

Nitheesh

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on Jun 26 at 09:27 PM

    Hi Nitheesh Cherrikkal,

    Basically you have to add a Groovy Script in your iFlow and configure it to use a Java library that will contain your own method implementing whatever you need using BC. That library must carry the BC embedded inside the jar file.

    To start you may create the Java project using maven like this:

    mvn archetype:generate -DarchetypeGroupId=org.codehaus.groovy.maven.archetypes -DarchetypeArtifactId=gmaven-archetype-basic

    Then follow the on-screen instructions.

    Once you have created it, you add the BC dependencies. It will highly depend on what you are trying to achieve with BC, but you may use the following to start with:

            <dependency>
                <groupId>org.bouncycastle</groupId>
                <artifactId>bcpg-jdk15on</artifactId>
                <version>1.65</version>
            </dependency>
            
            <dependency>
                <groupId>org.bouncycastle</groupId>
                <artifactId>bcprov-jdk15on</artifactId>
                <version>1.65</version>
            </dependency>
    

    Define the methods that you want to "export" as public - so you can later use them on the groovy script as your own library. The following is just a simple skeleton so you can understand it.

    public class PgpEncrypt {
    ...
      public static void encrypt(InputStream input, OutputStream outputStream
    ...) throws Exception {
    ...
      }
    }

    Upload the jar file and any other file to CPI using the CPI Cockpit --> iFlow --> Resources Tab

    Then you can add your groovy script to process the payload using your jar that contains the BC libs like so:

    import com.sap.gateway.ip.core.customdev.util.Message;
    import <your_java_lib_containing_your_class>.PgpEncrypt
    ...
    import ...
    
    def Message processData(Message message) {
    ...
      def input = message.getBody(InputStream.class);
      OutputStream output = new ByteArrayOutputStream();
      PgpEncrypt.encrypt(input, output);
      byte[] result =  output.toByteArray();
    ...
      message.setBody(result);
      return message;
    }

    Note1: Keep in mind that I am just giving you some guidelines on how to achieve what you need. But you have to develop your own logic to sign the encrypt the message using BC. So I suggest you start using a test driven development on your Java project and once you have everything in place, your groovy script can be used more eficiently.

    Note2: The PGP Public Key Ring and any other key files you require to perform the signing might not be available to you inside your groovy script. So, you may need to import them into the resources tab.

    Best regards,
    Ivan

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.