Biztalk PGP encryption and signing
Hi,
Currently i am working on a custom pipeline component to PGP encrypt and sign the outgoing message from Biztalk 2013 with public and private keys.
I am referring the content mentioned in the below posts
https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2
http://bajwork.blogspot.co.nz/2007/08/pgp-pipeline-component.html
But we have a requirement to use PGP version 6.5.8 and i could not find what PGP versions the above components supports.
Any one has any idea about Biztalk and PGP version 6.5.8 for encryption and signing?
Thanks
JB
PGP has different versions and 6.5.8 is older one. If just download the Bouncy castle pgp dll, it’s not going to use the 6.5.8 version of PGP.
http://www.pgpi.org/products/pgp/versions/freeware/win32/6.5.8/
With latest Bouncy castle pgp dll, there are few issues encountered by the user you tried to use PGP version 6.5.8, especially around signature validation. Following are the discussion on
the issues faced..
http://stackoverflow.com/questions/7193323/encrypt-with-bc-and-decrypt-with-pgp-6-5-8
http://bouncy-castle.1462172.n4.nabble.com/ERROR-encrypted-session-key-is-bad-when-trying-to-decrypt-td1466221.html
http://bouncy-castle.1462172.n4.nabble.com/Compatibility-Issue-with-PGP-6-5-8-td1467170.html
People have manage to get it working with few changes to the PGP code (which you can get it here
http://www.bouncycastle.org/csharp/index.html )
This forum is not the right place to raise question about finding the Bouncy castle pgp dll version compactable with v6.5.8. try to post this question here
http://bouncy-castle.1462172.n4.nabble.com/
Once you have their dll compactable with v 6.5.8, then you can use it in BizTalk suggested by the links referenced by you.
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.
Similar Messages
-
Help required on Encryption and Signing.
Hello All,
Client:
Client is having his own Private key and the public key of the Server.
Server:
Server is having his own Private key and the public keys of all the clients.
When a client wants to send a document to the server with both encryption and signed,
then he will encrypt the document with the server's public key and then sign the encrypted document
with his own Private key.
And then sends it to the server.
When the server receives the signed object from the client, he has to verify the signature with
the public key of the client and he has to decrypt the document with the Pirvate key of the server.
How can we verify the signature?
By just saying,
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(kp.getPublic());
boolean verifies = sig.verify(realSig);
where "realSig" is the signed object.
In this case i am unable to verify the signature. Even if i succeeded here in verifying the signature,
how do i decrypt the signed object.
My question is,
When the client sends signed object to server, does he sends anything else along with it?
Say for example if he sends the encrypted document along with the signed object then if i say,
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(kp.getPublic());
sig.update(cipherText);
boolean verifies = sig.verify(realSig);
where "cipherText" is the encrypted document.
In this case i am able to verify the document and since i will have the encrypted document
along with the signed object i will decrypt this using the Private key of the server.
So is it must and should that i need to send the encrypted document everytime along with the signed object to the server.
Thanks and have a nice time.I have two suggestions for you
First read a good book about cryptography. Even using secure cryptographic algorithms is no guarantee that your solution is secure. Without thorough understanding of cryptography and security someone might break in due to some implementation mistake in your security mechanism. My recommendations: "Applied Cryptography" written by Bruce Schneier and "An Introduction to Cryptography (IntrotoCrypto.pdf)" by Phil Zimmermann, Network Associates. This PDF document can be downloaded as part of the free PGP product from http://www.pgp.com, http://www.pgpi.com or http://www.nai.com
Second take a serious look at S/MIME. S/MIME allows information to be wrapped in signed and/or encrypted data blocks in a secure way. The S/MIME standard is around for a few years and has been thoroughly reviewed. Bouncycastle (www.bouncycastle.org) contains an library for creating and handling S/MIME data. Never invent your own formats when a standard is available. More information about S/MIME can be found at RSA labs (www.rsa.com or www.rsalabs.com). -
S/MIME support in Mail (encryption and signing)
Hi,
is there S/MIME support in iPhones Mail-Client? Mail.app for OS X has great support for encrypting and signing eMails using S/MIME certificates and I wonder if iPhones Mail-Client is able to use S/MIME, too.
best,
JensI have the same question. Much of my mail comes with either S/MIME or GnuPG encryption. A device that lets me receive but not read my e-mail isn't much use for communication.
Can someone confirm?
Mac OS X (10.4.10) -
PGP encryption and decryption in soa suite
Hi,
We have a requriement where bpel process plays the role of encrypting a file using PGP encryption and then it has to be placed onto a SFTP server using an FTP adapter. We would like to know if this can be done using an owsm policy or a seperate java api has to be created for this and invoked in the bpel process. Currently we have a seperate 3rd party tool which does this pgp encryption and it uses ksh shell script. Is there a way where i can invoke this shell script into my bpel process?
I found this note (FAQ (Customization) [ID 105127.1]) in oracle metalink.
How does one run a shell script as a concurrent program?
1: Write the script and call it .prog
Place the script under the bin directory under your applications
top directory.
For example, call the script CUSTOM.prog and place it under
$CUSTOM_TOP/bin
2: Make a symbolic link from your script to $FND_TOP/bin/fndcpesr
For example, if the script is called CUSTOM.prog use this:
ln -s $FND_TOP/bin/fndcpesr CUSTOM
This link should be named the same as the script without the .prog
extension.
It should be in the same directory as the script.
3: Register a concurrent program as described above, using an execution
method of 'Host'
Use the name of your script without the .prog extension as the name
of the executable
For the example above, you would use CUSTOM
4: The script will be passed at least 4 parameters, in $1 through $4
These will be: orauser/pwd, userid, username, request_id
Any other parameters you define will be passed in $5 and higher.
Make sure the script returns an exit status.
But i am ignorant in this area and do not know how the above steps can be executed.
If any of you guys have done pgp encryption in soa 11.1.1.4, please do let me know if there's any way how i can couple pgp encryption into soa suite.
ThanksYou can do it in Java, have a look at this...
http://www.javacodegeeks.com/2011/06/java-pretty-good-privacy-pgp.html
Cheers,
Vlad -
Timestamp Error when calling Encrypt and Signed Web Service
Hello,
I maked one Web Service in the Oracle Service Bus 10gR3 that supports Encryption and Sign, basically inserting (manually) this on WSDL Contract:
This two namespaces:
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
This Declarations:
<wsp:UsingPolicy Required="true"/>
<input>
<wsp:Policy>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</input>
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
</wsp:Policy>
The above declarations was inserted in the correct points inside the WSDL Contract and the Web Service is working correctly.
The Problem is related to Sign.xml declaration, when i insert this declaration:
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
</wsp:Policy>
Then, the Web Service shows an error. Following the Request and Resonse (That shows the error):
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ger="http://www.abc.com.br/Service">
<soapenv:Header/>
<soapenv:Body>
<ger:gerarHashSenha>
<arg0>123456</arg0>
</ger:gerarHashSenha>
</soapenv:Body>
</soapenv:Envelope>
Response:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
*<faultstring>Can not retrieve header: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</faultstring>*
</env:Fault>
</env:Body>
</env:Envelope>
Observation: I was invoking the WebService using the soapUI Tool.
I Tryed change the request to bellow code, but doesn't work:
<soapenv:Envelope xmlns:ger="http://www.abc.com.br/Service" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-447" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-05-27T21:40:55.667Z</wsu:Created>
<wsu:Expires>2010-05-27T21:41:55.667Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ger:gerarHashSenha>
<arg0>123456</arg0>
</ger:gerarHashSenha>
</soapenv:Body>
</soapenv:Envelope>
Thanks.
Victor Jabur.someone has any idea ?
Thanks -
Hi,
Is there anyone use PGP encryption and decryption in PLSQL?
can it be done?
Thanks
Vincentif I recall, PGP allows you to choose different methods of encryption.
are you asking for any particular type in general?
as PL/SQL is a turing complete language, the answer would have to be 'Yes' to your question, but
you may find this useful:
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_obtool.htm -
No indication whether the email is encrypted and signed with S/MIME
I have been using OpenPGP/GPGMail V2.0b6 for email encryption for some time. Now I added S/MIME. What I noticed is that if I send an encrypted and signed email with GPGMail the header in the send mail will show that it was encrypted and signed. However, if I send an encrypted and signed email with S/MIME there is not notification in the mail header. Only be checking the send mail in the iPad was I able to confirm that the email was really encrypted and signed with S/MIME.
Does anybody else have experienced this?
Is there a solution to this problem?I have now further analysed the behaviour of S/MIME encryption and signitures on the iPad (iOS 7.0.2) and the iMac (OSX 10.8.5).
I installed a Comodo free email certificate on my iMac and the same certificate on my iPad. Another Comodo free email certificate I installed on the iMac of a friend of mine.
Sending back and forth encrypted, signed or both encrypted and signed messages between iMacs and iMac and iPad works with no problem. In the iPad email header it is indicated with symbols wether the email is encrypted, signed or both encrypted and signed. On the iMac on the other hand only when the email is signed is that indicated with a symbol in the email header (see figure below).
When an email is encrypted or encrypted and signed is this not indicated with symbols in the email header. This is in contrast to OpenPGP. OpenPGP emails always indicate with symbols whether they are encrypted, signed or both encrypted and signed (see figure below).
I hope that in OSX 10.9 email header symbols will indicate whether emails are S/MIME encrypted, S/MIME signed or S/MIME encrypted and signed. -
PGP encryption and moving of a file from one system to another
Hi All,
Could you please provide me the necessary information in setting up the below jobs in Redwood CPS.
a) How can i do pgp encryption to a file in a SAP system?. Could you please provide me the necessary steps.
b) How can i do pgp encryption to a file in a non SAP system?. Could you please provide me the necessary steps.
b) Can i move a file from one SAP system to another SAP system(example ECC to BI)?. If so, could you please provide me the necessary steps.
c) Can i move a file from a SAP system to a Non- SAP system?. If so, could you please provide me the necessary steps.
d) Can i move a file from a Non-SAP system to another Non- SAP system?. If so, could you please provide me the necessary steps.
e)How can i ftp a file and move it to a different network?. Could you please provide me the necessary steps.
Thank you in advance.
Thanks and Regards,
RamanaHi Ramana,
a) You have a file in an SAP system that you want to encrypt, I you have the full path to the file, you can create and use an appropriate external command to perform the encryption, unless you know of an ABAP program to do that. Once you know which option you have, you can either schedule SAP_AbapRun to run the ABAP to encrypt the file, or SAP_ExternalCommandRun if you have an external command defined for the process.
b) On the target system, you install a platform agent (license required) and check which command you have for pgp encryption. On Unix, you would use gpg. Simply create a BASH job definition with a String parameter named File and fill the following source: gpg -e -u `whoami` -r [email protected] <${File} > $File"_encrypted"
b2) Talk to your SAP Basis team, you could use SAP CTS/STMS for that, you could integrate that into CPS
c)I imaging the file is an output of an ABAP program ? Run the ABAP program from within CPS with SAP_AbapRun, then the file will be on the CPS server, you can then copy the file to the target host, again, platform agents required on CPS system. You can use FTP, sFTP, SCP, NFS, CIFS (Windows share) whatever your platform requires.
d) Platform agents required on source system. Target system must have windows share/NFS/SSHD/FTP or whatever you could use for file transfers
e)Please see the documentation on jftp.
Regards,
HP -
How to process encrypted and signed PGP message in BC library ?
Message is encrypted by rsa and idea algorithm. I've got decrypted idea sesssion key. But i don't know how to decrypt this message (and what is the structure). Maybe somebody would post working code for that operation.
Here is another option.
I had the same problem with my Mac OSX System 10.8.4 after update cups from 1.6.2 to 1.6.3.
I have a MacBookPro with the same system version and copy the libcups.2.dylib file form /usr/lib/ then replace the error file in my other Mac.
1. Install cups 1.6.2 again
2. Replace the file libcups.2.dylib in /usr/lib/ directory with this one libcups.2.dylib
Note: I added the link if you dont have an other mac in the same version available.
This works for me. -
Change encryption and signing certifcate
Hi,
in my network I have Exchange 2007 and Outlook 2010/2013.
I need to replace the existing internal enterprise root Certification Authority with a new one.
Some people use the encryption email with certificates issued by current CA.
When will I replace the CA and install the new user certificate issued by the new root CA, what will happen to old encrypted emails ?
I need users to be able to read the old encrypted email.
Thanks
AndreaHi Andrea:
where do you want to apply this change?
For Email encryption, if public key of the old certificate is still available, user will be able to read the mail. Otherwise, no. -
PGP Encryption/Signing issue
Hi Experts,
We are working on a scenario to sign the message while sending to client but the message created doesn't seem to be like signed message.
The message created is as below
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.46
kA0DAAIBadYy7HCWZSAByzZiJDMzNDliZmUyLTFiZDctMTFlNC04NzZmLTAwMDAw
MDUwNGNkNlPfhdpTaWduIG1lc3NhZ2WJARwEAAECAAYFAlPfhdoACgkQadYy7HCW
ZSAP7ggAlLy4/itUM4TrzzAwtDXB3FX2VgI/8kztoWNqyLKAzytOudu/KDbfqTNx
PMZQXjEsn62MXWSV39vWW2lJ+OKJXnlZ/tEYqGa3Bn1rBIK8wsqfQR02S28XrpAh
csL6vXCAm8trCxIrxy2aZR2ibmioSVowMVkrVTj/hckiRsW5pconIZjiPqlynwJX
ayp7fkqmJ9ZYOqR4/ygqNOuSN5XTudFvRuvAqHSw23CMQzz4u2PZcODSd1WOsmOJ
3SDgt4H1SxPx/zZ1d08V1iPd+kRf0bsBijG1tLeP+DbeAEPSOOVzmtLpnlEXNhLn
arAe1rqDvTmexoXmDvo1xaYZhIzpvA==
=6Ssh
-----END PGP MESSAGE-----
But as far as I know the signed message looks likes the one below.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Example of message signing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----
We have maintained the module parameter as per the help guide to only sign the message. We do not need encryption.
pgp
applyCompression
None
pgp
applyEncryption
false
pgp
applySignature
true
pgp
asciiArmored
true
pgp
ownPrivateKey
testPrivate_key.gpg
pgp
partnerPublicKey
testPublic_Key.asc
pgp
pwdOwnPrivateKey
pgp
signingAlgo
SHA1
Not sure if some configuration is missing or the signed, encrypted and signed & encrypted messages look same if created using PGPEncryptionModule.
Appreciate any help on this.
Regards,
PankajHi Siva,
I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
Please refer -
Re: PGP Encryption/Decryption
PGP Encryption in B2B
Regards,
Anuj -
PGP Encryption support in SOA Suite 11g
Hi,
Looking for PGP encryption support in SOA Suite 11g as we have a requirement to encrypt the file using PGP encryption and send over SFTP.
I already went through some of the forums posts but they are date back to 2007, so just wanted to confirm if there is anything in recent releases of SOA Suite.
- FTP adapter support or
- OWSM suppport.
As far as i know, we have to install some PGP tool and write a script to encrypt/decrypt and call the script from BPEL. this conclusion is based on a stmt given in the OWSM 10g book by sitaraman.
Please provide your insights on this.
Thanks
SivaHi Siva,
I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
Please refer -
Re: PGP Encryption/Decryption
PGP Encryption in B2B
Regards,
Anuj -
Hi All,
We need to do FTP some files from remote server and files are to be pgp encrypted or decrypted.Can you please tell is there some way to use pgp encryption in FTP adapter. If yes, please provide some link for documentation.
or shall we do ftp using some other program which support pgp encryption and then our bpel process should read file using file adapter.
Please suggest better option out of both.
Thanks.Hi Ram,
Is the scenario same in Oracle SOA Suite11g latest release as well?
If we have to go for OpenPGP tool manual intervention is requried to encrypt the file which may not be possible in our scenario.
Thanks
Siva -
Linux script for PGP encryption
Hello,
We are trying to do PGP encryption by giving the OS command in the File adapter. Can somebody provide me the exact linux script that we should use to do PGP encryption?
Note: We have XI-3.0 on LINUX.
Promise points for helpful answers.
Regards,
Raji.Hi Rajashree
PGP Encryption is used to support the transmission of sensitive data to / from third party systems via XI.
Adapter modules are developed to encrypt the file using PGP.
We had a similar requirement where we used PGP encryption.The module was developed using Cryptix OpenPGP which is a Java implementation of the OpenPGP standard.When the module is called in the adapter, it uses the PGP key provided by the party that will receive the encrypted message. This module should be called prior to calling the Sap adapter
Logic Flow/Processing:
1.Read the XML payload and message for getting the needed data.
2.Read the key to be used in the encryption and log the key to be used and the beginning of the encryption.
3.Call the PGP encryption and compression method.
4.Log whether encryption has been successful.
5.Set as payload the message content encrypted, and the principal data.
6.If any error occurs, logs an exception in PGP adapter module and the error reason.
7.Return the message.
Go through This links
Is there any FTP API available from SAP?
Send Text file to FTP in binary mode with PGP encryption
http://www.webmethods.com/meta/default/folder/0000007429
Converting IDOC to XML
XI implementation
http://www1.webmethods.com/PDF/webMethods_for_SAP-wp.pdf
Current versions found at http://www.cryptix.org and http://www.bouncycastle.org.
http://www.bouncycastle.org/documentation.html
If you want to use the unix script on windows then you need cygwin. Take the shell executable and cygwin.dll and copy them to another machine and try out.
Else you write an .exe or a batch file where you will give your PGP command to encrypt and decrypt and execute it from the OS level in your adapter. Check my answer in this thread:
Re: PGP Encription
Might be useful.
PGP Encription
Re: PGP Encription
\Re: triggering encryption script with XI
Pls rewards if useful -
PGP Encryption Scenario for a Proxy to File Scenario.
I have a scenario where an outbound proxy from R/3 system is extracting some hr related info type data and sending it to XI system. The XI system is required to convert the data into a flat file format and encrypt the data using PGP.
<b>R/3 -
Proxy -
> XI System -
File Encrypted----
> External System.</b>
Need some inputs from experts how to set up the scenario. In the file adapter we can trigger scripts at the O/S level to encrypt the file.
What I would like to know what the configurations that are required to get the scenario working namely,
1. Where do we need to install the PGP software is it on the FTP server or XI server ?
2. How will the scripts be executed by the Receiver File adapter ?Hi Indranil
Here is some info on PGP/XI
<<<<1. Where do we need to install the PGP software is it on the FTP server or XI server ?
<i>
XI server</i>
Also go thru the following excerpt
XI dont support PGP encryption and decryption. I have done some interfaces using PGP encryption at OS level and then using XI. Install the software in XI and write the OS command for encryption and decryption at OS level. Call this command in File adapter after or before message processing.
PGP Encryption:
We get the normal text file from R3. Then we have written two XI interfaces here. My first interface will pick from R3 and encrypts the file and drops it in another location of R3. In this interface I have given OS command before message processing. This will pick the file and do the encryption.
My second interface will pick the encrypted file from R3 and do a simple FTP to the Bank.
This is exactly opposite for decrypting the file from Bank.
<i>Thanks 2 Satish Reddy</i>
Regards
krishna
<i>Note:Reward points if helpful</i>
Maybe you are looking for
-
When I send a pdf as an attachment from my windows pc to the ipad via outlook mail there are occasions when the pdf is open on the email and not as an attachment which means I cannot store this on ibooks, any suggestions.
-
How to set web job like a ssis which can take xmil file from azure storage to up date azure sql
Hi, I have xml files under azure storage, i would like to set up web job which should be scheduled and load xml to update/insert/delete azure database. I have done SSIS locally and but cant use in azure. According to several advices and forum pages,I
-
Can't Launch Integration Builder, help me.
I downloaded Full ABAP Edition of SAP NetWeaver Sneak Preview and Trial, after install, I wanna develop XI-CONTENT, but cann't Launch Integration Builder, always open 'SapWorkDir' directory, but no error message showed, status bar print "starting bro
-
Definition of Inventory postings for Inspection lot completion
We have conmfigured the following inventory postings and correspondent movement type as follows: TRANSFER01 Stock transfers (plant) 323 301 TRANSFER02 Stock transfers (StLoc) 323 311 VMENGE01 To unrestricted use 3
-
4 bars no internet conection???
Hello, First off this is my first mac and its awesome and I have some experience with networking on windows. Last night I put in a Dlink Range extender on my network to expand my wireless and it was working fine no problems anywere, then when I went