Call us: +31 183 693738 - Mail: info@aedaptive.com       

PGP for SAP NetWeaver

The Need for Encryption

We all have seen the news about companies loosing sensitive customers and business data, about government agencies loosing classified data on USB memory sticks, and about employees stealing credit cards data from their employers. At the same time it becomes more and more important to be able to trace communications and to be able to validate the authenticity the messages from your business partners.

Due to issues like these and governments regulations more and more companies are starting to implement and tighten corporate wide security guidelines. These guidelines cover an extensive realm of topics, from behavior guidelines for employees to building access and systems security. One of the topics that these guidelines should address is how data is secured that is exchanged between employees and customers, between employees and customers and partners, between applications within the company, and between company applications and partner applications. Although in a lot of ways these cases require specific guidelines, it is beneficial to standardize as much as possible. One area that allows for such standardization is encryption. Currently the most versatile encryption standard – that can be use both to secure data on USB memory stick and to encrypt business to business communications – is PGP.

Pretty Good Privacy

PGP (Pretty Good Privacy) is an IETF (Internet Engineering Task Force) standard for signing and encrypting email and file data. Because PGP offers both singing and encryption it is more versatile then transport security standards such as HTTPS. Although there are other standards that offer singing and encryption– for instance XML Security – these are considerable more difficult to implement and are also more limited. XML Security for instance can only be used on XML messages. PGP on the other hand can be used with any kind of data, including flat files and binary data. This makes PGP an excellent candidate for a corporate wide security standard. Due to this versatility PGP has gained popularity as a security standard in banking and insurance.

There are currently several excellent PGP solutions available in the market. However, if you want to integrate these solutions with SAP, you are required to store data unencrypted on disk and call a separate program. This not only adds a potential security breach, but the fact that the PGP encryption and decryption takes place outside of your SAP environment, also greatly complicates monitoring your solutions.

AEDAPTIVe PGP for SAP NetWeaver

AEDAPTIVe PGP is a solution for SAP NetWeaver Process Integration that offers PGP encryption and decryption in the form of SAP NetWeaver PI modules. This means that – unlike other products on the market – AEDAPTIVe PGP is completely integrated in SAP NetWeaver.
This has several benefits. The most important one is that the encryption and decryption process takes place within SAP NetWeaver PI, so that there are no unencrypted data files on disk that can be compromised. A second benefit is that the encryption and decryption process can be monitored completely using the standard monitoring tools of SAP NetWeaver PI. Your support staff does not need to use external monitoring tools to keep track on the PGP encryption process.

Encryption and Decryption

AEDAPTIVe PGP is implemented as two PI modules – the PGP Encryption Module and the PGP Decryption Module. The Encryption Module can be used to encrypt and sign data; the Decryption Module is used to decrypt and verify encrypted data. These modules can be used in combination with any SAP or non-SAP adapter and other modules, provided that there are no license limitations (which might be the case with some third-party adapters).

Keep in mind that after encryption and before decryption the data is in PGP encrypted format. This also puts some limitations to the adapter use. For instance you cannot use the file conversion features of the File Sender adapter as these are executed after the execution of the modules. If you want to convert your data in flat file format, you can use the content conversion module before you call the PGP encryption module.
Both Modules report extensively to the Run Time Workbench. If something goes wrong during encryption, your message in SAP NetWeaver will go into error and the error reason – for instance an expired key – will be clearly visible in SAP NetWeaver Run Time Workbench.

If something goes wrong during encryption or decryption on the data, your message in SAP NetWeaver will go into error and the error reason – for instance an expired key – will be clearly visible in SAP NetWeaver Run Time Workbench.

Use Cases

  • A company sends encrypted and signed payments via FTP to their bank and receives encrypted bank statements. The PGP modules are used to encrypt the bank statements before sending them to the bank, and to decrypt the received bank statements.
  • A company needs to send sensitive BI reports to senior management. The reports are processed via SAP NetWeaver PI and are send using the SMTP adapter. The PGP Encryption module is used to encrypt the report before it is attached to the email as an attachment.

Data is transferred between two applications using file transport. To ensure that the data is secure during transport, the data is encrypted using the PGP Encryption Module before it is send.

Features

Feature Supported Remarks
PGP Features
Public key encryption and decryption Yes
Creating digital signatures Yes
Public key encryption and decryption for multiple recipients Yes
Compatibility with the OpenPGP standard Yes The PGP Module is compatible with RFC 2440 and RFC 4880. Compatibility with RFC 1991 (PGP 2.6.x) is not supported. The first version of PGP that is supported is PGP 5.0. Please see below for some less used features that are not supported by AEDAPTIVe PGP.
Supported public key algorithms RSA, DH, DSS All public key algorithms and key sizes that are described in RFC 4880 are supported.
Supported symmetric key algorithms AES, 3DES, and others All symmetric key algorithms and key sizes that are described in RFC 4880 are supported.
Compression Yes ZIP and ZLIB compression and decompression are supported. BZIP2 decompression is supported.
ASCII armoring (Radix64 encoding) Yes
Creating clear signed messages No This is not supported in the current version of the adapter.
Creating and validating detached signatures No Due to the nature of SAP NetWeaver PI this is not supported.
Symmetric key encryption and decryption Yes Combination with public key encryption.
Key management Yes Free delivered!
SAP NetWeaver Process Integration Features
Supported SAP NetWeaver XI/PI versions 2004/2004s SAP NetWeaver 2004 (XI 3.0), SP 12 or higher. SAP NetWeaver 2004s (PI 7.0), SP 8 or higher. SAP NetWeaver PI 7.1, SP 6 or higher. SAP NetWeaver PI 7.1 and 7.3.
Supported adapters All There are no restrictions on the adapter that is used with the PGP encryption and decryption module.
Monitoring via Run Time Workbench Supported The PGP encryption and decryption module can be monitored using the adapter and message monitoring of Run Time Workbench.
Back to Top