Skip to Content

PGP Keyrings in Keystore

Hello all,

i have developed a SAP PI Module that encrypts and decrypts PGP messages. I deployed public and private keys inside the EAR file. However i would like to be able, for further maintenance, to store them in SAP PI KeyStore. Do you thinks is it possible to store PGP Keyrings in SAP PI Keystore? If yes, could you tell me how?

Thanks in advance.

Roger Allué i Vall

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • avatar image
    Former Member
    Jan 19, 2010 at 04:53 PM

    I think that if you're able to store them using accepted format, that shouldn't be an issue ! Have you looked at the KeyStore specifications (available from Javadoc pages) ?

    Chris

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Chris,

      thanks for your quick answer. I'll try to explain what i tried, so maybe you can find if i'm doing something wrong. I generated a keyring with GPA (GNU Privacy Assistant). I exported private key and public key and added them to my module. Everything works fine. I can encrypt and decrypt files using the private and public key inside the EAR.

      For maintenance reasons i would like to configure the keys in a place easily accessible (for example to regenerate the key) without regenerating the EAR.

      The problem is when i try to import this keys into a view (I used DEFAULT) in SAP PI Keystore. It expects a Key-pair or a X.590 certificate and i have a public and private key, so it fails when trying to import them. It doesn't like their format. However, this is the only format i can export the keyring from GPA. What i tried is to generate a private key and public key directly in SAP PI Keystore. I can obtain it with java libraries, but when i try to obtain the key it fails because it can find it in the keyring. I think it's because it's not a keyring. Do you think i'm doing something wrong? Do i'm trying to do something that is not possible to be done?

      Thanks in advance.

      Roger Allué i Vall.

  • Jan 19, 2010 at 05:45 PM

    As additional information i'm using Bouncy Castle java libraries to encrypt and decrypt PGP messages.

    Add comment
    10|10000 characters needed characters exceeded

    • This is a piece of the code i use to read certificates from KeyStore:

      private InputStream getKeyFromKeystore(){
      		
      		String privKeyView = "DEFAULT";
      		ByteArrayInputStream key = null;
      		PasswordProtection pass = new PasswordProtection("test1".toCharArray());
      
      		try{		
      		SAPSecurityResources secRes = SAPSecurityResources.getInstance();
      		KeyStoreManager ksMgr = secRes.getKeyStoreManager(PermissionMode.SYSTEM_LEVEL);
      		java.security.KeyStore ks = ksMgr.getKeyStore(privKeyView);	
        	        KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("ENTRY", pass );
                     Certificate cert = pkEntry.getCertificate();
      	       PublicKey pubKey = cert.getPublicKey();
      	       key = new ByteArrayInputStream(pubKey.getEncoded());
      	
      		}
      		catch (Exception e){	
      			addInfo ("Exception: " + e.getMessage());
          		StackTraceElement[] stack = e.getStackTrace();
          		for ( int i=0; i<stack.length; i++){ addInfo ("Exception: " + stack<i>.toString());}			
      		}
      		return key;
      		
      	}

  • Jan 20, 2010 at 11:17 AM

    This is the piece of code where i use the method above:

    [...]
    msg = (Message) inputModuleData.getPrincipalData();
    amk = new MessageKey(msg.getMessageId(), msg.getMessageDirection());
    in     = new ByteArrayInputStream(msg.getDocument().getContent());	     
    action = moduleContext.getContextData(C_ACTION_STRING);
    if (action.equals("ENCRYPT")){
          pubKeyStr = moduleContext.getContextData(C_PUBLICKEY_STRING);
          //keyIn = this.getClass().getResourceAsStream(pubKeyStr);
          keyIn = getKeyFromKeystore();
    
          if ( keyIn != null){  
           if (moduleContext.getContextData(C_ARMORED_STRING).equals(C_YES_STRING)){
          	    armored = true;
           }
           else{
                      armored = false;
                    }
                 
                 if (moduleContext.getContextData(C_INTEGRITYCHECK_STRING).equals(C_YES_STRING)){
                	 withIntegrityCheck = true;
                 }
                 else{
                	 withIntegrityCheck = false;
                 }             
                 encryptStream(in,out,readPublicKey(keyIn),armored,withIntegrityCheck);
                 }             
    	     }
    [...]
    

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 20, 2010 at 11:24 AM

    The method getKeyFromKeystore() returns correctly the public key but when i try to use it fails. Because the keys are not PGP keys.

    Add comment
    10|10000 characters needed characters exceeded