Introduction

In our previous blog, we explored the creation and configuration of PGP keys in SAP CPI. This time, we'll dive into the end-to-end implementation and working of the encryptor and decryptor, along with the sign/verify mechanism of the payload. We'll use the Postman tool to test the scenario and utilize the same keys from our previous blog on creating and managing PGP key pairs for SAP CPI integration.

Overview

This blog will cover the following steps:

• Interface Design Implementation
• Encrypting and Signing the Plain Text Payload
• Decrypting and Verifying the Payload to Retrieve Plain Text

   

  Step 1: Interface Design Implementation

  First, we need to implement the interface design. This involves setting up the necessary configurations in SAP CPI to handle the encryption and decryption processes. We will use two different interfaces for encryption and decryption:

  • Encryption and Signing Interface: In the first interface, named"Z_DEMO_PGP_Encrypt_SIGN", we will encrypt and sign the data coming from Postman using the client partner's public key and our own private key.
  • Decryption and Verification Interface: In the second interface, named "ZDEMOPGPDecryptorVerifier", we will decrypt and verify the outcome of the first interface using the partner's private key and our own public key.

    Note: We don't have a configuration for the PGP decryptor pallet, so we don't need to provide the private key alias. However, the private key should be deployed in Manage PGP Keys. If the incoming payload is signed, we need to provide the public key details for verifying the signature.

    Step 2: Encrypting and Signing the Plain Text Payload

    Next, we'll use the encryptor interface to encrypt and sign the plain text payload data. This step ensures that the data is securely transmitted and can be verified for integrity. Below are the configuration details and input/output samples from Postman:

    Configuration Details:

    • Encryptor Interface: "Z_DEMO_PGP_Encrypt_SIGN"
    • Public Key Alias: PartnerDevKey  (for encryption)
    • Private Key Alias: CpiDemoKey     (for Signer)

Postman Input Sample:

Hello from Postman

Postman Output Sample:

-----BEGIN PGP MESSAGE-----

wcBMA0cyi8mLJEMqAQf+JuSjk8UxfScdIhJt1Ginupw0pSW+9rojhYZUgFXbxrFm
MtOxGsUbGgpkIqzGp0LdVUPnv+fkjt1uvDcdK/V78CMDEpmA3TRz+Jz6c3JP7wfp
rPN7kEW8O94kPm/h34HKu+hDQMConSUnKPfnuMYLfcnYeHHPfPzwUum2531/HGou
Ap3wUyOPHcJR/IABtxlMnA0hs33xsdmRUgK9AS3kUPPt6mybLc+x7TL3JNnLNxSS
XBcBw4QYc02cnFLl984w/64U16fwiut1AuqE7FluJvlvZBNn0Xrxg3OQelg8SIFq
cZrw8pnxa3P8S7Z8VAzGTKKALcA9F0QBDjw+/N+wV9LA2AGsM8fDpInVitZRGAfk
i2kWR4eMmmxtMg7Ek8RGlZFpKWvAur3hZOp2VkSQkCaioigfkP34H6tKheWCfaIV
YaTbQvgKgN3Y15Cg8/0bVisYOjiEv9L8FMNihRmi5D7em+oOFXhtrMVRRIi33q9s
w0Nz0OYezC7jomXd01xS9GHtnk6yqhVlB+uN+2x8RzNbQbsFHG+eaP1jrnQWcVXa
3FLGsBjsXoVyPseCk1j8k6t/DMO/O/XKdUTppC3TH1W7JaTW9gozNCuogX7sHXAC
kJx/uXqlBei6cLgkUF1n53PDQLPfLwB49n12zi6eF8OVc0K9Zv6iHcKltSbFy6+R
eqQpO7Aib99Ew4unMjSMd+cJQwzSxwInkYsRECQLG19QTo+k0OamCtMWmON/mRqX
PDT/xEKdv7Cp1huEFHBoOfQmSSjN9k8fTSfIX1FihxdFbtks3yE5jHVgm4JS7Dbb
OeyWcw3n3YlTh7pBE2EOGvrMQmzUTe28V9uKVr+MJwnX1Py+yeCv44ho+z4eN0GL
3o8w5Oy1exww0Q==
=03nq
-----END PGP MESSAGE-----

Using Postman, we can test this scenario by sending a plain text payload to the encryptor interface and observing the encrypted and signed output.

Step 3: Decrypting and Verifying the Payload to Retrieve Plain Text

Finally, we'll send the output from the encryptor interface to the decryptor interface. This step will decrypt the payload and verify its integrity, ensuring that the original plain text data is retrieved accurately. Below are the configuration details and input/output samples from Postman:

Configuration Details:

• Decryptor Interface: "Z_DEMO_PGP_Decryptor_Verifier"
• Private Key Alias: No configuration step available ( it must deployed in Manage PGP Keys)
• Public Key Alias: CpiDemoKey (for verifying the signature)

         In PGP decryptor's processing, we have Three options to handle Signature.

          1. None Expected.

          2. Optional.

          3. Required.

   Here, in content modifier add  "Below Message is decrypted and verified." with decrypted payload.

   This step is optional.

Postman Input Sample:

Output of previous step.

-----BEGIN PGP MESSAGE-----

wcBMA0cyi8mLJEMqAQf+JuSjk8UxfScdIhJt1Ginupw0pSW+9rojhYZUgFXbxrFm
MtOxGsUbGgpkIqzGp0LdVUPnv+fkjt1uvDcdK/V78CMDEpmA3TRz+Jz6c3JP7wfp
rPN7kEW8O94kPm/h34HKu+hDQMConSUnKPfnuMYLfcnYeHHPfPzwUum2531/HGou
Ap3wUyOPHcJR/IABtxlMnA0hs33xsdmRUgK9AS3kUPPt6mybLc+x7TL3JNnLNxSS
XBcBw4QYc02cnFLl984w/64U16fwiut1AuqE7FluJvlvZBNn0Xrxg3OQelg8SIFq
cZrw8pnxa3P8S7Z8VAzGTKKALcA9F0QBDjw+/N+wV9LA2AGsM8fDpInVitZRGAfk
i2kWR4eMmmxtMg7Ek8RGlZFpKWvAur3hZOp2VkSQkCaioigfkP34H6tKheWCfaIV
YaTbQvgKgN3Y15Cg8/0bVisYOjiEv9L8FMNihRmi5D7em+oOFXhtrMVRRIi33q9s
w0Nz0OYezC7jomXd01xS9GHtnk6yqhVlB+uN+2x8RzNbQbsFHG+eaP1jrnQWcVXa
3FLGsBjsXoVyPseCk1j8k6t/DMO/O/XKdUTppC3TH1W7JaTW9gozNCuogX7sHXAC
kJx/uXqlBei6cLgkUF1n53PDQLPfLwB49n12zi6eF8OVc0K9Zv6iHcKltSbFy6+R
eqQpO7Aib99Ew4unMjSMd+cJQwzSxwInkYsRECQLG19QTo+k0OamCtMWmON/mRqX
PDT/xEKdv7Cp1huEFHBoOfQmSSjN9k8fTSfIX1FihxdFbtks3yE5jHVgm4JS7Dbb
OeyWcw3n3YlTh7pBE2EOGvrMQmzUTe28V9uKVr+MJwnX1Py+yeCv44ho+z4eN0GL
3o8w5Oy1exww0Q==
=03nq
-----END PGP MESSAGE-----

Postman Output Sample:

Below Message is decrypted and verified.
Hello from Postman

Using Postman, we can verify that the decrypted data matches the original payload, confirming the process works correctly.

Conclusion

By following these steps, you can successfully implement and test the encryptor and decryptor mechanisms in SAP CPI. This ensures secure and verified data transmission, leveraging the PGP keys created earlier. Stay tuned for more insights and detailed implementations in our upcoming blogs!

Feel free to leave any questions, suggestions, or feedback in the comments section below. We'd love to hear from you!