cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cryptography with SAPCRYPTOLIB

Former Member

on ‎10-19-2006 12:22 PM

0 Kudos

Hi Folks,

Anyone have experience with SAPCRYPTOLIB?

The point is, my client have a XI that receives messages via HTTPS from a Web Service. The XML payload has some elements encrypted and I want unencrypted!!!

Anyone knows how to work with this library?

Thanks in advance,

Ricardo.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎11-13-2006 1:23 PM
0 Kudos

My solution ->

Regards, Ricardo.

Show replies
Show replies
Former Member
‎10-19-2006 1:25 PM
0 Kudos

As far as I know, the sap cryptolib is only intended to handle the adapters protocol specific encryption.

It sounds like you have some kind of double encryption going on where you have one or two specific nodes encrypted before sending.

If this is the case and you want to decrypt a field or two using some standard algorithm you could use an external library like the one from legion of the bouncy castle.

Cheers

James

Show replies
Show replies
henrique_pinto
Active Contributor
‎10-19-2006 2:50 PM
0 Kudos

You have already received the message through SSL and it's still encrypted, is that the case?

If so, you need to know which encryption the sender used in order to undo it. You can do it through standard functions (Message Layer Security/WebService security) or java mapping/adapter module.

Henrique.

Former Member
‎10-19-2006 4:54 PM
0 Kudos

Hi Henrique,

Thanks, but is not the case!

The point is: I receive a message via https from a web service. But into the payload, some elements are encrypted by TDES algorithm and these elements are stored in a XI table.

I would like to know how I can decrypt these table fields. The idea is develop an abap report that calls a function to decrypt these fields. But I don’t know which classes I have that can set TDES algorithm to decrypt data.

Anyone knows or have some ideas on how I can do something like that?

Thanks again,

Ricardo.

henrique_pinto
Active Contributor
‎10-19-2006 8:01 PM
0 Kudos

Why can't you use the TDES algorithm in a adapter module or mapping? Probably there's some java API which decrypts it.

Regards,

Henrique.

Former Member
‎10-20-2006 2:17 PM
0 Kudos

Have you tried as I suggested in my second post? There are API's out there specifically to do these kind of things. You're working with field level encryption and I'd suggest handling this in the mapping using a custom function with a call to an API.

James.

p.s. Please mark helpful posts.

Former Member
‎10-20-2006 2:48 PM
0 Kudos

Hi James,

Thanks a lot for your answers.

The encrypted fields are stored in tables of a Business Sys (SAP ERP). It is not supposed decrypt them during XI mapping, but after that, in an ERP backend sys. So, I need to use SSF (Secure Stored & Forward) functions to decrypt the encrypted fields.

I don’t have any experience with this kind of secure ABAP programming! If you or anyone has, let me know

P.S. points rewarded

Regards,

Ricardo.

Former Member
‎10-20-2006 3:33 PM
0 Kudos

From what I can make out:

You have a block of fields, all encrypted together (i.e. you cannot tell by looking where one field ends and another field begins).

You're not able to decrypt in XI, only the end system.

You want to map the fields from within the encrypted blob.

This seems to be a conflict? If you need to decrypt to manipulate, then you end up with a man-in-the-middle scenario which wouldnt be end-to-end secure. What you'd need is something like:

<some>

<structure>

<field1>

EnCrYpTeD DaTa

</field1>

<field2>

EnCrYpTeD DaTa

</field2>

But then of course you'd be limited to just direct field to field mappings.

Do you have a sample?

James.

Former Member
‎10-20-2006 4:51 PM
0 Kudos

Hi James,

I don't have any sample at the moment. I'm studying the case and trying to find the better way to handle this issue.

I promise, when I have a sample, I will show you and we will discuss this subject again.

Thanks a lot

Regards, Ricardo.

Former Member
‎11-02-2006 1:33 PM
0 Kudos

Hi James,

Forget the XI, the idea is: My client receive messages in XML format, some of the fields are encrypted with algorithm Triple-DES. This information is stored into a Z table of a SAP ERP 2005. The idea is develop an ABAP report that reads this table and decrypt the encrypted fields.

I know that algorithm Triple-DES is a symmetric algorithm and the same key is used to encrypt and decrypt. All information that I read in SAP help about SSF programming is about public key technology… I think that I don’t need to implement the Public Key Infrastructure, but only a simple private key infrastructure.

I would like to use SSF programming to develop this report and I just read the SSF programming guide. I don’t know if I need to use all the functions that it has because the encryption process is already done (the infrastructure is also defined) and all I need to do is the inverse process (decrypt).

I have some questions:

In which place is safe to save the private key? On a table, file, into WAS?

Which extra configurations I need to do to start my ABAP report?

Which functions of a SSFG function group I need to use? Like I said before I think that I only need to decrypt the encrypted data, so it means only a SSF_DEVELOPE function is necessary?

Thanks a lot for your help.

Regards,

Ricardo.

Ask a Question