File adapter - encryption & decryption
Scenario is SAP<->SAP XI->3rd party tool
SAP XI is doing inbound FTP to SAP and outbound FTP to 3rd party tool. How we can use encryption and decryption in it.
Is their any other security issue in this scenario ?
Hi,
Generally, the message payload of an XI message is treated as UTF-8 when it needs to be converted from or into a different encoding. So, what you specify in the File Sender channel is the source encoding for an encoding conversion to UTF-8. On the other hand, in the Receiver channel, you specify the target encoding for a conversion from UTF-8. If you configure a channel's File Type setting as "Binary", no conversion will be applied.
Depending on your scenario, only some encoding settings actually make sense and lead to the expected results:
XML Files
An XML file's encoding is set in the XML header, which is later interpreted when parsing the XML, e.g. in the mapping, so there is no necessity to perform an encoding conversion in the File Adapter. As a rule of thumb, always configure the File Type parameter of a sender or receiver channel as "Binary" when reading or writing XML data.
Important: Even if you configure a File Encoding in the File Adapter channel, the File Adapter will not re-write the XML header to reflect the changed encoding, so you will probably see an XML parsing error later during the processing of the message if you specify an encoding.
Flat Files with File Content Conversion
For a File Sender channel, configure the encoding of the source file. The file will be interpreted according to the configured encoding and converted to XML with an UTF-8 encoding.
For a File Receiver channel, configure the encoding to match the encoding you would like to be written to the target flat file.
Flat Files without File Content Conversion
Whether to configure an encoding in this case depends on if you want to pass through the file "as is", e.g. within a File Sender to File Receiver scenario, or if you want to convert the file's encoding on its way through the Integration Server. For "as is" processing, configure both the sender and the receiver using the File Type setting "Binary".
To apply an encoding conversion, configure the respective source and target encoding in both the sender and receiver channel.
Important: Configuring an encoding in the receiver channel will only lead to the expected results if the payload sent to the receiver channel is in UTF-8 format (e.g., by having specified an encoding conversion in the Sender channel).
Regards,
Suryanarayana
Similar Messages
-
Encryption/decryption through jar file and classes
Hi,
My application uses tomcat as web server.
I am doing encrytion and decyption.
i fetch encypted data from database and then decrypt it
If i use calsses in webapps -> WEB-INF -> classes folder, i place classes in that ,
In other case i use jar file and place that file in WEB-INF -> lib folder in the webapps directory.
There is huge performance difference.
While using classes performance is great while using jar file performance is very disappointed.
I am using a file for encryption /decryption also.Are you getting any error messages? Have you put debugging code in those classes to see what is happening?
-
Reading encrypted file using file adapter...
Is it possible to read and write encrypted file using file adapter or if the file adapter is capable to encryption and decryption?
what is the soa version you are currently running?
-
Encrypt a file in PI using file adapter.
Hi,
I need to Encrypt a flat file and ftp it. Since the target server is a bank, the data after been placed there should be decrypted. How can i achieve this?Hi
In case you are using a file adapter then you can use Operating system command after and before execution. in which before processing you can decrypt the file using some decrypting command line tool and after execution you can use command line command to delete the file. and after decryption and before deletion of file you can use file content conversion
Or else you have to write a module processor for File adapter which will decrypt the message.
These may help you
How XML Encryption can be done using web services security in SAP NetWeaver XI
How XML Encryption can be done using web services security in SAP NetWeaver XI
How to achieve encryption in XI
This thread is similar to your question and his question is solved. Please go through it.
triggering encryption script with XI
Hope this is usefull
Thanks
Saiyog
Edited by: Saiyog Gonsalves on Jul 16, 2008 10:16 AM -
Encryption/Decryption failure for pdf and MSWord files
Hi,
Is there anybody to help me to find out what is wrong with my class (listing below)? I am sucessfuly using this class to encrypt and decrypt txt, html files but for unknown reasons I am unable to use it for e.g. pdf files. The encrypion somehow works but any atempt to decrypt is a failure.
/* This class accepts an input file, encrypts/decrypts it using DES algorithm and
writes the encrypted/decrypted output to an output file. DES is used in Cipher
Block Chaining mode with PKCS5Padding padding scheme. Note that DES is a symmetric
block cipher that uses 64-bit keys for encryption. A password of length no less
than 8 is to be passed to the encryptFile/ decryptFile methods. This password is
used to generate the encryption key. All exception handling is to be done by
calling methods. These exceptions are thrown by encryptFile/ decryptFile methods.
The input buffer is 64 bytes, 8 times the key size.
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.spec.*;
public class Crypto
public Crypto(FileInputStream inStream_, FileOutputStream outStream_)
fInputStream_ = inStream_;
fOutputStream_ = outStream_;
public void encryptFile(String password_) throws InvalidKeySpecException, InvalidKeyException,
InvalidAlgorithmParameterException, IllegalStateException, IOException, Exception
DataOutputStream dataOutStream_ = new DataOutputStream(fOutputStream_);
// key generation
SecretKey encryptKey_ = createEncryptionKey(password_);
// Cipher initialization
Cipher cipher_= Cipher.getInstance(cipherType);
cipher_.init(Cipher.ENCRYPT_MODE, encryptKey_);
// write initialization vector to output
byte[] initializationVector_ = cipher_.getIV();
dataOutStream_.writeInt(initializationVector_.length);
dataOutStream_.write(initializationVector_);
// start reading from input and writing encrypted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
if (output_ != null)
dataOutStream_.write(output_);
// finalize encryption and wrap up
byte[] output_ = cipher_.doFinal();
if (output_ != null)
dataOutStream_.write(output_);
fInputStream_.close();
dataOutStream_.flush();
dataOutStream_.close();
public void decryptFile(String password_) throws IllegalStateException, IOException, Exception
DataInputStream dataInStream_ = new DataInputStream(fInputStream_);
// key generation
SecretKey encryptKey_ = createEncryptionKey(password_);
// read initialization vector from input
int ivSize_ = dataInStream_.readInt();
byte[] initializationVector_ = new byte[ivSize_];
dataInStream_.readFully(initializationVector_);
IvParameterSpec ivParamSpec_= new IvParameterSpec(initializationVector_);
// Cipher initialization
Cipher cipher_= Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher_.init(Cipher.DECRYPT_MODE, encryptKey_, ivParamSpec_);
// start reading from input and writing decrypted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
if (output_ != null)
fOutputStream_.write(output_);
// finalize decryption and wrap up
byte[] output_ = cipher_.doFinal();
if (output_ != null)
fOutputStream_.write(output_);
fInputStream_.close();
fOutputStream_.flush();
fOutputStream_.close();
// the following method creates the encryption key using the supplied password
private SecretKey createEncryptionKey(String passwd_) throws InvalidKeySpecException,
InvalidKeyException, NoSuchAlgorithmException
byte[] encryptionKeyData_ = passwd_.getBytes();
DESKeySpec encryptionKeySpec_ = new DESKeySpec(encryptionKeyData_);
SecretKeyFactory keyFactory_ = SecretKeyFactory.getInstance(algorithm_);
SecretKey encryptionKey_ = keyFactory_.generateSecret(encryptionKeySpec_);
return encryptionKey_;
private FileInputStream fInputStream_;
private FileOutputStream fOutputStream_;
private final String algorithm_= "DES";
private final String cipherType= "DES/CBC/PKCS5Padding";
private byte[] input_ = new byte[64]; // The input buffer size is 64
private int inputLength_;
private final int inputOffset_= 0;
}Please can u give me refined code for me///
at [email protected]
Hi,
I found at least one thing wrong. In the decrypt
method you are reading from 'fInputStream_' rather
than 'dataInStream'.
Worked for me on MSWord after changing this!
Roger
// start reading from input and writing decrypted
ted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_,
input_, inputOffset_, inputLength_);
if (output_ != null)
fOutputStream_.write(output_); -
I would like to encrypt/decrypt a binary file (not text based) in FLEX 3.4 (AIR). I went through the forum, but I did not found any samples on how to do this. Any idea or help is appreciated.
Thanks in advanced.Take a look at Crypto or ASCrypt3
http://code.google.com/p/as3crypto/
http://ascrypt3.riaforge.org/index.cfm -
Decryption of Message after processing by File adapter
Hi,
Encrypted File> XI> Encrypted File
I have to pick up an encrypted file, decrypt it and do the message transformations & business process associated wiht it and place it in another folder by encrypting the file again.
How can i acheive this.?
Regards,
Siva Maranani.Hi siva,
You can use Java Mapping or user-Modules to do this.
Go thru this link:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/unkown/webinars/how to handle unstructured source content for adapters/the pdf presentation of how to handle unstructured source content for adapters.pdf
Regards,
Sridhar -
Regarding encryption/decryption in sender HTTP Adapter...
Hi experts,
I have a doubt that ... is there any possible ways to encrypt/decrypt the username, password using sender side Plain HTTP adapter.
Regards,
Sasitharanhi
You can use those adapters to define transport level security(HTTPS/FTPS) and message level security (encryption).
hi check this thread for refernce:
How to use the Private/Public Keys from the Key Store
Also check this document on encryption in adpaters:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/482aae19-0301-0010-3485-8efd618818d0
Check security settings section of this page:
http://help.sap.com/saphelp_nw04/helpdata/en/da/7a2f41b239a831e10000000a1550b0/content.htm
Check thiss blog as well:
/people/varadharajan.krishnasamy/blog/2007/05/11/how-to-use-digital-certificates-for-signing-encrypting-messages-in-xi
regards
chandrakanth -
Hello friendz.,,
I m having problem with textfile exncryption decryption in j2me..
Can abybode tell me how to encrypt/decrypt Text file using J2ME API's.......
PLZ help me .......
Thanx in advance
regards,
Paraghttp://www.mobilefish.com/developer/bouncycastle/bouncycastle.html
http://www-128.ibm.com/developerworks/library/j-midpds.html -
Encrypt/decrypt same file with two different passwords
Hi everyone:
I'm quite new to Java and cryptography in general and have a theoretical question. Is the following scenario possible and how would it be implemented:
Two users with two passwords (say, a regular user and a superuser) encrypt, decrypt, read from and write to the same file. The secret key for encryption and decryption should be based on their passwords (generated from their passwords), i.e. not stored anywhere on the system.
I've been racking my brains but can't think of a way. Am I missing an obvious solution?
Can it be done?
Thanks,
MichaelI don't think you can avoid having more than just a password hash stored on the system. Using a combination of my approach and Jeff's approach I can implement this as long as you allow a password protected key store to be stored on each system. A given user's key store would contain his RSA private key and associated public key together with the admin user's RSA certificate (thought the admin user's public key could be stored in the program since it does not have to be kept private). The admin user's key store would contain only his RSA private and public keys.
Assume that the data file is to be create by a standard non-admin user. His code performs the following actions -
1) Generates a random symmetric algorithm key. Say a 128 bit AES key.
2) He write a digest of this to the output file.
3) He writes the random key encrypted with his public key to the file.
4) He writes his public key (or certificate) to the file.
5) He writes the random key encrypted with the admin users public key to the file.
6) He encrypts the data using the random key writes the result to the file.
This user can then update the file by
1) reading from the file the digest of the random key.
2) reading the random key encrypted with his public key.
3) Decrypting this encrypted random key using his private key extracted from his keystore.
4) Check the digest of this key to make sure he has the correct random key.
5) skipping his certificate and the random key encrypted using the admin user's public key.
5) Decrypting the data using the random key.
6) Update the data.
7) Re-encrypt the file as described in the first part using a new random key.
The admin user can
1) read from the file the digest of the random key.
2) skip the random key encrypted using the user's public key.
3) reading the user's public key from the file (for use later if the file needs to be updated).
4) read the random key encrypted using the admin's public key.
5) decrypting the random key using the admin's private key obtained from his key store.
6) check the digest of the random key to make sure it is correct.
7) decrypt the the data.
The admin can edit the data since he can re-encrypt the data in a similar manner to the way it was created in the first place. -
Best method for encrypting/decrypting large XML files ( 100MB)
I am in need of encrypting XML for large part files that can get upwards of 100Mb+.
I found some articles and code, but the only example I was successful in getting to work used XMLCipher, which takes a Document, parses it, and then encrypts it.
Obviously, 100Mb files do not cooperate well with DOM, so I want to find a better method for encryption/decryption of these files.
I found some articles using a CipherInputStream and CipherOutputStreams, but am not clear if this is the way to go and if this will avoid memory errors.
import java.io.*;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
public class DesEncrypter {
Cipher ecipher;
Cipher dcipher;
public DesEncrypter(SecretKey key) {
// Create an 8-byte initialization vector
byte[] iv = new byte[]{
(byte)0x8E, 0x12, 0x39, (byte)0x9C,
0x07, 0x72, 0x6F, 0x5A
AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
try {
ecipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
dcipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
// CBC requires an initialization vector
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
} catch (java.security.InvalidAlgorithmParameterException e) {
} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
// Buffer used to transport the bytes from one stream to another
byte[] buf = new byte[1024];
public void encrypt(InputStream in, OutputStream out) {
try {
// Bytes written to out will be encrypted
out = new CipherOutputStream(out, ecipher);
// Read in the cleartext bytes and write to out to encrypt
int numRead = 0;
while ((numRead = in.read(buf)) >= 0) {
out.write(buf, 0, numRead);
out.close();
} catch (java.io.IOException e) {
public void decrypt(InputStream in, OutputStream out) {
try {
// Bytes read from in will be decrypted
in = new CipherInputStream(in, dcipher);
// Read in the decrypted bytes and write the cleartext to out
int numRead = 0;
while ((numRead = in.read(buf)) >= 0) {
out.write(buf, 0, numRead);
out.close();
} catch (java.io.IOException e) {
}This looks like it might fit, but there is one more twist, I am using a persistence manager and xml encoding to accomplish that, so I am not sure how (where) to implement this method without affecting persistence.
Any guidance on what would work best in this situation would be appreciated.
Regards,
vbplayr2000I can give some general guidelines that might help, having done much similar work:
You have 2 different issues, at least from my reading of your problem:
1) How to deal with large XML docs that most parsers will not handle without memory issues
2) Where to hide or "black box" the encrypt/decrypt routines
#1: Check into XPP3/XMLPull. Yes, it's different that the other XML parsers you are used to using, and more work is involved, but it is blazing fast and can be used to parse a stream as it is being read. You can populate beans and process as needed since there is really not much "inversion of control" involved compared to parsers that go on to finish the entire document or load it all into memory.
#2: Extend Serializable and write your own readObject/writeObject methods. Place the encrypt/decrypt in there as appropriate. That will "hide" the implementation and should be what any persistence manager can deal with.
Regards,
antarti -
Hi All,
I am trying to encrypt a file from XI and FTP to a different location. I am using PGP software for encryption and decryption. I am able to encrypt/decrypt the file from the OS level. The command I am using at OS level is:
pgp --home-dir /.pgp --encrypt test.txt --recipient 0xC483S9E6
If I use the same command in Sender File adapter in Run Operating System Command After Processing it is not encrypting. But I am using the same above command:
pgp --home-dir /.pgp --encrypt test.txt --recipient 0xC483S9E6
Now if I run the scenario the file is writing but it is not encrypting the file. Can you guys tell me where I am exactly going wrong.
---KorobeeHi,
Try this, write all you OS command in a BATCH file say "encrypt.bat" and then call the batch script from File adapter. Also make sure you are giving the full path for all the files that you are refering to like
\serverfolderpgp --home-dir /.pgp --encrypt \serverfoldertest.txt --recipient 0xC483S9E6
Any more help let me know.
Thanks,
Prakash -
Hi experts,
i have scenario file to file scenario, communication should happen in secure connection .i searched in blogs & forums
please find berlow forum
How to configure SFTP Adapter in XI?
in that 2 nd reply
there is one option :2. Use the FTP adapter, and encrypt/decrypt the file contents through a user exit in the adapter. Something on the FTP server side will have to do the same.
can anyone please elaborate this one & where can i find user exit for the file adapter.
please help is there any option to provide secure cinnection in file adapter (FTP) like using run operating system command befor or after message processing
Thanks In advanceI think that you can solve in 4 different ways:
-> Using FTPS connection
http://help.sap.com/saphelp_nw04/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm
-> Using a 3rd Party Adapter (Seeburger or Aedaptive) for PGP or deploying a custom adapter for PGP
http://www.seeburger.com/9468/
-> PGP OS Level (Installing a PGP software like GnuPGP in your system) Install the PGP software in XI and write the OS command for encryption and decryption at OS level. Call this command in File adapter after or before message processing
PGP ncryption
-> Using an UDF
Check this links:
Is there any FTP API available from SAP?
Send Text file to FTP in binary mode with PGP encryption
http://www.webmethods.com/meta/default/folder/0000007429
Converting IDOC to XML
XI implementation
http://www1.webmethods.com/PDF/webMethods_for_SAP-wp.pdf -
EFS Encryption Decryption Performance
We are currently testing EFS, on a Windows 2008R2 server (VM), to encrypt/decrypt a Windows share containing mostly TIF files. Performance on encryption is fine unfortunately it takes 10+ seconds to decrypt the TIF files
(sizes 50KB to 2MB). When decrypting non-TIF files performance is acceptable. Has anyone experienced this issue and found a solution? Also, Is there another Windows native encryption/decryption solution that has better overall performance?Hi,
Based on my research,
TIFF is a flexible, adaptable file format for handling images and data within a single file, which can be a container holding compressed (lossy)
JPEG and (lossless)
PackBits compressed images. The slowness of decrypting the .tif files could be caused by its own feature.
You can also try to use Bitlocker to seek for better performance, although Bitlocker is used to encrypt volumes.
More information for you:
Tagged Image File Format
http://en.wikipedia.org/wiki/Tagged_Image_File_Format
BitLocker Drive Encryption
http://technet.microsoft.com/en-us/library/cc731549(v=WS.10).aspx
Best Regards,
Amy -
Hi,
I am developing one file-file interface for sending sensitive data from one file system to another file system. As this is sensitive data, i need to decrypt this data ( file i am picking from source system is already encrypted in source directory ) and i need to send it to target system. i found some alternatives like module development and pgp encryption. I am not that much proficient to develop module and i looking at other alternative like pgp. Is PGP is free software?? how can i install and how can i call from my sender adapter?? Please Help.
Thanks
madhusudhan.Hi madhusudan
refer the below link
<u>Encryption & Decryption of data using ABAP</u>
/people/kathirvel.balakrishnan2/blog/2006/11/21/encryption-decryption-of-data-using-abap
<u>JAVA API's for PGP Encryption/Decryption</u>
http://www.bouncycastle.org/documentation.html
you got some examples
Check this document on how to do message level security:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Deploying the SAP Java Cryptographic Toolkit
http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/frameset.htm
Key Storage Service
http://help.sap.com/saphelp_nw04/helpdata/en/e9/a1dd44d2c83c43afb5ec8a4292f3e0/frameset.htm
If these things are already done then u need juz few modification in the adapter configuration.
In FTP Connection Parameters -> command line -> FTPS (Control and Data connection)
You can also go through the blogs
Encryption(SSL)
/people/varadharajan.krishnasamy/blog/2007/05/11/how-to-use-digital-certificates-for-signing-encrypting-messages-in-xi
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c
Examples for Using Digital Signatures
http://help.sap.com/saphelp_nw04s/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm
How to configure Message level security
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c
document on encryption in adpaters
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/482aae19-0301-0010-3485-8efd618818d0
Encrypt and Decrypt Data
<b>Pls reward if useful</b>
Maybe you are looking for
-
How to use Multiple Single Option for selection in the Customer Exit
Hi, How can we handle the multiple single values in the customer exit variable. I have a requirement which is as follows - Table A fiields -> Field Coach, Partner 2, Relation between PArtner 1 & Partner 2, Valid from, valid to date. Table B -> Servi
-
Can I install Virtual Box on my macbook pro safely if filevault is enabled? Lion w 8 g memory.
-
I´d like to cancel my big CC plan and switch to photo plan. I need Ohotoshop, Lightromm and Acrobat, the rest are obsolete to me
-
Display Problems - Red/Blue Hatches?
Has anyone else experienced this issue with the their monitor? It seems to happen when I start a heavily graphics intensive operation (iPhoto and Aperture edits). Thoughts? http://gallery.mac.com/gref1964#100081/bad_display&bgcolor=black
-
all my programs are opening in adobe even the system restore and the regisrty - how do I reset all programs to their originall default programs. Please help. PS I have also tried starting in save mode and still have the same problem.