on 03-09-2018 10:05 AM
Hi All,
I am working on bank interfaces. This is pass through scenario.
there are 2 interfaces.
1. Pick the file from AL11 --> Encrypt it --> Place on bank's server
2. Pick the file from Bank's server --> Decrypt it --> Place on AL11
We are using PGP encryption/Decryption.
Bank has already provided their PGP public key. I have uploaded in PGP secure store and used in channel. I am able to encrypt the file.
Now i have to share public key to bank. Here i am facing issue.
Following steps i have performed:
Referred blog : Generating SSH Keys for SFTP Adapters - Type 2
1. generated .p12 file
2. using Open SSL generated .key file
Note : i was not able to generate .pub key
So used Putty generator.
3. Loaded above .key file and generated public key.
Now i was not sure if my generated file is correct or not.
So to cross verify i uploaded the same file in PGP secure store and tested interface.
It is failing with error : Exception caught by adapter framework: No public key with encryption capability found in SftpTestPublicKey
Please help me in generation public key. Let me know where i am getting wrong.
Regards
Ankyy
Hi,
You can use below url/ any other freeware tools available for generating the key pairs and the key which you have generated should have the PGP public/private key comment in the first and last line of the key same you can check by opening the keys.
https://www.igolder.com/pgp/generate-key/
Generally our PGP module will accept any type of extension keys(such as .txt, .asc,.pub,etc..,) only if you want to place this in OS server path, but if you specifically loading into PGP secure store it accepts only few formats .asc, etc.,
Regards
Pavan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Now we have signed key (.pem and .p12) which we have shared with bank.
Can you help me how shall i use it in channel modules for decryption?
Like do i have use directly in key store view and key store entry or i have to extract public and private key from .pem file and save in some folder/ PGP key store.. how to proceed ?
Currently i have loaded this .pem file in PGP Secure store.. I am not sure if it will work since i am yet to test it.
Regards
Ankyy
Hello,
Share only public key to bank
Provide the generated publickey and privatekey to BASIS team and ask them to place in default OS path usr/sap/<System ID>/<Instance ID>/sec
1. Pick the file from AL11 --> Encrypt it --> Place on bank's server
you have to use banks public key for encryption, you can configure as per below blog just change the keys name what you have used
https://blogs.sap.com/2012/04/10/pgpencryption-module-how-to-guide/
2. Pick the file from Bank's server --> Decrypt it --> Place on AL11,Can you help me how shall i use it in channel modules for decryption?
for Decryption configure as per below blog change the keys name and password as you defined
https://blogs.sap.com/2012/04/10/pgpdecryption-a-simple-how-to-guide/
Regards
Pavan
Hi Pavan,
i have already checked above blogs and i am following the same.
Encryption it is working fine.
For decryption below i have configured below:
.pem file upload in PGP Secure Store
used above file in modules.
Please check attached screenshots for details.
Let me know if this is the correct approach.
Regards
Ankyy
Hi Ankyy,
Please correct me if my understanding is wrong. You need to provide your Public Key to the Bank , so that means Bank would be Encrypting the file and placing at SFTP. PI will pick the file , decrypt it using your Private Key and place it at AL11. But , in the screenshot provided m why are you Encrypting using your own Server Public Key? Sorry , bit confused. You need to use Decyption Module Instead.
Also , generate the Keys using the link provided by Pavan above , and test the Decryption/Encryption using any Open Tool available over Internet instead through PI in the beginning. This will ensure the correctness of the keys. After that configure the keys in the channel.
Regards,
Vivek Jain
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes Vivek, your understanding is correct. I wanted to test if my key generation is correct so i tried it.
Now we have shared signed key (.pem and .p12 files) to bank team and they have converted it to Base 64 X509 at their end and are using it.
But i am not understanding how shall i configure these keys in channel.
Currently i have loaded .pem file in PGP Secure Store and used it in module.
Can you please tell me if i am in the right direction?
Regards
Ankyy
Hi Ankyy,
It seems to be correct. What is the error you are getting? Also , if it is not working from Secure Store , place the keys at any location at AL11 , and add one more parameter before ownPrivateKey . The parameter name is - keyRootPath and give the complete path there. Something like attached:
Regards,
Vivek Jain
Hi Ankyy,
This error not necessarily mean that your configuration is wrong. There is a chance that Bank is using wrong Public Key to Encrypt the data. I would suggest you to please use any open PGP Encryption Decryption tool. Test any data , even your name. Encrypt your name using your Public Key. And then Decrypt the outcome using your Private Key and Passphrase.
Regards,
Vivek Jain
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.