how to encrypt/decrypt 4 character field in ABAP?

Former Member · ‎01-22-2009

Hello SDN Community,

I have done extensive searches before posting this. Have even explored fuction modules FIEB_PASSWD_ENCRYPT/DECRYPT. Even looked at SSF Developers Guide - chapter 4. The FIEB function modules were dead-end. SSF looks like it concerns securing of documents or files. Talks about certificates.

I also looked at the SSF_BASE64_ENCRYPT/DECRYPT function modules on my system, which is ECC 6.0. Wasn't sure if they could be used on a stand-alone basis, plus I couldn't find any documentation about them.

I only want to encrypt, and then decrypt, the values in a 4 character field.

eg- DATA: MYFIELD(4) TYPE C.

Is there an ABAP function module, or coding example, that would demonstrate this?

Or possibly I overlooked something in the information that I have already found?

Thank you,

Dean Atteberry.

Former Member · ‎01-25-2009

A technique which I have seen used in older programs is DB_SCRAMBLE (or in your case, more likely DB_SCRAMBLE_STRING).

It might fullfill your requirement if the users can display your table, but not if they can debug your program. Some developers use this in macros (see ABAP docu on keyword "DEFINE") but that is not 100% bullet-proof either in a development system.

It is not really encryption and off-hat I am not sure whether they are released for external use. SAP's own mechanisms have been replaced by the Secure Store and several other attributes (not only the key and the string) as far as I know.

But it might meet your requirement, unless your next question is how to un-scramble the field...

Cheers,

Julius

Former Member · ‎01-25-2009

You certainly did your research! Can you tell a little bit more? Does the encryption need to be reversible? Did you consider key management? 4 characters is a little short...

morten_nielsen · ‎01-26-2009

Hi Dean

I have just stumbled on this Blog by Kathirvel Balakrishnan:

[Encryption & Decryption of data using ABAP|https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/5026] [original link is broken] [original link is broken] [original link is broken];,

It may be of interest to you

Regards

Morten Nielsen

Former Member · ‎01-26-2009

Hi Morten,

I would recommend reading the comments to the blog as well, as there would not be much difference between a 4 char field and...

*-- check string-to-string algorithms
  string_in = 'Au weia, der Hahn legt keine Eier'. "#EC NOTEXT
  string_out = test_object->encrypt_string2string( string_in ).
  string_expected = 'AQYRHTFUERodER9UABMRGFQaHBU8VAYREFRYFR0RA1QBNQ=='.
  if string_out <> string_expected.
    result = abap_false.
    return.
  endif.

...if the result can be expected (in any SAP system) or easily reversed.

But it might fullfill a requirement for obfuscation, which is what I was asking as well.

Cheers,

Julius

Former Member · ‎01-28-2009

Thank you for pointers to hard-wired encryption coding. It will be helpful as a starting point as we continue to work with the customer to define the level of security that they want.

WolfgangJanzen · ‎01-29-2009

>


> Thank you for pointers to hard-wired encryption coding.  It will be helpful as a starting point as we continue to work with the customer to define the level of security that they want.

Yes, thanks for bringing this to my attention.

I'll investigate on the autor and trigger the deletion of that non-sense coding.

Not only that the name is irritating, it will simply not work in heterogenous environments (due to missing UTF-8 conversion).