Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Applies to:

PGP Encryption/Decryption modules used in SAP Netweaver PI based Standard and Partner Adapters

Summary

The following sections briefly describe the steps to create PGP key pairs using open source tool gpg4win and converting them in to ASCII Armored format.

Author(s):

Sivasubramaniam Arunachalam

Company: SAP Labs
Created on: 11-Jan-2012
Author(s) Bio
Sivasubramaniam Arunachalam is a senior developer at SAP Labs (Technology Innovation Platform). He is currently occupied with PI 7.31 development/maintenace activities. Since Sivasubramaniam joined SAP Labs in July 2010, he has developed new features in several adapters/areas including File, JDBC, IDoc, SOAP/XI, HTTP, JPR, B2B(RNIF 1.1/2.0, CIDX & PIDX) Adapters, XML Validation and Mapping Runtime. Currently, he is the component responsible for File, JDBC, B2B Adapters and XML Validation and takes care of all new development, enhancement and maintenance activities.

Table of Contents

Tools Required

It will automatically update it's path to the system PATH(Environment variable)

Generating Key Pairs

  • Open the console the issue the following command to initiate the generation of public/private key pairs
# gpg --gen-key

  • It will create both keys with the name like secring.gpg (Private Key) and pubring.gpg (Public Key)
  • Select RSA(5) as a key type

  • Choose the default key size (2048) by just pressing enter without any input.

  • Choose the default key validity (key does not expire) by just pressing enter without any input
  • During confirmation prompt, press 'y'

  • Provide the Real User Name and E-Mail Address for the key to be issued with optional Comment
  • Press 'O' for 'Okay'

  • Provide and confirm the passpharse for private key

  • Acutal keys will be updated after providing random system gestures

  • Verify the details of the generated Private Key
# gpg -K

  • Verify the details of the generated Public Key
# gpg -k

  • Verify the key location

Generate ASCII Armored Keys from GPG Keys

  • Use the following command to generate ASCII Armored Public Key
# gpg --export pgp.sender@pgpsender.com > public_key_sender.asc

  • Use the following command to generate ASCII Armored Private Key
# gpg --export-secret-key pgp.sender@pgpsender.com > private_key_sender.asc

  • Verify the generated ASCII Armored keys

To generate the another key pair (for PGP Receiver), move the present keys to different location and follow the same steps from the beginning. These key pairs can be used for both Encryption and Signing.

6 Comments

  1. Former Member

    Hi Siva,

    Thanks for this nice Wiki, I beleive for generating the ascii armored file, perhaps there should be change in command,

    # gpg --export pgp.sender@pgpsender.com > public_key_sender.asc &
    # gpg --export-secret-key pgp.sender@pgpsender.com > private_key_sender.asc
    Should be

    # gpg -a --export pgp.sender@pgpsender.com > public_key_sender.asc &
    # gpg -a --export-secret-key pgp.sender@pgpsender.com > private_key_sender.asc
     
    Thanks,
     
    Nipun.

    1. Former Member

      Many Thanks NS

      We are using the correction given by you in our project to generate the Keys.

  2. Anonymous

    Hi Nipun,

    Thanks for the comment. Yes,  you are correct. But it strangely produces only ASCII Armored output for all the "export" options. BTW, I will change it soon.

    Thanks, Siva

  3. Former Member

    Hello Siva

    We need to setup this PGP in our SAP PI 730 system.  What is difference between Generating Key Pairs and Generate ASCII Armored Keys from GPG Keys?

    Do we need to login to server where we have installed on PI and generate key with Gpg4win?

    What if we have HA PI 730 system , Do we need to generate on both the nodes of HA system?

    Thanks

    Atul

  4. Former Member

    Hello

    is it possible to use on Unix system?

    if it is, Where can i get GNU for Unix?

    Thanks

  5. Former Member

    Hi Siva,

    This is really helpful blog but could you please update the blog with Nipun's correction. We followed the steps mentioned by you and realized that there is a correction given in comments section.

    Thanks

    Varun Goel