In this example, first module is to convert payload from XML to CSV format using MessageTransformBean. Then PGPEncryption module used to apply signature and encryption to CSV message, and finally send out to target using SFTP adapter or any other adapter.sap_pgp_1
Based on PO PGP module guide and example, All PGP key (partner public key and own private and public key) need to place at PO file system, default path usr/sap/<System ID>/<Instance ID>/sec.
It will be a huge effort to create new PGP public and private key, then send and ask all trading partners change to newly created PGP public key, effort of testing and go live for each partners is huge. In current project, found a way to reuse existing partner public PGP key and own PGP public and private key at above path. Eliminate the need to ask partner change PGP key. This is especially benefit if existing own key still have many years before it expiry.
Below PGP parameters, detail please see reference:
sap_pgp_2
Initial testing faced below errors:
Signing error, and found solution here https://scn.sap.com/thread/3320339
sap_pgp_3

Encryption error, and found solution here https://scn.sap.com/thread/3225517
sap_pgp_4

Based on note 1915999 (Verify JCE Unlimited Strength Jurisdiction Policy), checked PO is support till default 128 bit keysize only, but PGP key is at lest 1024 bits up to 4096 bit, so not supported.
sap_pgp_5
The solution is need to apply these step to jce to unlimited strength up to 4096 bits:
If you are using SAP PO 7.5 with Java 8, then you need to download corresponding Java 8 JCE from Oracle java website.
http://scn.sap.com/community/b2b-integration/blog/2012/07/12/b2b-adapters–updating-to-jce-unlimited-strength-jurisdiction-policy
After asking Basis apply the steps, restart PO system. Now the JCE look green OK for all bits up to 4096.
sap_pgp_6
Test PGP module again, now no longer have above error, all is success.
Reference:
http://help.sap.com/saphelp_nw-secure-connect104/helpdata/en/8b/11483856d04f6b9c7bf378ecd1670c/content.htm
http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/04/10/pgpencryption-module-how-to-guide
http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/04/10/pgpdecryption-a-simple-how-to-guide

SAP PGP Encryption module Reuse PGP key with Signature and Encryption
Tagged on:             

One thought on “SAP PGP Encryption module Reuse PGP key with Signature and Encryption

  • December 20, 2021 at 5:48 pm
    Permalink

    Hi Yee,

    Could you please post the procedure for generation the Pulic and Private key in SAP PI 7.4. I have a requirement where I need to provide keys to Bank in AES/ECB/PKCS5Padding – key 192 bits

    Please help.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *