Skip to Content
0

PGP Decryption Error: File is no valid PGP Message, could not apply decryption.

Oct 14, 2016 at 07:46 AM

681

avatar image

Hi Experts,

I have received both public and private keys from business and they are of type RSA-4096 with .ASC extension. The keys are generated by the business using a tool called GPG Keychain on a Mac machine. The keys are deployed on the server in the standard path - /usr/sap/<System ID>/<Instance ID>/sec

When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error:

com.sap.aii.af.lib.mp.module.ModuleException: File is no valid PGP Message, could not apply decryption.

The decryption is working fine in the tool but it is not working fine in SAP PI. Even a simple encrypted txt file (of extension .pgp) is failing with the above error. The configuration of the module is shown below in the snapshot:

Regards,

Arkesh

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

6 Answers

Best Answer
Arkesh Sharma Oct 28, 2016 at 11:34 AM
0

Thank you all for your help and support.

The issue was really strange and the root-cause was not properly identified.

The work-around that we did was:

1. New RSA-2098 key-pairs were generated (using GPG4Win tool) on SAP PI server itself by the Basis Team

2. Public key was shared with the business partner(i.e. Sender System) while the private key was kept on the SAP PI server in the standard path (/usr/sap/<System ID>/<Instance ID>/sec)

3. Only two parameters on the module tab were specified for Decryption: ownPrivateKey and pwdOwnPrivateKey

4. The channel was activated with the above details and the decryption worked fine

Regards,

Arkesh

Share
10 |10000 characters needed characters left characters exceeded
Raghuraman S Oct 14, 2016 at 09:14 AM
1

Hello Arkesh,

Is the File encrypted + signed?

If yes you need to add the below in the module

partnerPublicKey

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hi Raghuraman,

I checked with the person who created the encrypted file, he said it is not signed and only encrypted.

So I did not use partnerPublicKey parameter.

0

Hello Arkesh,

Then this error could be due to wrong encryption of file and or any special characters/texts added in file by mistake.

Can you retest with new file or check if any issue is there in the file.

0

Hi Raghuraman,

Is there a tool that you can suggest to find out the special characters in the encrypted file ?

Regards,

Arkesh

0

Hello Arkesh,

You can decrypt using IGOLDER ,Manoj also suggested the same.

It could be due to wrong key or file issues(additional characters are something).

0
Manoj K Oct 14, 2016 at 10:41 AM
1

Arkesh,

When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error.

So from the above sentence can we consider that you have one inbound interface for decryption and one outbound for encryption ? So you and you're third party has both same key pair private key as well as public key ?

I doubt you are using the wrong key here to decrypt . try this workaround.

Do you mind to sharing the screenshot of .asc file content not completely but i want to see the beginning content atleast.

Br,

Manoj

Show 6 Share
10 |10000 characters needed characters left characters exceeded

Hi Manoj,

You're absolutely right in saying that I have one encryption scenario and one decryption scenario. I use Public Key for Encryption and Private Key for Decryption. The third-party sending the encrypted files have only Public Key with them. When they receive the files, it is going to be decrypted by PI so they do not need the private key.

The business person today directly provided one sample encrypted file from the tool GPG Keychain and gave it for decryption. He was able to decrypt it with the tool but that didn't work in SAP PI.

Here is a small snapshot of the key as you asked. I hope this will be helpful.


Regards,

Arkesh

0

Take the encrypted file from the third party use the online tool IGolder and try to decrypt it using the private key which you have mentioned in channel and let us know the results.

0

Hi Manoj,

Thank you for your response. The IGolder tool asks to copy-paste the content of the encrypted file. Some of the characters in the file could not properly get pasted in the web page so it did not decrypt the content of the file properly and gave an error. Hence, I used the USB Stick version of PortablePGP tool and tried to test the keys.

The keys (both public and private) are working fine in the tool. Hence, my next question is -

Is RSA4096 algorithm an acceptable form for PGP decryption in SAP PI?

Regards,

Arkesh

0

Arkesh,

Arkesh ,

Really cant comment on that because even SAP help dont talk about RSA Alog.

PGP

 Some of the characters in the file could not properly get pasted in the web page

What type of characters , when a data is encrypted there shouldn't be any weird characters .Can you ask your third party to send and Armored PGP encrypted file and then you try to decrypt that.

Br,

Manoj

0

Hi Manoj,

Please find the snapshots below from the PGP File opened in notepad and when it was pasted in the web page of IGolder.

PGP File:

IGolder:

I had a set of 6 files from the sender system which were encrypted. I tried decrypting them using Portable PGP, it worked in the tool but it didn't work in the SAP PI System.

Also, the strange thing is that the public key is working in SAP PI, which is in the same Algo format, but the decryption key is not working and it throws an error.

Regards,

Arkesh

0

Hi Arkesh,

As told earlier the issue is with armoring ask third party to send an armored encrypted file.

To confirm the armoring issue try this workaround:

Take the PGP public key which third party is using then using that encrypt the data using IGolder(this tool encrypts data with armored enabled) then decrypt the file using PI .

Br,

Manoj

0
Apu Das Oct 14, 2016 at 09:08 AM
0

I think yo need not to mention the Root path if you are using the default /sec path. Please remove root path entry and try once.

Thanks,

Apu

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Apu,

I have removed the root path as it is the default path where keys are stored. I am still getting the same error.

Regards,

Arkesh

0
Bhavesh Kantilal Nov 01, 2016 at 08:32 PM
0

Hello Arkesh,

Would suggest you follow the steps in OSS Note:2233818 - PI Messages Fail with 'Exception decrypting key' Error

Check if unlimited JCE is installed as if unlimited JCE is installed, then Key size 4096 should be supported.

Regards,

Bhavesh

Share
10 |10000 characters needed characters left characters exceeded
Anil Sumanth Yakkali Nov 01, 2016 at 08:17 PM
0

Hi Arkesh,

Usually while decryption it will automatically detects the algorithm.If RSA case is not working try with other algorithms like AES_128 or AES_256.

Thanks,

Anil Sumanth

Share
10 |10000 characters needed characters left characters exceeded