Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Decrypt using Triple-DES algorithm

Go to solution
Former Member

‎2006 Nov 02 4:28 PM

0 Likes
1,292

Hi folks,

The scenario is: My client receives messages in XML format; some of the fields are encrypted with algorithm Triple-DES. This information is stored into a Z table of a SAP ERP 2005. The idea is develop an ABAP report that reads this table and decrypt the encrypted fields.

I already read all most information about Triple-DES on SAP help. The SSF (Secure Store and Forward) supports this kind algorithm. But a contradiction happens, the Triple-DES is a symmetric algorithm (the same key is used to encrypt and decrypt data), however, the infrastructure mentioned on a SAP Help shows only the public key technology (asymmetric cryptography). Also SFF functions have parameters to fill, like recipient information, etc… it means that those functions are to be used with public key algorithm?

As I have all the encrypted data into the tables and also the private key on my own, I think that I only need to call a function to decrypt data. So, it means only a SSF_DEVELOPE function is necessary?

I have more questions:

Where is the safe place to save the private key? (Transaction)

Which extra configurations I need to do to start my ABAP report?

Which functions of a SSFG function group I need to use? Like I said before I think that I only need to decrypt the encrypted data, so it means only a SSF_DEVELOPE function is necessary?

Thanks a lot for your help.

Regards,

Ricardo.

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2006 Nov 03 8:58 AM

0 Likes
1,001

Never store a private key on a server, then it is no longer private.

Furthermore SSF_DEVELOPE has the paramter STR_FORMAT with default value 'PKCS7'. That means that this is a FM for extracting data from a digital signature which is ASN.1 DER encoded in a PKCS7 container.

What you need is a Public Key Infrastructure somewhere on your server or on another server.

Best regards,

Thomas

5 REPLIES 5
Read only

Go to solution
Former Member

‎2006 Nov 03 8:58 AM

0 Likes
1,002

Never store a private key on a server, then it is no longer private.

Furthermore SSF_DEVELOPE has the paramter STR_FORMAT with default value 'PKCS7'. That means that this is a FM for extracting data from a digital signature which is ASN.1 DER encoded in a PKCS7 container.

What you need is a Public Key Infrastructure somewhere on your server or on another server.

Best regards,

Thomas

Read only

Go to solution
Former Member
In response to Former Member

‎2006 Nov 03 9:28 AM

0 Likes
1,001

Hi Thomas,

Thanks for your prompt answers.

Like I said on a previous post, I have all the encrypted data into the tables and also the private key on my own. The algorithm used is a symmetric algorithm called Triple-DES. So, I think that I have all that I need... This is not a typical case of public key infrastructure, but a private/secret key infrastructure. However, I can't find a function module that handles this algorithm.

Do you have any suggestion?

Regards, Ricardo.

Read only

Go to solution
Former Member

‎2006 Nov 03 9:52 AM

0 Likes
1,001

I couldn't find a SSF module which is providing what you need. But check this:

<a href="http://www.sap.com/partners/icc/scenarios/pdf/bc_ssf_api.pdf">http://www.sap.com/partners/icc/scenarios/pdf/bc_ssf_api.pdf</a>

Regards,

Thomas

Read only

Go to solution
Former Member
In response to Former Member

‎2006 Nov 03 10:38 AM

0 Likes
1,001

Thanks a lot Thomas.

But this guide only mentions a public key (asymmetric infrastructure). I need a symmetric infrastructure (secret key) and I can’t find any ABAP information related. I'm getting believe that is not possible doing data encryption with symmetric algorithms without a whole public key infrastructure defined. I will search a little bit more…

Regards, Ricardo.

Read only

Go to solution
Former Member

‎2006 Nov 10 12:31 PM

0 Likes
1,001

Hi all,

For your information, I would like to tell you that the problem of my customer was fixed without SSF functions

I used the advantage of XI that it has and develop an interface between SAP ERP and XI via ABAP proxy.

The scenario is: on se38 runs a report that calls an outbound synchronous method of ABAP proxy. The encrypted fields are sent to XI, in your turn; XI sends the message to the inbound interface (also ABAP proxy). This inbound interface has a simple role of send the message back as it has (ex. move input to output.). Between interface, I develop a java mapping and inside of them, I call a crypto class with TDES algorithm and with the own key.

It works fine and the customer is satisfied

Thanks for all,

Ricardo Pereira.