cancel
Showing results for 
Search instead for 
Did you mean: 

PGP Decryption Error: File is no valid PGP Message, could not apply decryption.

arkesh_sharma
Active Participant
0 Kudos

Hi Experts,

I have received both public and private keys from business and they are of type RSA-4096 with .ASC extension. The keys are generated by the business using a tool called GPG Keychain on a Mac machine. The keys are deployed on the server in the standard path - /usr/sap/<System ID>/<Instance ID>/sec

When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error:

com.sap.aii.af.lib.mp.module.ModuleException: File is no valid PGP Message, could not apply decryption.

The decryption is working fine in the tool but it is not working fine in SAP PI. Even a simple encrypted txt file (of extension .pgp) is failing with the above error. The configuration of the module is shown below in the snapshot:

Regards,

Arkesh

arkesh_sharma
Active Participant
0 Kudos

Hi Manoj,

You're absolutely right in saying that I have one encryption scenario and one decryption scenario. I use Public Key for Encryption and Private Key for Decryption. The third-party sending the encrypted files have only Public Key with them. When they receive the files, it is going to be decrypted by PI so they do not need the private key.

The business person today directly provided one sample encrypted file from the tool GPG Keychain and gave it for decryption. He was able to decrypt it with the tool but that didn't work in SAP PI.

Here is a small snapshot of the key as you asked. I hope this will be helpful.


Regards,

Arkesh

manoj_khavatkopp
Active Contributor
0 Kudos

Take the encrypted file from the third party use the online tool IGolder and try to decrypt it using the private key which you have mentioned in channel and let us know the results.

arkesh_sharma
Active Participant
0 Kudos

Hi Manoj,

Thank you for your response. The IGolder tool asks to copy-paste the content of the encrypted file. Some of the characters in the file could not properly get pasted in the web page so it did not decrypt the content of the file properly and gave an error. Hence, I used the USB Stick version of PortablePGP tool and tried to test the keys.

The keys (both public and private) are working fine in the tool. Hence, my next question is -

Is RSA4096 algorithm an acceptable form for PGP decryption in SAP PI?

Regards,

Arkesh

manoj_khavatkopp
Active Contributor
0 Kudos

Arkesh,

Arkesh ,

Really cant comment on that because even SAP help dont talk about RSA Alog.

PGP

 Some of the characters in the file could not properly get pasted in the web page

What type of characters , when a data is encrypted there shouldn't be any weird characters .Can you ask your third party to send and Armored PGP encrypted file and then you try to decrypt that.

Br,

Manoj

arkesh_sharma
Active Participant
0 Kudos

Hi Manoj,

Please find the snapshots below from the PGP File opened in notepad and when it was pasted in the web page of IGolder.

PGP File:

IGolder:

I had a set of 6 files from the sender system which were encrypted. I tried decrypting them using Portable PGP, it worked in the tool but it didn't work in the SAP PI System.

Also, the strange thing is that the public key is working in SAP PI, which is in the same Algo format, but the decryption key is not working and it throws an error.

Regards,

Arkesh

manoj_khavatkopp
Active Contributor
0 Kudos

Hi Arkesh ,

As told earlier the file is encrypted without armoring hence you are getting these type of characters ..in gnupg tool i remember there is option to enable Armor ask you third party to send and Armored PGP file.

Try this workaround to confirm this is an Armoring issue :

Take the Public key which third party is using and encrypt some data using iGolder (iGolder encrypts a file always with armoring) and then try to decrypt it using PI

Br,

Manoj

Accepted Solutions (1)

Accepted Solutions (1)

arkesh_sharma
Active Participant
0 Kudos

Thank you all for your help and support.

The issue was really strange and the root-cause was not properly identified.

The work-around that we did was:

1. New RSA-2098 key-pairs were generated (using GPG4Win tool) on SAP PI server itself by the Basis Team

2. Public key was shared with the business partner(i.e. Sender System) while the private key was kept on the SAP PI server in the standard path (/usr/sap/<System ID>/<Instance ID>/sec)

3. Only two parameters on the module tab were specified for Decryption: ownPrivateKey and pwdOwnPrivateKey

4. The channel was activated with the above details and the decryption worked fine

Regards,

Arkesh

Answers (5)

Answers (5)

former_member186851
Active Contributor

Hello Arkesh,

Is the File encrypted + signed?

If yes you need to add the below in the module

partnerPublicKey

arkesh_sharma
Active Participant
0 Kudos

Hi Raghuraman,

I checked with the person who created the encrypted file, he said it is not signed and only encrypted.

So I did not use partnerPublicKey parameter.

former_member186851
Active Contributor
0 Kudos

Hello Arkesh,

Then this error could be due to wrong encryption of file and or any special characters/texts added in file by mistake.

Can you retest with new file or check if any issue is there in the file.

arkesh_sharma
Active Participant
0 Kudos

Hi Raghuraman,

Is there a tool that you can suggest to find out the special characters in the encrypted file ?

Regards,

Arkesh

former_member186851
Active Contributor
0 Kudos

Hello Arkesh,

You can decrypt using IGOLDER ,Manoj also suggested the same.

It could be due to wrong key or file issues(additional characters are something).

jonprow
Participant
0 Kudos

Were you able to resolve? I believe it is required to have your partner sign and you would need their pub key referenced in sender module configuration.

https://help.sap.com/saphelp_nw-secure-connect103/helpdata/en/c6/62dcc1394d4a798fc4abdb406fa269/fram...

Thanks

Jon

bhavesh_kantilal
Active Contributor
0 Kudos

Hello Arkesh,

Would suggest you follow the steps in OSS Note:2233818 - PI Messages Fail with 'Exception decrypting key' Error

Check if unlimited JCE is installed as if unlimited JCE is installed, then Key size 4096 should be supported.

Regards,

Bhavesh

Former Member
0 Kudos

Hi Arkesh,

Usually while decryption it will automatically detects the algorithm.If RSA case is not working try with other algorithms like AES_128 or AES_256.

Thanks,

Anil Sumanth

apu_das2
Active Contributor
0 Kudos

I think yo need not to mention the Root path if you are using the default /sec path. Please remove root path entry and try once.

Thanks,

Apu

arkesh_sharma
Active Participant
0 Kudos

Hi Apu,

I have removed the root path as it is the default path where keys are stored. I am still getting the same error.

Regards,

Arkesh