Skip to Content

PGP Decryption Error: File is no valid PGP Message, could not apply decryption.

Hi Experts,

I have received both public and private keys from business and they are of type RSA-4096 with .ASC extension. The keys are generated by the business using a tool called GPG Keychain on a Mac machine. The keys are deployed on the server in the standard path - /usr/sap/<System ID>/<Instance ID>/sec

When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error:

com.sap.aii.af.lib.mp.module.ModuleException: File is no valid PGP Message, could not apply decryption.

The decryption is working fine in the tool but it is not working fine in SAP PI. Even a simple encrypted txt file (of extension .pgp) is failing with the above error. The configuration of the module is shown below in the snapshot:

Regards,

Arkesh

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Best Answer
    Oct 28, 2016 at 11:34 AM

    Thank you all for your help and support.

    The issue was really strange and the root-cause was not properly identified.

    The work-around that we did was:

    1. New RSA-2098 key-pairs were generated (using GPG4Win tool) on SAP PI server itself by the Basis Team

    2. Public key was shared with the business partner(i.e. Sender System) while the private key was kept on the SAP PI server in the standard path (/usr/sap/<System ID>/<Instance ID>/sec)

    3. Only two parameters on the module tab were specified for Decryption: ownPrivateKey and pwdOwnPrivateKey

    4. The channel was activated with the above details and the decryption worked fine

    Regards,

    Arkesh

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 14, 2016 at 09:14 AM

    Hello Arkesh,

    Is the File encrypted + signed?

    If yes you need to add the below in the module

    partnerPublicKey

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 14, 2016 at 10:41 AM

    Arkesh,

    When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error.

    So from the above sentence can we consider that you have one inbound interface for decryption and one outbound for encryption ? So you and you're third party has both same key pair private key as well as public key ?

    I doubt you are using the wrong key here to decrypt . try this workaround.

    Do you mind to sharing the screenshot of .asc file content not completely but i want to see the beginning content atleast.

    Br,

    Manoj

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Arkesh,

      As told earlier the issue is with armoring ask third party to send an armored encrypted file.

      To confirm the armoring issue try this workaround:

      Take the PGP public key which third party is using then using that encrypt the data using IGolder(this tool encrypts data with armored enabled) then decrypt the file using PI .

      Br,

      Manoj

  • Oct 14, 2016 at 09:08 AM

    I think yo need not to mention the Root path if you are using the default /sec path. Please remove root path entry and try once.

    Thanks,

    Apu

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 01, 2016 at 08:32 PM

    Hello Arkesh,

    Would suggest you follow the steps in OSS Note:2233818 - PI Messages Fail with 'Exception decrypting key' Error

    Check if unlimited JCE is installed as if unlimited JCE is installed, then Key size 4096 should be supported.

    Regards,

    Bhavesh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 01, 2016 at 08:17 PM

    Hi Arkesh,

    Usually while decryption it will automatically detects the algorithm.If RSA case is not working try with other algorithms like AES_128 or AES_256.

    Thanks,

    Anil Sumanth

    Add comment
    10|10000 characters needed characters exceeded