on 10-14-2016 8:46 AM
Hi Experts,
I have received both public and private keys from business and they are of type RSA-4096 with .ASC extension. The keys are generated by the business using a tool called GPG Keychain on a Mac machine. The keys are deployed on the server in the standard path - /usr/sap/<System ID>/<Instance ID>/sec
When I use them to encrypt the file, the encryption works fine but when I use the keys to decrypt the files, it fails in PI with the error:
com.sap.aii.af.lib.mp.module.ModuleException: File is no valid PGP Message, could not apply decryption.
The decryption is working fine in the tool but it is not working fine in SAP PI. Even a simple encrypted txt file (of extension .pgp) is failing with the above error. The configuration of the module is shown below in the snapshot:
Regards,
Arkesh
Thank you all for your help and support.
The issue was really strange and the root-cause was not properly identified.
The work-around that we did was:
1. New RSA-2098 key-pairs were generated (using GPG4Win tool) on SAP PI server itself by the Basis Team
2. Public key was shared with the business partner(i.e. Sender System) while the private key was kept on the SAP PI server in the standard path (/usr/sap/<System ID>/<Instance ID>/sec)
3. Only two parameters on the module tab were specified for Decryption: ownPrivateKey and pwdOwnPrivateKey
4. The channel was activated with the above details and the decryption worked fine
Regards,
Arkesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Arkesh,
Is the File encrypted + signed?
If yes you need to add the below in the module
partnerPublicKey
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Were you able to resolve? I believe it is required to have your partner sign and you would need their pub key referenced in sender module configuration.
Thanks
Jon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Arkesh,
Would suggest you follow the steps in OSS Note:2233818 - PI Messages Fail with 'Exception decrypting key' Error
Check if unlimited JCE is installed as if unlimited JCE is installed, then Key size 4096 should be supported.
Regards,
Bhavesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arkesh,
Usually while decryption it will automatically detects the algorithm.If RSA case is not working try with other algorithms like AES_128 or AES_256.
Thanks,
Anil Sumanth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think yo need not to mention the Root path if you are using the default /sec path. Please remove root path entry and try once.
Thanks,
Apu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.