Biztalk PGP encryption and signing

Similar Messages

• Help required on Encryption and Signing.

  Hello All,
  Client:
  Client is having his own Private key and the public key of the Server.
  Server:
  Server is having his own Private key and the public keys of all the clients.
  When a client wants to send a document to the server with both encryption and signed,
  then he will encrypt the document with the server's public key and then sign the encrypted document
  with his own Private key.
  And then sends it to the server.
  When the server receives the signed object from the client, he has to verify the signature with
  the public key of the client and he has to decrypt the document with the Pirvate key of the server.
  How can we verify the signature?
  By just saying,
  Signature sig = Signature.getInstance("SHA1withRSA");
  sig.initVerify(kp.getPublic());
  boolean verifies = sig.verify(realSig);
  where "realSig" is the signed object.
  In this case i am unable to verify the signature. Even if i succeeded here in verifying the signature,
  how do i decrypt the signed object.
  My question is,
  When the client sends signed object to server, does he sends anything else along with it?
  Say for example if he sends the encrypted document along with the signed object then if i say,
  Signature sig = Signature.getInstance("SHA1withRSA");
  sig.initVerify(kp.getPublic());
  sig.update(cipherText);
  boolean verifies = sig.verify(realSig);
  where "cipherText" is the encrypted document.
  In this case i am able to verify the document and since i will have the encrypted document
  along with the signed object i will decrypt this using the Private key of the server.
  So is it must and should that i need to send the encrypted document everytime along with the signed object to the server.
  Thanks and have a nice time.

  I have two suggestions for you
  First read a good book about cryptography. Even using secure cryptographic algorithms is no guarantee that your solution is secure. Without thorough understanding of cryptography and security someone might break in due to some implementation mistake in your security mechanism. My recommendations: "Applied Cryptography" written by Bruce Schneier and "An Introduction to Cryptography (IntrotoCrypto.pdf)" by Phil Zimmermann, Network Associates. This PDF document can be downloaded as part of the free PGP product from http://www.pgp.com, http://www.pgpi.com or http://www.nai.com
  Second take a serious look at S/MIME. S/MIME allows information to be wrapped in signed and/or encrypted data blocks in a secure way. The S/MIME standard is around for a few years and has been thoroughly reviewed. Bouncycastle (www.bouncycastle.org) contains an library for creating and handling S/MIME data. Never invent your own formats when a standard is available. More information about S/MIME can be found at RSA labs (www.rsa.com or www.rsalabs.com).

• S/MIME support in Mail (encryption and signing)

  Hi,
  is there S/MIME support in iPhones Mail-Client? Mail.app for OS X has great support for encrypting and signing eMails using S/MIME certificates and I wonder if iPhones Mail-Client is able to use S/MIME, too.
  best,
  Jens

  I have the same question. Much of my mail comes with either S/MIME or GnuPG encryption. A device that lets me receive but not read my e-mail isn't much use for communication.
  Can someone confirm?
    Mac OS X (10.4.10)  

• PGP encryption and decryption in soa suite

  Hi,
  We have a requriement where bpel process plays the role of encrypting a file using PGP encryption and then it has to be placed onto a SFTP server using an FTP adapter. We would like to know if this can be done using an owsm policy or a seperate java api has to be created for this and invoked in the bpel process. Currently we have a seperate 3rd party tool which does this pgp encryption and it uses ksh shell script. Is there a way where i can invoke this shell script into my bpel process?
  I found this note (FAQ (Customization) [ID 105127.1]) in oracle metalink.
  How does one run a shell script as a concurrent program?
  1: Write the script and call it .prog
  Place the script under the bin directory under your applications
  top directory.
  For example, call the script CUSTOM.prog and place it under
  $CUSTOM_TOP/bin
  2: Make a symbolic link from your script to $FND_TOP/bin/fndcpesr
  For example, if the script is called CUSTOM.prog use this:
  ln -s $FND_TOP/bin/fndcpesr CUSTOM
  This link should be named the same as the script without the .prog
  extension.
  It should be in the same directory as the script.
  3: Register a concurrent program as described above, using an execution
  method of 'Host'
  Use the name of your script without the .prog extension as the name
  of the executable
  For the example above, you would use CUSTOM
  4: The script will be passed at least 4 parameters, in $1 through $4
  These will be: orauser/pwd, userid, username, request_id
  Any other parameters you define will be passed in $5 and higher.
  Make sure the script returns an exit status.
  But i am ignorant in this area and do not know how the above steps can be executed.
  If any of you guys have done pgp encryption in soa 11.1.1.4, please do let me know if there's any way how i can couple pgp encryption into soa suite.
  Thanks

  You can do it in Java, have a look at this...
  http://www.javacodegeeks.com/2011/06/java-pretty-good-privacy-pgp.html
  Cheers,
  Vlad

• Timestamp Error when calling Encrypt and Signed Web Service

  Hello,
  I maked one Web Service in the Oracle Service Bus 10gR3 that supports Encryption and Sign, basically inserting (manually) this on WSDL Contract:
  This two namespaces:
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  This Declarations:
  <wsp:UsingPolicy Required="true"/>
  <input>
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Encrypt.xml"/>
  </wsp:Policy>
  <soap:body use="literal" />
  </input>
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Sign.xml"/>
  </wsp:Policy>
  The above declarations was inserted in the correct points inside the WSDL Contract and the Web Service is working correctly.
  The Problem is related to Sign.xml declaration, when i insert this declaration:
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Sign.xml"/>
  </wsp:Policy>
  Then, the Web Service shows an error. Following the Request and Resonse (That shows the error):
  Request:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ger="http://www.abc.com.br/Service">
  <soapenv:Header/>
  <soapenv:Body>
  <ger:gerarHashSenha>
  <arg0>123456</arg0>
  </ger:gerarHashSenha>
  </soapenv:Body>
  </soapenv:Envelope>
  Response:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  *<faultstring>Can not retrieve header: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</faultstring>*
  </env:Fault>
  </env:Body>
  </env:Envelope>
  Observation: I was invoking the WebService using the soapUI Tool.
  I Tryed change the request to bellow code, but doesn't work:
  <soapenv:Envelope xmlns:ger="http://www.abc.com.br/Service" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsu:Timestamp wsu:Id="Timestamp-447" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsu:Created>2010-05-27T21:40:55.667Z</wsu:Created>
  <wsu:Expires>2010-05-27T21:41:55.667Z</wsu:Expires>
  </wsu:Timestamp>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <ger:gerarHashSenha>
  <arg0>123456</arg0>
  </ger:gerarHashSenha>
  </soapenv:Body>
  </soapenv:Envelope>
  Thanks.
  Victor Jabur.

  someone has any idea ?
  Thanks

• PGP Encrypt and decrypt

  Hi,
  Is there anyone use PGP encryption and decryption in PLSQL?
  can it be done?
  Thanks
  Vincent

  if I recall, PGP allows you to choose different methods of encryption.
  are you asking for any particular type in general?
  as PL/SQL is a turing complete language, the answer would have to be 'Yes' to your question, but
  you may find this useful:
  http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_obtool.htm

• No indication whether the email is encrypted and signed with S/MIME

  I have been using OpenPGP/GPGMail V2.0b6 for email encryption for some time. Now I added S/MIME. What I noticed is that if I send an encrypted and signed email with GPGMail the header in the send mail will show that it was encrypted and signed. However, if I send an encrypted and signed email with S/MIME there is not notification in the mail header. Only be checking the send mail in the iPad was I able to confirm that the email was really encrypted and signed with S/MIME.
  Does anybody else have experienced this?
  Is there a solution to this problem?

  I have now further analysed the behaviour of S/MIME encryption and signitures on the iPad (iOS 7.0.2) and the iMac (OSX 10.8.5).
  I installed a Comodo free email certificate on my iMac and the same certificate on my iPad. Another Comodo free email certificate I installed on the iMac of a friend of mine.
  Sending back and forth encrypted, signed or both encrypted and signed messages between iMacs and iMac and iPad works with no problem. In the iPad email header it is indicated with symbols wether the email is encrypted, signed or both encrypted and signed. On the iMac on the other hand only when the email is signed is that indicated with a symbol in the email header (see figure below).
  When an email is encrypted or encrypted and signed is this not indicated with symbols in the email header. This is in contrast to OpenPGP. OpenPGP emails always indicate with symbols whether they are encrypted, signed or both encrypted and signed (see figure below).
  I hope that in OSX 10.9 email header symbols will indicate whether emails are S/MIME encrypted, S/MIME signed or S/MIME encrypted and signed.

• PGP encryption and moving of a file from one system to another

  Hi All,
  Could you please provide me the necessary information in setting up the below jobs in Redwood CPS.
  a) How can i do pgp encryption to a file in a SAP system?.  Could you please provide me the necessary steps.
  b) How can i do pgp encryption to a file in a non SAP system?.  Could you please provide me the necessary steps.
  b) Can i move a file from one SAP system  to another SAP system(example ECC to BI)?. If so, could you please provide me the necessary steps.
  c) Can i move a file from a SAP system  to a Non- SAP system?.  If so, could you please provide me the necessary steps.
  d) Can i move a file from a Non-SAP system  to another Non- SAP system?.  If so, could you please provide me the necessary steps.
  e)How can i ftp a file  and move it to a different network?. Could you please provide me the necessary steps.
  Thank you in advance.
  Thanks and Regards,
  Ramana

  Hi Ramana,
  a) You have a file in an SAP system that you want to encrypt, I you have the full path to the file, you can create and use an appropriate external command to perform the encryption, unless you know of an ABAP program to do that. Once you know which option you have, you can either schedule SAP_AbapRun to run the ABAP to encrypt the file, or SAP_ExternalCommandRun if you have an external command defined for the process.
  b) On the target system, you install a platform agent (license required) and check which command you have for pgp encryption. On Unix, you would use gpg. Simply create a BASH job definition with a String parameter named File and fill the following source: gpg -e -u `whoami` -r [email protected] <${File} > $File"_encrypted"
  b2) Talk to your SAP Basis team, you could use SAP CTS/STMS for that,  you could integrate that into CPS
  c)I imaging the file is an output of an ABAP program ? Run the ABAP program from within CPS with SAP_AbapRun, then the file will be on the CPS server, you can then copy the file to the target host, again, platform agents required on CPS system. You can use FTP, sFTP, SCP, NFS, CIFS (Windows share) whatever your platform requires.
  d) Platform agents required on source system. Target system must have windows share/NFS/SSHD/FTP or whatever you could use for file transfers
  e)Please see the documentation on jftp.
  Regards,
  HP

• How to process encrypted and signed PGP message in BC library ?

  Message is encrypted by rsa and idea algorithm. I've got decrypted idea sesssion key. But i don't know how to decrypt this message (and what is the structure). Maybe somebody would post working code for that operation.

  Here is another option.
  I had the same problem with my Mac OSX System 10.8.4 after update cups from 1.6.2 to 1.6.3.
  I have a MacBookPro with the same system version and copy the libcups.2.dylib file form /usr/lib/ then replace the error file in my other Mac.
  1. Install cups 1.6.2 again
  2. Replace the file libcups.2.dylib in /usr/lib/ directory with this one libcups.2.dylib
  Note: I added the link if you dont have an other mac in the same version available.
  This works for me.

• Change encryption and signing certifcate

  Hi,
  in my network I have Exchange 2007 and Outlook 2010/2013.
  I need to replace the existing internal enterprise root Certification Authority with a new one.
  Some people use the encryption email with certificates issued by current CA.
  When will I replace the CA and install the new user certificate issued by the new root CA, what will happen to old encrypted emails ?
  I need users to be able to read the old encrypted email.
  Thanks
  Andrea

  Hi Andrea:
  where do you want to apply this change? 
  For Email encryption, if public key of the old certificate is still available, user will be able to read the mail. Otherwise, no.

• PGP Encryption/Signing issue

  Hi Experts,
  We are working on a scenario to sign the message while sending to client but the message created doesn't seem to be like signed message.
  The message created is as below
  -----BEGIN PGP MESSAGE-----
  Version: BCPG v1.46
  kA0DAAIBadYy7HCWZSAByzZiJDMzNDliZmUyLTFiZDctMTFlNC04NzZmLTAwMDAw
  MDUwNGNkNlPfhdpTaWduIG1lc3NhZ2WJARwEAAECAAYFAlPfhdoACgkQadYy7HCW
  ZSAP7ggAlLy4/itUM4TrzzAwtDXB3FX2VgI/8kztoWNqyLKAzytOudu/KDbfqTNx
  PMZQXjEsn62MXWSV39vWW2lJ+OKJXnlZ/tEYqGa3Bn1rBIK8wsqfQR02S28XrpAh
  csL6vXCAm8trCxIrxy2aZR2ibmioSVowMVkrVTj/hckiRsW5pconIZjiPqlynwJX
  ayp7fkqmJ9ZYOqR4/ygqNOuSN5XTudFvRuvAqHSw23CMQzz4u2PZcODSd1WOsmOJ
  3SDgt4H1SxPx/zZ1d08V1iPd+kRf0bsBijG1tLeP+DbeAEPSOOVzmtLpnlEXNhLn
  arAe1rqDvTmexoXmDvo1xaYZhIzpvA==
  =6Ssh
  -----END PGP MESSAGE-----
  But as far as I know the signed message looks likes the one below.
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  Example of message signing
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.6 (MingW32)
  iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
  e5AJIRuLUIUikjNWQIW63QE=
  =aAhr
  -----END PGP SIGNATURE-----
  We have maintained the module parameter as per the help guide to only sign the message. We do not need encryption.
  pgp
  applyCompression
  None
  pgp
  applyEncryption
  false
  pgp
  applySignature
  true
  pgp
  asciiArmored
  true
  pgp
  ownPrivateKey
  testPrivate_key.gpg
  pgp
  partnerPublicKey
  testPublic_Key.asc
  pgp
  pwdOwnPrivateKey
  pgp
  signingAlgo
  SHA1
  Not sure if some configuration is missing or the signed, encrypted and signed & encrypted messages look same if created using PGPEncryptionModule.
  Appreciate any help on this.
  Regards,
  Pankaj

  Hi Siva,
  I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
  Please refer -
  Re: PGP Encryption/Decryption
  PGP Encryption in B2B
  Regards,
  Anuj

• PGP Encryption support in SOA Suite 11g

  Hi,
  Looking for PGP encryption support in SOA Suite 11g as we have a requirement to encrypt the file using PGP encryption and send over SFTP.
  I already went through some of the forums posts but they are date back to 2007, so just wanted to confirm if there is anything in recent releases of SOA Suite.
  - FTP adapter support or
  - OWSM suppport.
  As far as i know, we have to install some PGP tool and write a script to encrypt/decrypt and call the script from BPEL. this conclusion is based on a stmt given in the OWSM 10g book by sitaraman.
  Please provide your insights on this.
  Thanks
  Siva

  Hi Siva,
  I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
  Please refer -
  Re: PGP Encryption/Decryption
  PGP Encryption in B2B
  Regards,
  Anuj

• PGP Encryption in FTP Adapter

  Hi All,
  We need to do FTP some files from remote server and files are to be pgp encrypted or decrypted.Can you please tell is there some way to use pgp encryption in FTP adapter. If yes, please provide some link for documentation.
  or shall we do ftp using some other program which support pgp encryption and then our bpel process should read file using file adapter.
  Please suggest better option out of both.
  Thanks.

  Hi Ram,
  Is the scenario same in Oracle SOA Suite11g latest release as well?
  If we have to go for OpenPGP tool manual intervention is requried to encrypt the file which may not be possible in our scenario.
  Thanks
  Siva

• Linux script for PGP encryption

  Hello,
  We are trying to do PGP encryption by giving the OS command in the File adapter. Can somebody provide me the exact linux script that we should use to do PGP encryption?
  Note: We have XI-3.0 on LINUX.
  Promise points for helpful answers.
  Regards,
  Raji.

  Hi Rajashree
  PGP Encryption is used to support the transmission of sensitive data to / from third party systems via XI.
  Adapter modules are developed to encrypt the file using PGP.
  We had a similar requirement where we used PGP encryption.The module was developed using Cryptix OpenPGP which is a Java implementation of the OpenPGP standard.When the module is called in the adapter, it uses the PGP key provided by the party that will receive the encrypted message. This module should be called prior to calling the Sap adapter
  Logic Flow/Processing:
  1.Read the XML payload and message for getting the needed data.
  2.Read the key to be used in the encryption and log the key to be used and the beginning of the encryption.
  3.Call the PGP encryption and compression method.
  4.Log whether encryption has been successful.
  5.Set as payload the message content encrypted, and the principal data.
  6.If any error occurs, logs an exception in PGP adapter module and the error reason.
  7.Return the message.
  Go through This links
  Is there any FTP API available from SAP?
  Send Text file to FTP in binary mode with PGP encryption
  http://www.webmethods.com/meta/default/folder/0000007429
  Converting IDOC to XML
  XI implementation
  http://www1.webmethods.com/PDF/webMethods_for_SAP-wp.pdf
  Current versions found at http://www.cryptix.org and http://www.bouncycastle.org.
  http://www.bouncycastle.org/documentation.html
  If you want to use the unix script on windows then you need cygwin. Take the shell executable and cygwin.dll and copy them to another machine and try out.
  Else you write an .exe or a batch file where you will give your PGP command to encrypt and decrypt and execute it from the OS level in your adapter. Check my answer in this thread:
  Re: PGP Encription
  Might be useful.
  PGP Encription
  Re: PGP Encription
  \Re: triggering encryption script with XI
  Pls rewards if useful

• PGP Encryption Scenario for a Proxy to File Scenario.

  I have a scenario where an outbound proxy from R/3 system is extracting some hr related info type data and sending it to XI system. The XI system is required to convert the data into a flat file format and encrypt the data using PGP.
  <b>R/3 -
  Proxy -
  > XI System -
  File Encrypted----
  > External System.</b>
  Need some inputs from experts how to set up the scenario. In the file adapter we can trigger scripts at the O/S level to encrypt the file.
  What I would like to know what the configurations that are required to get the scenario working namely,
  1. Where do we need to install the PGP software is it on the FTP server or XI server ?
  2. How will the scripts be executed by the Receiver File adapter ?

  Hi Indranil
  Here is some info on PGP/XI
  <<<<1. Where do we need to install the PGP software is it on the FTP server or XI server ?
  <i>
  XI server</i>
  Also go thru the following excerpt
  XI dont support PGP encryption and decryption. I have done some interfaces using PGP encryption at OS level and then using XI. Install the software in XI and write the OS command for encryption and decryption at OS level. Call this command in File adapter after or before message processing.
  PGP Encryption:
  We get the normal text file from R3. Then we have written two XI interfaces here. My first interface will pick from R3 and encrypts the file and drops it in another location of R3. In this interface I have given OS command before message processing. This will pick the file and do the encryption.
  My second interface will pick the encrypted file from R3 and do a simple FTP to the Bank.
  This is exactly opposite for decrypting the file from Bank.
  <i>Thanks 2 Satish Reddy</i>
  Regards
  krishna
  <i>Note:Reward points if helpful</i>