Using PGP key in SAP PI/PO



In my journey of being an Integration consultant, I have had my fair share of struggles in understanding the concept of PGP keys.
PGP encryption is something that every Integration Developer has to deal with daily.
I would further say that - it is one of the fundamentals of any integration product.



What is a PGP key?


As per the definition of Wikipedia :


Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.[3]



How does it work?


For eg. your organization, say ABC Inc, has an interface that integrates ECC to the Bank. Let's say this interface integrates the daily transaction details for the purchases made using the company's credit card. So, Ram, who is an employee of the company buys an ergonomic chair, a box of pencils, and a keyboard for office use.
Ram used the company's credit card to place this order. This transaction will create data like - transaction id; amount; vendor id; vendor name - Amazon, Alibaba, Flipkart, etc; time of the transaction, and currency in which the purchase was done - INR, USD, GBP, etc, which will be stored in banks server. However, to calculate the company's expense, a subset of this data generated - transaction id, amount, time of the transaction, etc - must be stored in the ECC.


In this case, data should flow from Bank's server (let's say SFTP server) to ECC. As the data is sensitive - during the transmission it must not be read by any 3rd party. So this data has to be converted into an unreadable format. Once it is converted into an unreadable format even if this file is intercepted by 3rd party, the content of the file will not make sense.


It is important that when data reaches ECC, the file content must be in original form.




To achieve the above-mentioned, PGP keys are used. So the Bank will encrypt the file and place the file in the SFTP folder. The encrypted file will have unreadable content.


The PI receiver communication channel will pick that file from the SFTP folder.
The PI receiver communication channel will decrypt the file.
And then PI will send this file to ECC.


As the name suggests PGP key pair has two keys. One is the public key, other is the private key.
The public key is shared with 3rd party, in this case, the bank. And private key stays with the owner.


In our case when the bank places the file in SFTP it uses ABC Inc.'s public key to encrypt data.
Once the file has been picked up by the sender channel of SAP PO, the first thing that SAP PO does is to look for a suitable private key. By default, the location of the PGP key will be in the directory usr/sap/<System ID>/<Instance ID>/sec.


Sometimes it so happens that even when the PGP key file is in the folder usr/sap/<System ID>/<Instance ID>/sec but PI channel could not identify the PGP key file.


In such case you should make sure to have these two checks:-
First, you need to be sure that you have placed a copy of the PGP file on all the application servers.
Second, you need to check if you have provided the read and write permission to the PGP key file.



Location: United Kingdom

Comments

Post a Comment

Popular posts from this blog

Frequently Asked Interview Questions for SAP PI/PO

SAP PI/PO Interview Questions What is SAP PI/PO? Please explain the pipeline steps in PI.  How does the PGP encryption work? Please explain the node function useOneAsMany, formatByExample. Please draw the architecture of SAP PI.  What is the difference between SOAP and REST? Please explain the steps to create Java Mapping? Explain the use case of Java mapping with an example? Please explain the steps required to create a connection between ECC and PI for  IDOC interfaces. Please explain the steps required to create a connection between ECC and PI for the inbound proxy scenario. What is the difference between Simple UDF and Complex UDF? What are the Dynamic Properties of the SAP PI Messaging system?  Give an example where you have used dynamic properties of the sap pi messaging system. What is the difference between synchronous and asynchronous types of communication? Give an example where asynchronous communication is preferred over synchronous communication. What is...
Read more

The Webservice way to connect ECC to SAP PI/PO

Image
With the increase in API technology's popularity 3rd party solutions are developing the ABAP packages and shipping them with the product license to enable seamless integration of their solution with SAP ECC. Recently I got an opportunity to work on a similar design I had to use a Webservice connection to connect ECC to SAP PI for SOVOS Tax Compliance solution integration with ECC. Below are the configuration steps that I performed using T-Code - SOAMANGER.  The ABAP package is available on the SOAMANGER homepage, I had to filter the Consumer Proxy with the specific name for this integration.  ECC configuration steps:  
Read more