Run-time Encryption Key Generation
This article is about the Data Encryption Standard.In this article, we will briefly study the basic DES and its steps of encryption and decryption aim to capture. We will cover the types of messages in the Data Encryption Standard. Submitted by Monika Sharma, on February 23, 2020. This is a Data Encryption Standard that is the asymmetric key generation for the encryption of digital data in. RSA(Rivest-Shamir-Adleman) is an Asymmetric encryption technique that uses two different keys as public and private keys to perform the encryption and decryption. With RSA, you can encrypt sensitive information with a public key and a matching private key is used to decrypt the encrypted message. RandomKeygen is a free mobile-friendly tool that offers randomly generated keys and passwords you can use to secure any application, service or device. KEY RandomKeygen - The Secure Password & Keygen Generator.
This blog post is intended to give an overall idea on file encryption and decryption process using a key in ABAP. By end of this blog post, we will be able to learn ‘how to encrypt a text file or data using a key and in the end we will also able know “how to decrypt the encrypted data using the same key”.
You can also try this blog post if you are getting run time error “CX_SEC_SXML_ENCRYPT_ERROR” in class “CL_SEC_SXML_WRITER” during decryption of the data.
Requirement:
Recently I came across a requirement where we have to encrypt the generated file while placing it in application server( t-code – AL11 ). The third party middle-ware reads the file from SAP application server and sends it to the target system. To avoid the misutilization of any sensitive data by the third party middle-ware, we have encoded the file using a key(key is generated every-time, hence the key is unique always) and the key has been shared with the concerned person of the target system via e-mail. I thought to share this so that it can be helpful to someone.
The mechanism mentioned above is called “Symmetric Key Encryption” in Cryptography(as the same key is used in the encryption and decryption process, hence the name “Symmetric”).
We will be using the class “CL_SEC_SXML_WRITER” for encryption and decryption process. The class “CL_SEC_SXML_WRITER” contains 3 algorithm for encryption and decryption. Below are the details.
- AES Algorithm 128 Bit
- AES Algorithm 192 Bit
- AES Algorithm 256 Bit
These are the algorithms been followed universally, so even if the target system is a non-SAP system, the encrypted file from SAP can be decrypted using the correct key in the target system and vice-versa(and yes, the algorithm used during encryption process should be used during decryption process, of course).
Encryption Key Generator
So, let’s demonstrate the complete process of encryption and decryption using a key in ABAP. We will be creating 2 different program. Below are the details.
- Program 1: We will create a program with name “ZFILE_ENCRYPTION”. In this program we will do the following task:-
- Creation of the file which needs to be encrypted
- Generation of the “KEY” which will be used in encryption process
- Encrypting the file with the generated key
- Sharing the key with intended person via e-mail
- Program 2: We will create another program with name “ZFILE_DECRYPTION” for decrypting the encrypted file using the generated key. For the scenario that I have worked on(mentioned above) , this program was not required by me as the decryption has been done in the target system. However, this program can be useful if you are in the receiving end of the encoded file. For demonstration purpose, I will be explaining it in this blog post.The program will do the following task:-
- Reading the encoded file from application server(t-code : AL11)
- Decrypting the encode file using the key been received on email
- Downloading the decrypted file(in readable format)
Let’s walks through the both program one after one in details.
Program 1: ZFILE_ENCRYPTION – Encrypting the file using a key
Note: Complete source code has been provided in the end of this blog post.
Step 1: Preparing the text file which needs to be encrypted
This step is pretty straight forward. For demonstration purpose, I will be uploading a text file from presentation server. Below is the sample code for file upload. /microsoft-visual-studio-2013-product-key-generator.html. The data object “LV_DATA” contains the desire data which needs to be encrypted.
You can also generate the file string programmatically instead of uploading it from presentation server.
Source file is looking like this:
Step 2: Generating the key for encryption
We have to generate the “KEY” which will be used in encryption process. “GENERATE_KEY” method of the class “CL_SEC_SXML_WRITER” can be used for that. The method always returns a unique “XSTRING” every-time.
Important: Please do not use the class “CL_ABAP_CONV_OUT_CE” for generation of the “KEY” for encryption. If you do so, you the program will dump if the encryption and decryption program are different. Below is the screenshot of the dump.
Step 3: Encrypting the file using the key
Till now we have prepared the data which needs to be encrypted and the key is also generated which will be used for encryption. For that we have to use the method “ENCRYPT” of class “CL_SEC_SXML_WRITER”. The arguments of the method is the key which been derived in the above step, the data(which needs to be encrypted) in “XSTRING” format and the name of the algorithm which needs to be used. Below is the sample code
Certificate installation generate key nginx digital ocean. Step 4: Saving the encrypted file in application server
Now that we have encrypted the file, we have to save the encrypted file in application server(t-code: AL11). But, please note the encrypted file in “XSTRING” format. So, how to transfer the “XSTRING” to application sever. Yes, you are right, just assign the “XSTRING” to a “STRING” data object and transfer the string to the application server. As simple as that. Below is the code snipet.
Encrypted file in AL11 looks like below. Now the data is been encrypted using the key.
Step 5: Sending generated key with concerned person via email.
There are many blog post and thread available for explaining how to send email in ABAP. So, I am not covering that in this blog post. However, you can find the code in the bottom section of this blog post.
Program 2: ZFILE_DECRYPTION : Decrypting the file using the generated key
Note: Complete source code has been provided in the end of this blog post.
Step 1: Reading the encrypted file from application server
We are reading the encrypted file from application server(t-code: AL11) using “OPEN DATASET”. Please refer to below link if you are new to this.
Step 2: Decrypting the file using the key
Now that we have read the encrypted data from application server(t-code: AL11) and we have the received the generated key(the key is received over email – refer to Step 5 of Program 1 above), we have to decrypt the data using method “DECRYPT” of class “CL_SEC_SXML_WRITER” . The methods has the arguments for “encrypted data”, “the key which was used during encryption”, “the algorithm which was used during “encryption”.
The data object “LV_DATA” has the encrypted data(derived from above step). The data type the data object is “string”. We have to assign it to a data object of type “XSTRING”. Then we can decrypt the data. Below source code for reference
Now that you have got the decrypted data, you can process it or can download to presentation server as per the requirement. I have download the file to the presentation server for demonstration. Please refer to attached source code file for details.
Decrypted file looks like below
Conclusion:
So, in this blog post we are able to encrypt the data/text file using a key(the key was generated during run-time). The key has been shared with the concerned person over e-mail. A separate decryption program has been created which decrypts the data using the key been shared.
Hope this blog post will help someone.
Complete source code has been given below for both the program – encryption and decryption