on 10-19-2006 12:22 PM
Hi Folks,
Anyone have experience with SAPCRYPTOLIB?
The point is, my client have a XI that receives messages via HTTPS from a Web Service. The XML payload has some elements encrypted and I want unencrypted!!!
Anyone knows how to work with this library?
Thanks in advance,
Ricardo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As far as I know, the sap cryptolib is only intended to handle the adapters protocol specific encryption.
It sounds like you have some kind of double encryption going on where you have one or two specific nodes encrypted before sending.
If this is the case and you want to decrypt a field or two using some standard algorithm you could use an external library like the one from legion of the bouncy castle.
Cheers
James
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You have already received the message through SSL and it's still encrypted, is that the case?
If so, you need to know which encryption the sender used in order to undo it. You can do it through standard functions (Message Layer Security/WebService security) or java mapping/adapter module.
Henrique.
Hi Henrique,
Thanks, but is not the case!
The point is: I receive a message via https from a web service. But into the payload, some elements are encrypted by TDES algorithm and these elements are stored in a XI table.
I would like to know how I can decrypt these table fields. The idea is develop an abap report that calls a function to decrypt these fields. But I dont know which classes I have that can set TDES algorithm to decrypt data.
Anyone knows or have some ideas on how I can do something like that?
Thanks again,
Ricardo.
Hi James,
Thanks a lot for your answers.
The encrypted fields are stored in tables of a Business Sys (SAP ERP). It is not supposed decrypt them during XI mapping, but after that, in an ERP backend sys. So, I need to use SSF (Secure Stored & Forward) functions to decrypt the encrypted fields.
I dont have any experience with this kind of secure ABAP programming! If you or anyone has, let me know
P.S. points rewarded
Regards,
Ricardo.
From what I can make out:
You have a block of fields, all encrypted together (i.e. you cannot tell by looking where one field ends and another field begins).
You're not able to decrypt in XI, only the end system.
You want to map the fields from within the encrypted blob.
This seems to be a conflict? If you need to decrypt to manipulate, then you end up with a man-in-the-middle scenario which wouldnt be end-to-end secure. What you'd need is something like:
<some>
<structure>
<field1>
EnCrYpTeD DaTa
</field1>
<field2>
EnCrYpTeD DaTa
</field2>
But then of course you'd be limited to just direct field to field mappings.
Do you have a sample?
James.
Hi James,
Forget the XI, the idea is: My client receive messages in XML format, some of the fields are encrypted with algorithm Triple-DES. This information is stored into a Z table of a SAP ERP 2005. The idea is develop an ABAP report that reads this table and decrypt the encrypted fields.
I know that algorithm Triple-DES is a symmetric algorithm and the same key is used to encrypt and decrypt. All information that I read in SAP help about SSF programming is about public key technology I think that I dont need to implement the Public Key Infrastructure, but only a simple private key infrastructure.
I would like to use SSF programming to develop this report and I just read the SSF programming guide. I dont know if I need to use all the functions that it has because the encryption process is already done (the infrastructure is also defined) and all I need to do is the inverse process (decrypt).
I have some questions:
In which place is safe to save the private key? On a table, file, into WAS?
Which extra configurations I need to do to start my ABAP report?
Which functions of a SSFG function group I need to use? Like I said before I think that I only need to decrypt the encrypted data, so it means only a SSF_DEVELOPE function is necessary?
Thanks a lot for your help.
Regards,
Ricardo.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.