Scribd
Upload
6 views

Implementing Messged I Integration

This document provides a comprehensive guide on creating and managing PGP key pairs for SAP Cloud Platform Integration (CPI). It outlines the steps for generating PGP key pairs, distributing public keys, and importing keys into SAP CPI, as well as configuring PGP Encryptor and Decryptor functionalities. The guide emphasizes the importance of secure data exchanges and offers practical instructions for implementing message-level security in SAP CPI integration.

Uploaded by

jaydata2018
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views

Implementing Messged I Integration

This document provides a comprehensive guide on creating and managing PGP key pairs for SAP Cloud Platform Integration (CPI). It outlines the steps for generating PGP key pairs, distributing public keys, and importing keys into SAP CPI, as well as configuring PGP Encryptor and Decryptor functionalities. The guide emphasizes the importance of secure data exchanges and offers practical instructions for implementing message-level security in SAP CPI integration.

Uploaded by

jaydata2018
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Implementing Message Level Security : Creating and Managing PGP

Key Pairs for SAP CPI Integration

In our previous blog, we explored the concept of PGP Key Exchange, focusing on the
roles of the Signer and Verifier. Now, in this blog, we’ll dive deeper into the practical
aspects of security in SAP Cloud Platform Integration (CPI). Specifically, we’ll cover
how to create a PGP key pair for both SAP CPI and your partners, as well as how to
import and manage these keys within CPI monitoring. Additionally, we will explore the
configuration options available in the Manage PGP Keys section and walk you through
setting up the PGP Encryptor and PGP Decryptor in CPI.

1. Creating a PGP Key Pair for SAP CPI and Partners

Before securing your data, you must create the necessary PGP key pairs for both SAP
CPI and your integration partners. Here's how to go about it:

Step 1: Generating the PGP Key Pair

To ensure secure data exchanges between SAP CPI and your integration partner, you
first need to create a PGP key pair for both parties. In this demo, we will generate these
key pairs using https://onlinepgp.com.
Go to onlinepgp.com and create two separate key pairs for the demo:

CpiDemoKey: This key pair will be used for SAP CPI. It includes both
the CpiDemoKey Public Key and the CpiDemoKey Private Key.
PartnerDemoKey: This key pair will be used for your integration partner. It includes
both the PartnerDemoKey Public Key and the PartnerDemoKey Private Key.
The tool will generate both public and private keys for each party, which can be
downloaded for use. for Both the Private Keys passphrase is Admin which needs
for importing these private key in monitoring.

Note: Added PGP Keys in Resource Section for you reference. use Admin as
passphrase to import the key

Step 2: Distributing the Public Key to Partners

Share the CpiDemoKey Public Key with your integration partner. The partner will use
this public key to encrypt messages they send to SAP CPI.

Similarly, you will need to obtain your partner's PartnerDemoKey Public Key, which
you will use to encrypt messages sent to them.
Step 3: Importing Public and Private Key in SAP CPI

In SAP CPI monitoring, under Manage Security, there is a PGP Keys tile where you
can import PGP keys.

To import a PGP key, follow these steps:

Click on PGP keys tile you will get below UI

Now click on Add, You will get two option to add public keys and Private keys.
let's add Public keys.

Click on add. finally we have added both the Public keys as below.
Now we will add Private keys for both Partner and CPI.

Click on Add and select Secret Keys.

Please provide the passphrase that was set when the key pair was created in the tool.
(Admin)

Note:- Here you can see under type it's Secret,Public for both the key. we have validity
state Valid Until and last modified date time.

2. in This section we will see the configuration of PGP Encryptor and PGP
Decryptor.
Scenario 1: Let's assume we need to encrypt the payload with the partner's public key
and sign it with the CPI private key.

In this case, the PGP Encryptor Pallet function will be configured as follows:

Scenario 2: Let's assume we need to decrypt the payload with our private key and
verify it using the partner's public key.

In this case, the PGP Decryptor Pallet function will be configured as follows:

It is important to note that for the PGP Decryptor, to decrypt we do not need to
provide the CPI private key, as no configuration option is available for this.
To verify the Signature we need to provide the partner’s public key.
However, the private key must be added to the PGP keys. The private key is
fetched directly from the "secring.asc" file, while the public keys are stored in the
"pubring.asc" file. To verify, you can download the file and open it in any text
editor.

If you have any experiences or best practices to share regarding PGP key
management in SAP CPI, feel free to leave a comment below. For additional
resources on encryption and SAP CPI security, check out our other blogs.
Thanks

You might also like