cancel
Showing results for 
Search instead for 
Did you mean: 

Private Key Requirement for Encryption and Decryption

0 Kudos
1,938

Hello Everyone,

I hope you're all doing well.

We're currently tackling a requirement that involves two authentication options:

  1. Using a One Leaf Certificate (CPI Certificate with Root and Intermediate) along with a Private Key.
  2. Utilizing a PFX File, which requires us to provide a Passphrase Value.

We're working within the Integration Suite (SAP CPI) to accomplish this. We're seeking guidance on the best approach to achieve our goal, and also, how can we obtain either a Private Key or a PFX File with the necessary Passphrase Value.

Thank you in advance for your assistance.

Best Regards,

Ashish

View Entire Topic
iignatius
Explorer
0 Kudos

Hell carlos.roggan

Good Day.

My business requirement is to access the third-party application from SAP CPI iFlow.

The third-party system provides two different certificates (PFX files): “Active” and “Signature”, The active certificate is used to access the system, and the signature certificate is used to access the application. To build the signature, the "private key" is mandatory. So the signature PFX file was added to Keystore and access the same by alias name in Groovy to build PrivateKey. In the signature build, we used this "Privatekey" to sign. I am referring to your blogs to build "Privatekey" as below.

// Private Key

KeystoreService keystoreService = ITApiFactory.getService(KeystoreService.class, null)

KeyPair keyPair = keystoreService.getKeyPair("iflowtonodekeys");

PrivateKey privateKey = keyPair.getPrivate();

Current Situation:

I am able to access the third-party system wherever the target ULR does not require a signature header, but when I try to access the target URL with a signature header as per the specification, I am getting an invalid signature from the third-party system. So I would like to verify my perception about creating the private key. I am giving the logic that I used in iFlow Groovy for your reference. Please let me know if any changes are required.

Server Error :

{"errors":[{"code":"invalidSignature","detail":"The HTTP signature could not be verified. Please refer to https://documentation.ibanity.com/security#http-signature","meta":{"requestId":"000112D599A2D9320A01063301BB6540EA4D263106BED6"}}]}


Private Key Build Logic:

KeystoreService keystoreService = ITApiFactory.getService(KeystoreService.class, null)

KeyPair keyPair = keystoreService.getKeyPair("iflowtonodekeys");

PrivateKey privateKey = keyPair.getPrivate();

Signature Digest:

def buildEncodedSignature(PrivateKey privateKey,String signingString){

String DIGEST_ALGORITHM = MessageDigestAlgorithms.SHA_256;

String SIGNATURE_ALGORITHM = "RSASSA-PSS";

PSSParameterSpec PARAMETER_SPEC = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);

String dataToDigest = signingString;

Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);

signature.setParameter(PARAMETER_SPEC);

signature.initSign(privateKey);

byte [] digest = new DigestUtils(DIGEST_ALGORITHM).digest(dataToDigest);

//byte[] b = signatureString.getBytes();

signature.update(digest);

byte[] signedData = signature.sign();

String signatureDigest = Base64.getEncoder().encodeToString(signedData);

return signatureDigest;

}