When we are doing HR or Bank related integration here main factor is data secure, so one of way is encrypt data using PGP keys.
In this tutorial I am going to explore
- How to generate PGP Keys using Kleopatra Software
- How to Encrypt data using PGP Public key in SAP CPI
- How to Decrypt the data using PGP Private Key in SAP CPI
Generating PGP Keys using Kleopatra Software
Open the
Kleopatra application
> File > New Key Pair


Provide the
Key Pair Name > Advanced Settings > Select Validity

Enter the Passphrase

Click on Finish

Key Pair are Successfully generated.
Now we need to export the PGP Public and Private keys.
Exporting PGP Public Key

Save as
FileName .pgp format

Exporting PGP Private Key



Finally, we have generated the PGP public and private keys
These keys we are going to use in the SAP CPI Iflow to Encrypt and Decrypt the content.
PGP Encryption
In this case we need to get PGP public key from the Non-SAP/Third party application team.
CPI Flow Chart

Step-1
Importing the PGP Public Key in
Security Material


Step -2 Navigate to Design > Select Package > Artifact tab > Add Iflow
From the sender Drag the connecting arrow to connect to start action, from the Adapter Type box select the HTTPS.

- In Connection tab, enter the Address or URL details
- Enter /PGPEncryption Optionally, you can enter any value of your choice, but ensure that you use “/”symbol before specifying the endpoint name

Groovy script for the payload logging

import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
def Message processData(Message message) {
def body = message.getBody(java.lang.String) as String;
def messageLog = messageLogFactory.getMessageLog(message);
if(messageLog != null){
messageLog.setStringProperty("Logging#1", "Printing Payload As Attachment")
messageLog.addAttachmentAsString("ResponsePayload:", body, "text/plain");
}
return message;
}
Step-3 PGP Encryptor

Here we are using the PGP Encryptor pallet to encrypt the incoming data
Drag and Drop the PGP Encryptor function from Security tab into Iflow space. In the Processing tab we can select the dropdown values to adjust the algorithm, Key length, Compression etc. values but MUST specify the UID(User ID) of Public/Private Key pair to be used for Encryption

Save and deploy the Iflow
Step-4 Testing the Integration Flow Using Postman

PGP Decryption
In this case we need to generate PGP keys (Public and private), and public key will share with the third-party application team to encrypt the data.
CPI Flow Chart

Step-1
Importing the PGP Private Key in
Security Material


Step-2
Here we are using the PGP Decryptor pallet to Decrypt the incoming content
In the Processing tab Specify the UID(User ID) of Public/Private Key pair to be used for Decryption


Step-3 Testing the Integration flow using Postman


Conclusion
Finally with this blog we can able to Encrypt and Decrypt the content using the PGP keys.