Policy files expiry for pgp encryption

HI All
i am using bouncycastle jars for encrypting data using PGP.
for this to function we need to install the jce unrestricted security files given at the java downloads
but when i download and use them then for one weeek they are working fine
but after one they an exception is raised like the below
java.security.InvalidAlgorithmParameterException: parameter object not a DHParameterSpec or an ElGamalParameterSpec
NOw i just copied the 2 jars(local_policy.jar,US_export_policy.jar) in the security directory of JDK to another name and again copied back to same name
Its working fine
NOw i am of the assumption that these jars expiry after certain days .Is it true????
if so then do we have any way to make them permanent?
how can we make these jars permanent??
Is there any solution for this?
Please anybody can help me as soon as possible
Thanks
vijay

Hi,
I have few questions to ask before i can provide you with the solution for this. We need to know what is the software that you are using for encryption, are you using APIs or using PGP software installed on the server and calling the executables to encrypt the file from the module?
If you are using standard APIs it would be easier for traceability. There are standard code that is available which you can leverage for this purpose.
Incase you are using PGP software some points to remember. You need to install the PGP software on the PI / XI server by logging in using SAPSERVICE<SID> username and password. If you install the software using SAPSERVICEADM it would not work. When you install it it creates folders and path for the software for that user. Infact when the server is running and the interfaces are working it would use the sapservice<SID>.
For my current customer we have created a module to achieve the encryption / decryption of files. We have basically 5 parameters (this is according to the reqmt at our client end).
Parameter 1: Operation: Values: Encryption / Decryption
Parameter 2: username: Value: username which you want to pass (name of the vendor or the user code of the vendor).
Parameter 3: Sign Value: Sign value(Some vendors want their files to be signed).
Parameter 4: Armor: Value: Same as 4 (Another option commonly used).
Parameter 5: Log:  Value: Y / N (Used for logging of messages for identifying problems in communication channel monitoring).
Generate the PGP command depending on the values passed. (You can get the list of PGP commands from the software you are using or from the website (http://www.dsj.net/pgp/pgphelp.html).
Trap all the error codes from the execution and raise exception so that the adapter errors out too.
Let me know if you require any help regarding the same.
Regards,
Indranil
Award Points if it was helpful.

Similar Messages

  • Need hlep for PGP Encryption for delimited file transfer using B2b

    I have a requirement to read the PGP encrypted delimited file from partner and decrypt it to process. Can any body tell me how can I do this in b2b. I really appreciate the help

    Better read it as a binary document and pass it to the back-end for further processing (decryption and processing). If you want to the decryption at B2B layer itself then use the java callout feature -
    http://docs.oracle.com/cd/E23943_01/user.1111/e10229/callouts.htm#CHDEFBDG
    Regards,
    Anuj

  • Linux script for PGP encryption

    Hello,
    We are trying to do PGP encryption by giving the OS command in the File adapter. Can somebody provide me the exact linux script that we should use to do PGP encryption?
    Note: We have XI-3.0 on LINUX.
    Promise points for helpful answers.
    Regards,
    Raji.

    Hi Rajashree
    PGP Encryption is used to support the transmission of sensitive data to / from third party systems via XI.
    Adapter modules are developed to encrypt the file using PGP.
    We had a similar requirement where we used PGP encryption.The module was developed using Cryptix OpenPGP which is a Java implementation of the OpenPGP standard.When the module is called in the adapter, it uses the PGP key provided by the party that will receive the encrypted message. This module should be called prior to calling the Sap adapter
    Logic Flow/Processing:
    1.Read the XML payload and message for getting the needed data.
    2.Read the key to be used in the encryption and log the key to be used and the beginning of the encryption.
    3.Call the PGP encryption and compression method.
    4.Log whether encryption has been successful.
    5.Set as payload the message content encrypted, and the principal data.
    6.If any error occurs, logs an exception in PGP adapter module and the error reason.
    7.Return the message.
    Go through This links
    Is there any FTP API available from SAP?
    Send Text file to FTP in binary mode with PGP encryption
    http://www.webmethods.com/meta/default/folder/0000007429
    Converting IDOC to XML
    XI implementation
    http://www1.webmethods.com/PDF/webMethods_for_SAP-wp.pdf
    Current versions found at http://www.cryptix.org and http://www.bouncycastle.org.
    http://www.bouncycastle.org/documentation.html
    If you want to use the unix script on windows then you need cygwin. Take the shell executable and cygwin.dll and copy them to another machine and try out.
    Else you write an .exe or a batch file where you will give your PGP command to encrypt and decrypt and execute it from the OS level in your adapter. Check my answer in this thread:
    Re: PGP Encription
    Might be useful.
    PGP Encription
    Re: PGP Encription
    \Re: triggering encryption script with XI
    Pls rewards if useful

  • B2B add on for PGP encryption in SAP PI 7.11

    Hi Folks,
    I see that we can implement PGP encrytption in PI 7.11 SP08, Can anyone please provide me with the B2B add on install link from SAP market place which can enable SFTP adapter and PGP encryption.

    Hi Kalyan
    OSS note 1695521 provides the details of the download location. Below is a snippet of the note.
    You can download the PI secure connectivity add on 1.0 at http://service.sap.com/swdc > Installation and Upgrades > Browse our Download Catalog > SAP NetWeaver and complementary products > PI SFTP PGP ADDON > PI SFTP PGP ADDON 1.0
    You can download SP1,corresponding patches for SP0 and SP1 of PI secure connectivity add on 1.0 at http://service.sap.com/swdc > Support Package and Patches > Browse our Download Catalog > SAP NetWeaver and complementary products > PI SFTP PGP ADDON > PI SFTP PGP ADDON 1.0-->Choose the component Type
    Rgds
    Eng Swee

  • PGP encryption and moving of a file from one system to another

    Hi All,
    Could you please provide me the necessary information in setting up the below jobs in Redwood CPS.
    a) How can i do pgp encryption to a file in a SAP system?.  Could you please provide me the necessary steps.
    b) How can i do pgp encryption to a file in a non SAP system?.  Could you please provide me the necessary steps.
    b) Can i move a file from one SAP system  to another SAP system(example ECC to BI)?. If so, could you please provide me the necessary steps.
    c) Can i move a file from a SAP system  to a Non- SAP system?.  If so, could you please provide me the necessary steps.
    d) Can i move a file from a Non-SAP system  to another Non- SAP system?.  If so, could you please provide me the necessary steps.
    e)How can i ftp a file  and move it to a different network?. Could you please provide me the necessary steps.
    Thank you in advance.
    Thanks and Regards,
    Ramana

    Hi Ramana,
    a) You have a file in an SAP system that you want to encrypt, I you have the full path to the file, you can create and use an appropriate external command to perform the encryption, unless you know of an ABAP program to do that. Once you know which option you have, you can either schedule SAP_AbapRun to run the ABAP to encrypt the file, or SAP_ExternalCommandRun if you have an external command defined for the process.
    b) On the target system, you install a platform agent (license required) and check which command you have for pgp encryption. On Unix, you would use gpg. Simply create a BASH job definition with a String parameter named File and fill the following source: gpg -e -u `whoami` -r [email protected] <${File} > $File"_encrypted"
    b2) Talk to your SAP Basis team, you could use SAP CTS/STMS for that,  you could integrate that into CPS
    c)I imaging the file is an output of an ABAP program ? Run the ABAP program from within CPS with SAP_AbapRun, then the file will be on the CPS server, you can then copy the file to the target host, again, platform agents required on CPS system. You can use FTP, sFTP, SCP, NFS, CIFS (Windows share) whatever your platform requires.
    d) Platform agents required on source system. Target system must have windows share/NFS/SSHD/FTP or whatever you could use for file transfers
    e)Please see the documentation on jftp.
    Regards,
    HP

  • PGP Encryption support in SOA Suite 11g

    Hi,
    Looking for PGP encryption support in SOA Suite 11g as we have a requirement to encrypt the file using PGP encryption and send over SFTP.
    I already went through some of the forums posts but they are date back to 2007, so just wanted to confirm if there is anything in recent releases of SOA Suite.
    - FTP adapter support or
    - OWSM suppport.
    As far as i know, we have to install some PGP tool and write a script to encrypt/decrypt and call the script from BPEL. this conclusion is based on a stmt given in the OWSM 10g book by sitaraman.
    Please provide your insights on this.
    Thanks
    Siva

    Hi Siva,
    I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
    Please refer -
    Re: PGP Encryption/Decryption
    PGP Encryption in B2B
    Regards,
    Anuj

  • PGP Encryption/Signing issue

    Hi Experts,
    We are working on a scenario to sign the message while sending to client but the message created doesn't seem to be like signed message.
    The message created is as below
    -----BEGIN PGP MESSAGE-----
    Version: BCPG v1.46
    kA0DAAIBadYy7HCWZSAByzZiJDMzNDliZmUyLTFiZDctMTFlNC04NzZmLTAwMDAw
    MDUwNGNkNlPfhdpTaWduIG1lc3NhZ2WJARwEAAECAAYFAlPfhdoACgkQadYy7HCW
    ZSAP7ggAlLy4/itUM4TrzzAwtDXB3FX2VgI/8kztoWNqyLKAzytOudu/KDbfqTNx
    PMZQXjEsn62MXWSV39vWW2lJ+OKJXnlZ/tEYqGa3Bn1rBIK8wsqfQR02S28XrpAh
    csL6vXCAm8trCxIrxy2aZR2ibmioSVowMVkrVTj/hckiRsW5pconIZjiPqlynwJX
    ayp7fkqmJ9ZYOqR4/ygqNOuSN5XTudFvRuvAqHSw23CMQzz4u2PZcODSd1WOsmOJ
    3SDgt4H1SxPx/zZ1d08V1iPd+kRf0bsBijG1tLeP+DbeAEPSOOVzmtLpnlEXNhLn
    arAe1rqDvTmexoXmDvo1xaYZhIzpvA==
    =6Ssh
    -----END PGP MESSAGE-----
    But as far as I know the signed message looks likes the one below.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    Example of message signing
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (MingW32)
    iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
    e5AJIRuLUIUikjNWQIW63QE=
    =aAhr
    -----END PGP SIGNATURE-----
    We have maintained the module parameter as per the help guide to only sign the message. We do not need encryption.
    pgp
    applyCompression
    None
    pgp
    applyEncryption
    false
    pgp
    applySignature
    true
    pgp
    asciiArmored
    true
    pgp
    ownPrivateKey
    testPrivate_key.gpg
    pgp
    partnerPublicKey
    testPublic_Key.asc
    pgp
    pwdOwnPrivateKey
    pgp
    signingAlgo
    SHA1
    Not sure if some configuration is missing or the signed, encrypted and signed & encrypted messages look same if created using PGPEncryptionModule.
    Appreciate any help on this.
    Regards,
    Pankaj

    Hi Siva,
    I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
    Please refer -
    Re: PGP Encryption/Decryption
    PGP Encryption in B2B
    Regards,
    Anuj

  • Self sign applet without doing any change in policy file at client end

    Hi all,
    I developed an applet which make some webservice calls,
    I have given following permission in policy file at client end
    grant codeBase "http://nta2311:7001/-" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.util.PropertyPermission "*", "read, write";
    permission java.net.SocketPermission "*", "connect, resolve";
    with these settings applet is working fine
    Now I want to make applet signed in order to avoid policy file modifications
    for testing I want to self sign it
    please help me

    Signing applets:
    http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
    second post and reply 18 for the java class file using doprivileged
    http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
    4th post explaining how to set up your own policy with your own keystore
    Still problems?
    A Full trace might help us out:
    http://forum.java.sun.com/thread.jspa?threadID=656028

  • Virtual host & policy files

    1. How to config virtual host in weblogic server?
              2. Is Policy files needed for weblogic cluster?
              

    1. Virtual host is a new feature in WLAS6.0. It is not in WLAS451 & 510
              2. Every instance in WLAS cluster needs policy file. However, you can use
              share disk and config a global policy file so that every instance can access
              it. Personally, I prefer every instance accesses its own disk
              Hope it helps.
              Cheers - Wei
              "Andy Ping" <[email protected]> wrote in message
              news:[email protected]..
              > 1. How to config virtual host in weblogic server?
              > 2. Is Policy files needed for weblogic cluster?
              

  • Regarding Policy File

    Hi,
    I am trying to implement applet, servelt communication and also I am trying to write a file on the client side. So, for that I need to create a signed applet. I did the procedure mentioned in the below site to create a signed applet, but one thing I didn't understand is, where to place the policy file.
    website :
    http://java.sun.com/developer/technicalArticles/Security/Signed/
    But for the example what he gave is working without creating the policy file. For me it is throwing the following exception :
    java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
         at java.lang.System.getProperty(Unknown Source)
         at EchoApplet.onSendData(EchoApplet.java:54)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
         at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
         at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
         at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
    If anyone worked on this scenario, can you please help me out.

    Thanks Kevin.
    I will add that if someone uses the Report abuse link on a file you share it will be accessed per the Terms of Use.
    The only other time a file would be accessed is with explicit permission from the customer for a bug investigation. In that case we would investigate the bug but not use the file for any other purpose.

  • PGP Encryption Scenario for a Proxy to File Scenario.

    I have a scenario where an outbound proxy from R/3 system is extracting some hr related info type data and sending it to XI system. The XI system is required to convert the data into a flat file format and encrypt the data using PGP.
    <b>R/3 -
    Proxy -
    > XI System -
    File Encrypted----
    > External System.</b>
    Need some inputs from experts how to set up the scenario. In the file adapter we can trigger scripts at the O/S level to encrypt the file.
    What I would like to know what the configurations that are required to get the scenario working namely,
    1. Where do we need to install the PGP software is it on the FTP server or XI server ?
    2. How will the scripts be executed by the Receiver File adapter ?

    Hi Indranil
    Here is some info on PGP/XI
    <<<<1. Where do we need to install the PGP software is it on the FTP server or XI server ?
    <i>
    XI server</i>
    Also go thru the following excerpt
    XI dont support PGP encryption and decryption. I have done some interfaces using PGP encryption at OS level and then using XI. Install the software in XI and write the OS command for encryption and decryption at OS level. Call this command in File adapter after or before message processing.
    PGP Encryption:
    We get the normal text file from R3. Then we have written two XI interfaces here. My first interface will pick from R3 and encrypts the file and drops it in another location of R3. In this interface I have given OS command before message processing. This will pick the file and do the encryption.
    My second interface will pick the encrypted file from R3 and do a simple FTP to the Bank.
    This is exactly opposite for decrypting the file from Bank.
    <i>Thanks 2 Satish Reddy</i>
    Regards
    krishna
    <i>Note:Reward points if helpful</i>

  • How can i send PGP encrypted file from PI to the receiver

    Hi experts,
                        I am unable to send the  PGP encrypted file from PI to the receiver. where the Clients sends the file using PGP encryption,
    But i am trying to send the same with PI. But i am not able to send the same can you please help me out to get the same incorporated using PI 7.1
    and sends to the receiver ( the rceiver would be FTP ).
    Regards,
    Amruth

    hi,
    You can write an adapter module to encypt your payload before sending to Reciever:
    /people/dijesh.tanna/blog/2008/09/15/sap-pi-integrating-macafee-e-business-server-with-sap-pi-70-for-pgp-encryptiondecryption
    http://www.bouncycastle.org/documentation.html
    http://www.cryptix.org/
    http://aedaptive.com/index.php/solutions/pgp-for-sap-netweaver
    http://www.pgpi.org/doc/pgpintro/
    PGP encryption: Do we need to write adapter module?
    If you are getting PGP file from sender and want  to send this file to target without any mapping transformation you can use this blog:
    /people/william.li/blog/2006/09/08/how-to-send-any-data-even-binary-through-xi-without-using-the-integration-repository
    Thanks.

  • Identifying a PGP encrypted file

    Is there a way to identify if a file is PGP encrypted or not by looking at the contents of the file? For example, a ZIP file can be identified by verifying if the first two chracters start with "PK".
    Thanks!!

    hi,
    You can write an adapter module to encypt your payload before sending to Reciever:
    /people/dijesh.tanna/blog/2008/09/15/sap-pi-integrating-macafee-e-business-server-with-sap-pi-70-for-pgp-encryptiondecryption
    http://www.bouncycastle.org/documentation.html
    http://www.cryptix.org/
    http://aedaptive.com/index.php/solutions/pgp-for-sap-netweaver
    http://www.pgpi.org/doc/pgpintro/
    PGP encryption: Do we need to write adapter module?
    If you are getting PGP file from sender and want  to send this file to target without any mapping transformation you can use this blog:
    /people/william.li/blog/2006/09/08/how-to-send-any-data-even-binary-through-xi-without-using-the-integration-repository
    Thanks.

  • File Name in the Send Port with PGP Encryption

    Hello,
    The File Name in the Send Port should be set with the mask like ABC.txt.pgp. Since I have used the PGP Encryption Component it is generating the File name like ABC.pgp.txt.pgp. But what I need is just the ABC.txt.pgp. How can be this be done. Any help is
    greatly appreciated.
    Thanks

    What you are seeing is the expected behavior.  If you are referring to this:
    https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2
    or one of it's derivatives, it will internally modify FILE.ReceivedFileName to append .pgp if that property is set.
    So, if you use just %SourceFileName%, you will likely get the desired result.  Otherwise, you will have to explicitly set FILE.ReceivedFileName to ABC.txt somewhere before the PGP component.
    You can also modify the source code to remove this behavior.

  • Unable to locate unrestricted policy files for the Sun JCE for download

    My platform:
    java version "1.6.0_26"
    Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
    Oracle JRockit(R) (build R28.1.4-7-144370-1.6.0_26-20110617-2130-windows-x86_64, compiled mode)
    I am unable to locate the Unlimited Strength Jurisdiction JCE files.
    According to BouncyCastle for Java 1.6:
    ..."you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly. The policy files can be found at the same place as the JDK download. Further information on this can be found in the Sun documentation on the JCE."

    The version at the very bottom of http://www.oracle.com/technetwork/java/javase/downloads/index.html should work.

Maybe you are looking for

  • How do I clear out a "stuck" app update?

    I installed a couple apps from my iTunes library. The app store showed them as needing to be updated, but they kept getting stuck (little circle stops spinning). Tried Xing them them out on the pane in iTunes that shows that screen on the iPad, but n

  • JPEG   var options.... how do I get them?

    CS4-AI  Mac I'd like to change the "SaveLayersPNG200dpi.jsx" to export to JPEG. How do I get a list of the export options for jpgs? I looked in the scripting pdf's but I couldn't find it. Below is the script, I assume ( I don't know anything about sc

  • How do I unauthorize lost iPod and a previously owned (now sold) mac?

    I lost my ipod and I want to unauthorize it from my iTunes account. Also I sold my old mac and forgot to unauthorize it before I sold it. Can I do this?

  • Using store procedure within sql statement?

    I have the following sample tables: project id project_name ====== =============== 1          project one 2          project two 3           project three employee_id     fname          lname =========== =============     ===== 100          amy      

  • Need advice about purchasing a dryer

    Our dryer went out and we need some information about buying a new dryer. What's this hoopla about dryers not coming with a power cord? We don't need a venting kit as our old dryer still has a perfectly good venting system, but I find it strange that