Skip to Content
0

Public key generation

Mar 09 at 10:05 AM

124

avatar image
Former Member

Hi All,

I am working on bank interfaces. This is pass through scenario.

there are 2 interfaces.

1. Pick the file from AL11 --> Encrypt it --> Place on bank's server

2. Pick the file from Bank's server --> Decrypt it --> Place on AL11

We are using PGP encryption/Decryption.

Bank has already provided their PGP public key. I have uploaded in PGP secure store and used in channel. I am able to encrypt the file.

Now i have to share public key to bank. Here i am facing issue.

Following steps i have performed:

Referred blog : Generating SSH Keys for SFTP Adapters - Type 2

1. generated .p12 file

2. using Open SSL generated .key file

Note : i was not able to generate .pub key

So used Putty generator.

3. Loaded above .key file and generated public key.

Now i was not sure if my generated file is correct or not.

So to cross verify i uploaded the same file in PGP secure store and tested interface.

It is failing with error : Exception caught by adapter framework: No public key with encryption capability found in SftpTestPublicKey

Please help me in generation public key. Let me know where i am getting wrong.

Regards

Ankyy

encryption.png (6.5 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Pavan Dogiparthy Mar 09 at 12:28 PM
0

Hi,

You can use below url/ any other freeware tools available for generating the key pairs and the key which you have generated should have the PGP public/private key comment in the first and last line of the key same you can check by opening the keys.

https://www.igolder.com/pgp/generate-key/

Generally our PGP module will accept any type of extension keys(such as .txt, .asc,.pub,etc..,) only if you want to place this in OS server path, but if you specifically loading into PGP secure store it accepts only few formats .asc, etc.,

Regards

Pavan

Show 7 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Now we have signed key (.pem and .p12) which we have shared with bank.

Can you help me how shall i use it in channel modules for decryption?

Like do i have use directly in key store view and key store entry or i have to extract public and private key from .pem file and save in some folder/ PGP key store.. how to proceed ?

Currently i have loaded this .pem file in PGP Secure store.. I am not sure if it will work since i am yet to test it.

Regards

Ankyy

0

Hello,

Share only public key to bank

Provide the generated publickey and privatekey to BASIS team and ask them to place in default OS path usr/sap/<System ID>/<Instance ID>/sec

1. Pick the file from AL11 --> Encrypt it --> Place on bank's server

you have to use banks public key for encryption, you can configure as per below blog just change the keys name what you have used

https://blogs.sap.com/2012/04/10/pgpencryption-module-how-to-guide/

2. Pick the file from Bank's server --> Decrypt it --> Place on AL11,Can you help me how shall i use it in channel modules for decryption?

for Decryption configure as per below blog change the keys name and password as you defined

https://blogs.sap.com/2012/04/10/pgpdecryption-a-simple-how-to-guide/

Regards

Pavan

0
Former Member
Pavan Dogiparthy

Hi Pavan,

i have already checked above blogs and i am following the same.

Encryption it is working fine.

For decryption below i have configured below:

.pem file upload in PGP Secure Store

used above file in modules.

Please check attached screenshots for details.

Let me know if this is the correct approach.

Regards

Ankyy

0

Configuration is fine. are you facing any issue now?

0
Former Member
Pavan Dogiparthy

hi Pavan,

I am getting error : Exception caught by adapter framework: A fitting private key for the encrypted data could not be found: check the password.

Can you help me with this error ?

Regards

Ankyy

0

Hi,

Make sure with bank that they are encrypting and sending the data by using your own public key.

and also you should use the same key pair i.e,, private key in order to decrypt at your end.

Regards

Pavan

0
Former Member

Hi Pavan,

we again generated key pair using igolder.com and shared with bank.

Now it is working fine.

Thanks for your help.

Regards

Ankyy

0
Vivek Jain Mar 12 at 09:53 AM
0

Hi Ankyy,

Please correct me if my understanding is wrong. You need to provide your Public Key to the Bank , so that means Bank would be Encrypting the file and placing at SFTP. PI will pick the file , decrypt it using your Private Key and place it at AL11. But , in the screenshot provided m why are you Encrypting using your own Server Public Key? Sorry , bit confused. You need to use Decyption Module Instead.

Also , generate the Keys using the link provided by Pavan above , and test the Decryption/Encryption using any Open Tool available over Internet instead through PI in the beginning. This will ensure the correctness of the keys. After that configure the keys in the channel.

Regards,

Vivek Jain

Show 7 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Yes Vivek, your understanding is correct. I wanted to test if my key generation is correct so i tried it.

Now we have shared signed key (.pem and .p12 files) to bank team and they have converted it to Base 64 X509 at their end and are using it.

But i am not understanding how shall i configure these keys in channel.

Currently i have loaded .pem file in PGP Secure Store and used it in module.

Can you please tell me if i am in the right direction?

Regards

Ankyy

0

Hi Ankyy,

Please share your channel configuration here , if possible.

Regards,

Vivek Jain

0
Former Member
Vivek Jain

hi,

Please check attached screen shots:

Let me know if this is the correct approach.

Regards

Ankyy

0

Hi Ankyy,

It seems to be correct. What is the error you are getting? Also , if it is not working from Secure Store , place the keys at any location at AL11 , and add one more parameter before ownPrivateKey . The parameter name is - keyRootPath and give the complete path there. Something like attached:

decryption.jpg

Regards,

Vivek Jain

decryption.jpg (26.7 kB)
0
Former Member
Vivek Jain

hi Vivek,

I am getting error : Exception caught by adapter framework: A fitting private key for the encrypted data could not be found: check the password.

Can you help me with this error ?

Regards

Ankyy

0

Hi Ankyy,

This error not necessarily mean that your configuration is wrong. There is a chance that Bank is using wrong Public Key to Encrypt the data. I would suggest you to please use any open PGP Encryption Decryption tool. Test any data , even your name. Encrypt your name using your Public Key. And then Decrypt the outcome using your Private Key and Passphrase.

Regards,

Vivek Jain

0
Show more comments