cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Public key generation

Go to solution
former_member462965
Explorer

on ‎03-09-2018 10:05 AM

0 Kudos

Hi All,

I am working on bank interfaces. This is pass through scenario.

there are 2 interfaces.

1. Pick the file from AL11 --> Encrypt it --> Place on bank's server

2. Pick the file from Bank's server --> Decrypt it --> Place on AL11

We are using PGP encryption/Decryption.

Bank has already provided their PGP public key. I have uploaded in PGP secure store and used in channel. I am able to encrypt the file.

Now i have to share public key to bank. Here i am facing issue.

Following steps i have performed:

Referred blog : Generating SSH Keys for SFTP Adapters - Type 2

1. generated .p12 file

2. using Open SSL generated .key file

Note : i was not able to generate .pub key

So used Putty generator.

3. Loaded above .key file and generated public key.

Now i was not sure if my generated file is correct or not.

So to cross verify i uploaded the same file in PGP secure store and tested interface.

It is failing with error : Exception caught by adapter framework: No public key with encryption capability found in SftpTestPublicKey

Please help me in generation public key. Let me know where i am getting wrong.

Regards

Ankyy

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

PavanKumar
Active Contributor
‎03-09-2018 12:28 PM
0 Kudos

Hi,

You can use below url/ any other freeware tools available for generating the key pairs and the key which you have generated should have the PGP public/private key comment in the first and last line of the key same you can check by opening the keys.

https://www.igolder.com/pgp/generate-key/

Generally our PGP module will accept any type of extension keys(such as .txt, .asc,.pub,etc..,) only if you want to place this in OS server path, but if you specifically loading into PGP secure store it accepts only few formats .asc, etc.,

Regards

Pavan

Show replies
Show replies
former_member462965
Explorer
‎03-16-2018 5:12 AM
0 Kudos

Now we have signed key (.pem and .p12) which we have shared with bank.

Can you help me how shall i use it in channel modules for decryption?

Like do i have use directly in key store view and key store entry or i have to extract public and private key from .pem file and save in some folder/ PGP key store.. how to proceed ?

Currently i have loaded this .pem file in PGP Secure store.. I am not sure if it will work since i am yet to test it.

Regards

Ankyy

PavanKumar
Active Contributor
‎03-16-2018 11:29 AM
0 Kudos

Hello,

Share only public key to bank

Provide the generated publickey and privatekey to BASIS team and ask them to place in default OS path usr/sap/<System ID>/<Instance ID>/sec

1. Pick the file from AL11 --> Encrypt it --> Place on bank's server

you have to use banks public key for encryption, you can configure as per below blog just change the keys name what you have used

https://blogs.sap.com/2012/04/10/pgpencryption-module-how-to-guide/

2. Pick the file from Bank's server --> Decrypt it --> Place on AL11,Can you help me how shall i use it in channel modules for decryption?

for Decryption configure as per below blog change the keys name and password as you defined

https://blogs.sap.com/2012/04/10/pgpdecryption-a-simple-how-to-guide/

Regards

Pavan

former_member462965
Explorer
‎03-21-2018 5:16 AM
0 Kudos

Hi Pavan,

i have already checked above blogs and i am following the same.

Encryption it is working fine.

For decryption below i have configured below:

.pem file upload in PGP Secure Store

used above file in modules.

Please check attached screenshots for details.

Let me know if this is the correct approach.

Regards

Ankyy

PavanKumar
Active Contributor
‎03-21-2018 9:02 AM
0 Kudos

Configuration is fine. are you facing any issue now?

former_member462965
Explorer
‎03-27-2018 10:52 AM
0 Kudos

hi Pavan,

I am getting error : Exception caught by adapter framework: A fitting private key for the encrypted data could not be found: check the password.

Can you help me with this error ?

Regards

Ankyy

PavanKumar
Active Contributor
‎03-28-2018 1:12 PM
0 Kudos

Hi,

Make sure with bank that they are encrypting and sending the data by using your own public key.

and also you should use the same key pair i.e,, private key in order to decrypt at your end.

Regards

Pavan

former_member462965
Explorer
‎03-29-2018 5:48 AM
0 Kudos

Hi Pavan,

we again generated key pair using igolder.com and shared with bank.

Now it is working fine.

Thanks for your help.

Regards

Ankyy

Answers (1)

Answers (1)

former_member366655
Active Participant
‎03-12-2018 9:53 AM
0 Kudos

Hi Ankyy,

Please correct me if my understanding is wrong. You need to provide your Public Key to the Bank , so that means Bank would be Encrypting the file and placing at SFTP. PI will pick the file , decrypt it using your Private Key and place it at AL11. But , in the screenshot provided m why are you Encrypting using your own Server Public Key? Sorry , bit confused. You need to use Decyption Module Instead.

Also , generate the Keys using the link provided by Pavan above , and test the Decryption/Encryption using any Open Tool available over Internet instead through PI in the beginning. This will ensure the correctness of the keys. After that configure the keys in the channel.

Regards,

Vivek Jain

Show replies
Show replies
former_member462965
Explorer
‎03-16-2018 5:11 AM
0 Kudos

Yes Vivek, your understanding is correct. I wanted to test if my key generation is correct so i tried it.

Now we have shared signed key (.pem and .p12 files) to bank team and they have converted it to Base 64 X509 at their end and are using it.

But i am not understanding how shall i configure these keys in channel.

Currently i have loaded .pem file in PGP Secure Store and used it in module.

Can you please tell me if i am in the right direction?

Regards

Ankyy

former_member366655
Active Participant
‎03-19-2018 7:18 AM
0 Kudos

Hi Ankyy,

Please share your channel configuration here , if possible.

Regards,

Vivek Jain

former_member462965
Explorer
‎03-21-2018 5:19 AM
0 Kudos

hi,

Please check attached screen shots:

Let me know if this is the correct approach.

Regards

Ankyy

former_member366655
Active Participant
‎03-21-2018 9:34 AM
0 Kudos

Hi Ankyy,

It seems to be correct. What is the error you are getting? Also , if it is not working from Secure Store , place the keys at any location at AL11 , and add one more parameter before ownPrivateKey . The parameter name is - keyRootPath and give the complete path there. Something like attached:

decryption.jpg

Regards,

Vivek Jain

former_member462965
Explorer
‎03-27-2018 10:51 AM
0 Kudos

hi Vivek,

I am getting error : Exception caught by adapter framework: A fitting private key for the encrypted data could not be found: check the password.

Can you help me with this error ?

Regards

Ankyy

former_member366655
Active Participant
‎03-29-2018 10:41 AM
0 Kudos

Hi Ankyy,

This error not necessarily mean that your configuration is wrong. There is a chance that Bank is using wrong Public Key to Encrypt the data. I would suggest you to please use any open PGP Encryption Decryption tool. Test any data , even your name. Encrypt your name using your Public Key. And then Decrypt the outcome using your Private Key and Passphrase.

Regards,

Vivek Jain

former_member462965
Explorer
‎04-06-2018 4:33 AM
0 Kudos

Yes Vivek, we did generate key using igolder.com and now it is working fine.

Regards

Ankyy

Ask a Question