https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310216#M1834659 <HTML><HEAD></HEAD><BODY><P>Tnks Samuli, is correct, the service is HTTPS. On the client of WS going to decrypt the values that i send, for it, i need encrypt the information.</P></BODY></HTML> Tue, 27 May 2014 20:50:18 GMT Former Member 2014-05-27T20:50:18Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310214#M1834657 <HTML><HEAD></HEAD><BODY><P>Hi experts!!!!</P><P></P><P>I have a requeriment to send information by Web Services, i have to encrypt some confidential fields with RC4 using specific key (encryption seed). </P><P></P><P></P><P>Some one have experience?</P><P></P><P></P><P>Tnks!!!</P></BODY></HTML> Tue, 27 May 2014 18:17:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310214#M1834657 Former Member 2014-05-27T18:17:03Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310215#M1834658 <HTML><HEAD></HEAD><BODY><P>Web Services has something called <A href="http://en.wikipedia.org/wiki/WS-Security">WS-Security</A>, no need to come up with something yourself. Not to mention you should use HTTPS.</P></BODY></HTML> Tue, 27 May 2014 20:16:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310215#M1834658 Former Member 2014-05-27T20:16:54Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310216#M1834659 <HTML><HEAD></HEAD><BODY><P>Tnks Samuli, is correct, the service is HTTPS. On the client of WS going to decrypt the values that i send, for it, i need encrypt the information.</P></BODY></HTML> Tue, 27 May 2014 20:50:18 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310216#M1834659 Former Member 2014-05-27T20:50:18Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310217#M1834660 <HTML><HEAD></HEAD><BODY><P>WS-Security supports message encryption. The only reason for having single fields encrypted would be that you don't even want to see the clear text value in the client, only in the post-processing layers. If that's the case AS ABAP has a encryption API, see <A href="http://service.sap.com/sap/support/notes/1456433">SAP note 1456433</A> for details.</P></BODY></HTML> Tue, 27 May 2014 21:01:18 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310217#M1834660 Former Member 2014-05-27T21:01:18Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310218#M1834661 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I agree with Samuli. It's a really really bad idea to roll out your own crypto. Implementing crypto is really hard. Especially, key management for stream ciphers is really tricky. If you xor two ciphertext generated by stream cipher with same encrpytion key then you get xor of plaintexts. There are simple techniques that can recover plaintext if you have some basic information such as that it's in English language. I assumed that you want to have same key for every message. If not then you will have to figure out how to distribute keys and you are getting into bigger troubles. I would try to use standard API provided by SAP. There is also another API that allows you to use PKCS#7 for encrypting values.</P><P></P><P>Cheers</P></BODY></HTML> Tue, 27 May 2014 23:09:49 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310218#M1834661 mvoros 2014-05-27T23:09:49Z https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310219#M1834662 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>actually message encryption is also about encrypting single fields if required <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>This is then called XML Encrption and is about protecting</P><P>elements that are sent as part of the SOAP message.</P><P>Please check the <A href="http://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/aea407ac5a3206e10000000a42189c/content.htm">docs on WS Security</A>. You can defined the fields to be encrypted in the SOAManager. The cryptographic operations are standardized and therefor interoperability between different systems should be a given, which is not the case, if you want to do this on your own.</P><P></P><P>More info on XMLencryption can be found in the <A href="http://www.w3.org/TR/xmlenc-core/">W3C standard</A>.</P><P></P><P>Regards,</P><P></P><P>Patrick</P></BODY></HTML> Wed, 28 May 2014 06:06:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/encrypt-information-using-rc4-algorithm/m-p/10310219#M1834662 Former Member 2014-05-28T06:06:32Z