Aedaptive PGP 3.0 Users Guide

AEDAPTIVe PGP for SAP NetWeaver Release 3.
0 Users Guide
Target Audience
System Administrators Technology Consultants
Document version: 16 March 2010
Copyright 20072010, AEDAPTIVe Solutions BV. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of AEDAPTIVe. The information contained herein may be changed without prior notice. Some software products marketed by AEDAPTIVe and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, MaxDB, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by AEDAPTIVe Solutions and its affiliated companies (AEGroup) for informational purposes only, without representation or warranty of any kind, and AEDAPTIVe shall not be liable for errors or omissions with respect to the materials. The only warranties for AEDAPTIVe products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. Some components of this product are based on Java. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressively prohibited, as is any decompilation of these components. Any Java Source Code delivered with this product is only to be used by AEDAPTIVes Support Services and may not be modified or altered in any way. AEDAPTIVe PGP incorporates code copyrighted by The Legion of the Bouncy Castle (www.bouncycastle.org). Used with permission.
AEDAPTIVe Solutions BV
P.O. Box 2011 4200 BA Gorinchem The Netherlands T +31/183/693738 www.aedaptive.com
About This Guide | AEDAPTIVe Solutions
Contents
About This Guide............................................................................................................................. 5 1.1 References .............................................................................................................................. 5
Short Introduction to PGP ............................................................................................................... 6 2.1 Encryption ............................................................................................................................... 6 Symmetric Key Cryptography.......................................................................................... 6 Public Key Cryptography ................................................................................................. 7 Encryption with PGP ....................................................................................................... 7
2.1.1 2.1.2 2.1.3 2.2
Digital Signatures .................................................................................................................... 8 Signing Messages Using Message Digests....................................................................... 9 Signing and Encrypting Messages ................................................................................... 9
2.2.1 2.2.2 2.3 3
Conclusion ............................................................................................................................. 10
Technical Features of PGP............................................................................................................. 11 3.1 3.2 3.3 3.4 3.5 3.6 3.7 Public Keys, Private Keys, and Key Ring Files ........................................................................ 11 Signing Keys and Encrypting Keys ......................................................................................... 11 Public Key Algorithms ........................................................................................................... 12 Symmetric Key Algorithms .................................................................................................... 12 Hash Algorithms .................................................................................................................... 13 Compression ......................................................................................................................... 13 ASCII Armoring ...................................................................................................................... 14
Key Management .......................................................................................................................... 15 4.1 Managing Keys with Key Manager ........................................................................................ 15 Creating a New Key ....................................................................................................... 15 Importing Keys .............................................................................................................. 16 Using the Key Ring Files with PGP Module ................................................................... 16
4.1.1 4.1.2 4.1.3 4.2
Managing Keys with PGP Desktop ........................................................................................ 16 Creating a New Key ....................................................................................................... 17 Importing Keys .............................................................................................................. 18 Using the Key Ring Files with PGP Module ................................................................... 18
4.2.1 4.2.2 4.2.3 4.3
Managing Keys with Gnu Privacy Guard ............................................................................... 19 Creating a New Key ....................................................................................................... 19
4.3.1
3
4.3.2 4.3.3 5
Importing Keys .............................................................................................................. 21 Using the Key Ring Files with PGP Module ................................................................... 21
AEDAPTIVe PGP Module Configuration ........................................................................................ 22 5.1 PGP Encryption Module ........................................................................................................ 22 Adding the PGP Encryption Module to a Communication Channel.............................. 22 Module Parameters ...................................................................................................... 23 Dynamic Configuration of the Recipient(s) ................................................................... 25
5.1.1 5.1.2 5.1.3 5.2
PGP Decryption Module........................................................................................................ 26 Adding the PGP Decryption Module to a Communication Channel ............................. 26 Module parameters ...................................................................................................... 26
5.2.1 5.2.2 6
Troubleshooting ............................................................................................................................ 28 6.1 Message Details .................................................................................................................... 28 Errors Reported by the PGP Encryption Module .......................................................... 29 Errors Reported by the PGP Decryption Module .......................................................... 30
6.1.1 6.1.2 6.2 7
Viewing AEDAPTIVe Logging ................................................................................................. 31
Index.............................................................................................................................................. 33
1 About This Guide

This guide describes how to configure and use AEDAPTIVe PGP. This product implements a PGP encryption module and a PGP decryption module. These modules can be used on an existing SAP NetWeaver Process Integration adapter like the file adapter to encrypt or decrypt the incoming message. This guide assumes you already have knowledge about PGP and SAP NetWeaver Process Integration. PGP is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys; one is a public key that you disseminate to anyone from whom you want to receive a message. The other is a private key that you use to decrypt messages that you receive. Keys can be created by using all kind of tools available on the market. Note: Some screens and the names of some options differ slightly between SAP NetWeaver PI 7.1 and SAP EHP 1 for SAP NetWeaver 7.1. This documentation follows SAP NetWeaver PI 7.1. AEDAPTIVe PGP 3.0 can be installed on and used with both versions of SAP NetWeaver PI.
1.1
References
The following is a list of additional documents and references that provide information that might be useful in relation to this guide: information about See AEDAPTIVe PGP Installation Guide AEDAPTIVe Release Notes Philip Zimmermanns Home Page: http://www.philzimmermann.com Information about PGP on Wikipedia: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
2 Short Introduction to PGP

Pretty Good Privacy PGP for short is a de facto standard for email and file encryption, and for the creation of digital signatures on the Internet. The first PGP program was created by Phil Zimmermann in 1991. PGP uses a combination of public key cryptography and symmetric key cryptography to take advantage of both cryptographic methods. The advantages of using PGP are: Encryption: By encrypting a message you can make sure that only the intended recipient can process it. This is useful if you are communicating sensitive information and the data is at one time available as a file on a file system, for instance if you communicate with your partner via FTP or email. When using direct communication over the internet it makes more sense to use HTTPS instead, as HTTPS also encrypts the authentication data you use to access your partners server. Authenticity: By signing a message you can make sure that the recipient can verify that it was actually you who created the message and that the message has not been tampered with by another party. For instance, if your bank receives a payment worth 50000 euro, they can validate the attached signature to check if it was actually you who ordered the payment and for exactly that amount. Non-repudiation: Signed messages have an additional advantage in that the sender of the message can not deny having sent it. If there is a dispute over the contents of the message, the receiver can use the signature to prove that the message he claims to have received, has been created by the sender with exactly the same contents. For instance if the sender claims that he ordered 5 units, and you have processed 50 units, you can validate the order with the 50 units against the signature. If the signature is valid, you have proved that the sender did actually order 50 units, because he is the only one who is able to sign messages with his signature.
2.1
Encryption
Encryption obscuring the contents of a message has been around since ancient times, but has traditionally been used by the military or by large organizations. Since the digital age, cryptography has become more accessible but has also become more important as we transmit large amounts of sensitive data over the Internet.
2.1.1 Symmetric Key Cryptography

Modern cryptography finds its origins in the Second World War. There is a direct line between the cryptographic systems that were used by the Germans in their Enigma machine and the algorithms used today. This form of cryptography works as follows: The sender lets call him John has an important message for Olivia, but he does not want anyone else to read it. Therefore he obscures the message by encrypting it with a key. The resulting message he sends to Olivia. Now Olivia has to decrypt the message to be able to read it. She does this using the same key.
Short Introduction to PGP | AEDAPTIVe Solutions
During transport the message is encrypted and cannot be read by anyone who does not have the key. The cryptographic systems used in the Engima machine and their modern counterparts are implementing symmetric key cryptography. An important characteristic of this form of cryptography is that a message is encrypted and decrypted using the same key. There are several algorithms so called ciphers available implementing symmetric key cryptography and new ones are still being developed. One of the disadvantages of symmetric key cryptography is that the problem of obscuring the message has been replaced with another one: how to communicate the key while making sure that only the indented recipient receives it. This problem has been tackled in the nineteen seventies with the introduction of public key cryptography.
2.1.2
Public Key Cryptography
Public key cryptography uses two keys instead of one: one key the public key can be shared with anyone even with persons that have no business with your data; the other the private key needs to be kept secure and should not be shared with anyone, not even with the persons with whom you want to exchange data. This form of cryptography uses very advanced mathematics that allows the use of the public key to encrypt messages which then can only be decrypted by someone who has access to the private key. This means that unlike with symmetric cryptography you can share your public key freely without compromising the messages that have been encrypted with it. Lets go back to our example and assume that Olivia has gone with the times and wants to use public key cryptography to relate a message back to John. Then the first thing she needs to do is to ask John for his public key. John can give this key to her but he can also publish it on a message board as this public key cannot be used to decrypt messages that are encrypted with it. Next Olivia encrypts here message with Johns public key and sends it to John. Now John can use his private key to decrypt the data to obtain Olivias message.
Now this is very convenient, but there is one drawback to public key cryptography: the speed of the encryption and decryption process is considerably slower then with symmetric key cryptography.
2.1.3 Encryption with PGP

Symmetric cryptography and public key cryptography are in a way very complementary: the weak points of the first are the strong points of the second, and vice versa. That is why PGP is using a combination of both: it first
generates a symmetric key and encrypts the message with it (fast), and then encrypts the key with the public key of the intended recipient (convenient key exchange). So lets assume John wants to send Olivia a message using PGP. First he will generate a symmetric key and encrypt his message with this key. Next he will use Olivias public key to encrypt the symmetric key. The combination of encrypted message and encrypted key will then be forwarded to Olivia. Before she can read the message, she first needs to decipher the symmetric key with her private key. Then she can use this symmetric key to decrypt the message.
2.2
Digital Signatures
With symmetric key exchange you need to keep the key you use secret. So if you receive a message that is encrypted with a symmetric key, you know it has to come from someone who has access to that key. And as long as the key is not compromised this is someone that you trust. One of the characteristics of public key cryptography is that there is no need to keep public keys secret. This is convenient but means that anyone can use your public key to encrypt a message. Lets go back to our love story and assume that Jeff has got word of the merry message exchange between John and Olivia and is not happy with it. Being the kind of nasty person he is, he believes that he has found a way to end their bliss: he sends a confusing message to John using Olivias public key.
John, being the gullible guy he is, believes that the message has been sent by Olivia, but actually he has no proof of that fact. It would be nice if he would have a way to verify that the message has really been sent by Olivia. Fortunately public-key cryptography can solve this problem by adding a digital signature to a message. Hereby it relies on the fact that not only the public but also the private key can be used to encrypt messages. Of course when you use your private key to encrypt a message it is not really encrypted as anybody can decrypt it using your public key. However the fact that they can obtain the original message using decryption does prove something: it proves that the message was encrypted using your private key. Now since that key is by nature private, this proves that the message originated from you. This encrypted message functions as a kind of signature, similar to a signature under a letter. That is why encrypting a message with a private key is not called encryption but signing. Now for this to work you will have to send the original message and the signed message to your partner. And if you also want to make sure no one can read the message, you also need to encrypt this package. This not only takes a lot of clock cycles on your computer but also doubles the size of the data. 8 Short Introduction to PGP | AEDAPTIVe Solutions
Therefore PGP does not sign the whole message but first creates a so called message digest.
2.2.1 Signing Messages Using Message Digests

A message digest is a short (160 to 512 character) character array that is derived from a message using a so called hash function and that is characteristic for the message. This means that if you change a few words or even characters in the message and recalculate the message digest, the result will be different from the digest of the original message. In this way the message digest acts as a fingerprint of the message. PGP uses hash functions and public key cryptography to create a digital signature for a message. This works as follows: first a message digest is calculated for the message, and next this message digest is encrypted using the private key of the sender. This encrypted message digest is now the digital signature of the message. A moment ago we left John confused about Olivias feelings towards him. Now Olivia wants to make sure there is no misunderstanding so she wants to add a digital signature to her message. She does no longer care about encrypting the message as she rightfully believes that everybody is in on it anyway. First she has to calculate a message digest. Next she encrypts the message digest with her private key. The result together with the original message she now sends to John. Naturally John is happy upon receiving the message. However he has been played the fool once so he wants prove that the message has been sent by Olivia. Fortunately the message has been signed. So John searches for Olivias public key and decrypts the signature. He also calculates the message digest of the message. Finally he compares the calculated message digest with the decrypted signature. As they are the same, he has proof that the message has been sent by Olivia. John is happy again.
2.2.2 Signing and Encrypting Messages

With PGP you can combine the signing and encryption process to create a signed and encrypted message. This gives you all the benefits mentioned at the beginning of this chapter: encryption, authentication, and nonrepudiation.
Let us go back to our friends one more time to see how John relates a signed and encrypted message to Olivia. First John uses his private key to create a signature for his message. Next he generates a cipher and encrypts the message with it. Then he uses Olivias public key to encrypt the cipher so no one can decrypt the message but Olivia. The resulting signed encrypted message he sends to Olivia. Now Olivia has first to decrypt the message with her private key to obtain the cipher. Then she can use this cipher to obtain the signed message. And finally she can use Johns public key to validate the message.
Since John used signing and encryption, he and Olivia enjoy all three benefits of PGP: Encryption: Because the message has been encrypted with Olivias public key, only Olivia is able to read it. Nasty characters like Jeff can intercept the message but can not read it. Authenticity: Since the message has been signed with Johns private key, Olivia can be sure it was really John who created the message and that Jeff has not tampered with its contents. Non-repudiation: If John starts to deny his offer in public, Olivia can use the signed message to prove to the world that John really did ask her.
2.3
Conclusion
This concludes our short introduction to PGP. We have not introduced some basic features of PGP such as key servers as they are not really relevant in intra or inter company scenarios. For more information about PGP please refer to the Internet. The next chapter contains a more technical description of PGP and gives an overview of the PGP features that are supported by the AEDAPTIVe PGP Module.
10
3 Technical Features of PGP

In the previous chapter we introduced PGP and the concepts of public key cryptography and symmetric key cryptography. These concepts were described in an abstract manner. We did not touch upon the more technical aspects of the PGP protocol. However, before we can explain how to configure the AEDAPTIVe PGP Module for SAP NetWeaver, some of these more technical aspects of PGP need to be addressed. You need to know what kind of public key algorithms you can use, and which encryption algorithms or hash algorithms are available with the AEDAPTIVe PGP Module. Also you need to know what public and secret key rings are and how you can import and export your and your partners keys. In this chapter these topics are addressed. It also describes some additional PGP features such as compression and ASCII armoring. Although this chapter explains the structure of key rings, it does not address key management. This is explained in chapter 4.
3.1
Public Keys, Private Keys, and Key Ring Files
In chapter 2 we saw how PGP uses a combination of public key cryptography and symmetric key cryptography to encrypt data. We saw how you use a public key of your partner to encrypt data and use your own private key to sign data. What we did not describe is how PGP stores the public and private keys and the more technical details of encryption and decryption. PGP stores public and private keys in two files, the so called public and secret key ring. The first file, the public key ring, contains your partners public keys and the public part of your own private keys. The second, the secret key ring, contains the secret part for your own private keys. Since the secret key ring contains all your private keys, you need to be very careful with this file, even though PGP does offer additional protection for your private keys. If someone obtains your secret key ring, he does have immediate access to your private keys, because private keys are stored in the secret key ring in encrypted form. For this reason you need to specify a passphrase when using a private key. Keys are identified in the key rings with a key id which is a hexadecimal number. Fortunately you do not need to specify this number to identify a public or private key. Instead PGP uses a name and email address to identify your or your partners keys in the public and secret key rings. Before you can exchange encrypted messages with your partners you need to export your public key and import the public keys of your partners. These exported public keys can be safely exchanged via email. How you import and export public key is described in chapter 4.
3.2
Signing Keys and Encrypting Keys
In general at least two keys are associated with a name and email address. The reason is that it is good practice to use different keys for signing data and for encrypting data. This means that when you generate your keys you need to generate at least one private key for signing and one private key for encryption. Likewise for public keys you receive from your partner. 11 Technical Features of PGP | AEDAPTIVe Solutions
When you create keys for a specific name or email address, the first key that is generated, is always a signing key. This key the master key can be used to sign your own keys or to sign the public keys you obtained from your partners. By signing public keys, you can set a level of trust which can be used by PGP products to validate keys before use. If you also want to decrypt data, you also need a second or sub key pair that is linked to your signing master key. Both keys, the signing master key and the encryption sub key, will be linked to the name and email address you have specified. PGP products automatically use the master key for signing and the encryption sub key for encryption.
3.3
Public Key Algorithms
In the previous section you saw how PGP commonly uses two keys per user: one master key for signing and a sub key for encryption. When generating your own signing and encryption keys, you do not only need to specify a name and email address but also the public key algorithms you want to use for the keys. Three public key algorithms are available with PGP: RSA, DSA, and ElGamal (also called Diffie-Hellman or DH). RSA performs well for both encryption and signing. DSA is a good signing algorithm but is slow when used as an encryption algorithm. For ElGamal the opposite is true. Therefore DSA and ElGamal are used together: DSA for signing and ElGamal for encryption. PGP supports different key sizes for RSA and ElGamal keys from 1024 up to 4096 bits. DSA keys are created according to the DSS standard of USA National Institute for Standards and Technology (NIST; http://www.nist.gov) and are always 1024 bits. When choosing a key strength, remember that encrypting and decrypting with larger keys require more computing resources. Recommended key sizes for RSA and ElGamal keys are: 2048 and 4096 bits.
3.4
Symmetric Key Algorithms
In chapter 2 you saw how PGP speeds up the encryption process by using symmetric key cryptography to encrypt the data and using public key cryptography to encrypt the symmetric key. Now since PGP supports a large number of ciphers or symmetric encryption algorithms, you need to specify which encryption algorithm you want to use. There are two ways of doing this: implicit or explicit. With the implicit method PGP uses a list of PGP algorithms that is stored with your and your partners public keys. Therefore, some PGP products ask you to specify the supported symmetric key algorithms when you generate your keys, and to specify a default algorithm. Other products like Gnu Privacy Guard always store the same algorithm list with the keys you generate. The other way is to specify a symmetric algorithm when you encrypt the data. This explicit method is used by the AEDAPTIVe PGP Module. If you do not specify an encryption method with the PGP Module, the data will not be encrypted. The following table lists all ciphers that are supported by PGP Module and the supported key sizes.
12
Technical Features of PGP | AEDAPTIVe Solutions
Algorithm AES
Key Strength 256, 192, 128
Remarks The Advanced Encryption Standard is the current encryption standard of the US government, and has become very popular over the last years. The cipher was developed as Rijndael by two Belgian cryptographers and was selected after a kind of beauty contest. The 256 bits version of AES is a good candidate for your cipher. 3DES or Triple DES is a cipher derived from DES by applying the algorithm three times. Before the introduction of AES, Triple DES was very popular. Triple DES is another good candidate for your cipher. Twofish was once an AES candidate. Support for Twofish was introduced in PGP at a time the final AES candidate was not yet selected. The predecessor to Twofish was introduced as a possible replacement for DES. The 128 bits version of CAST5 was the default cipher in older versions of PGP. The Data Encryption Standard was introduced in 1975 as the encryption standard for the US government. It is now outdated.
Triple DES
168
Twofish Blowfish CAST5 DES
256 128 128 56
3.5
Hash Algorithms
Hash algorithms are used for the creation of message digests. PGP supports a large number of hash algorithms. Although PGP offers implicit and explicit specification of the hash algorithm, with the AEDAPTIVe PGP Module you always have to explicitly specify the hash algorithm you want to use to sign your data. If you omit the hash algorithm, the data will not be signed. The following table gives an overview of the supported hash algorithms in PGP Module. Algorithm SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5 MD2 Key Strength 512 384 256 224 160 160 128 128 Remarks The SHA2 family of hash functions contains the strongest hash algorithms available in the PGP Module. The 256 bits version generally offers the best balance between reliability and performance. SHA1 was the default PGP hash algorithm until SHA256 became available. Use SHA1 only if the SHA2 algorithms are not available from your partner. A less popular 160-bits algorithm. Use RIPEMD160 only when required by your partner. Message Digest 5 used to be the default hash algorithm in the first versions of PGP. The use of this algorithm should be avoided. Message Digest 2 has been compromised and should not be used.
You can use all these algorithms with RSA keys. With DSA keys however, you are restricted to the SHA hash algorithms.
3.6
Compression
PGP offers compression as a way to create smaller files. Messages can be compressed after the signing process but before encryption. The PGP Module supports encryption and decryption with the two algorithms defined in the OpenPGP standard: ZIP and ZLIB. Some PGP products also offer BZIP2 compression. The PGP Module
13
does not offer BZIP2 compression but is able to decompress BZIP2 compressed data created using other PGP products.
3.7
ASCII Armoring
If you use PGP to encrypt a message the resulting data is in binary form. This is often not desirable especially when transferring the data via email. Therefore PGP offers an option that outputs the encrypted data in text form using so called radix64 encoding. This option is called ASCII armoring as the radix64 encoding only uses ASCII characters in its output. ASCII armored text is less susceptible to corruption as it contains a redundancy check. The downside of using radix64 encoding is that an ASCII armored message is about 33% larger then the original.
14
4 Key Management
The AEDAPTIVe PGP Module implements the basic PGP functionality: encryption, creating digital signatures, decryption, and validation. Other features, such as key management, are not implemented. AEDAPTIVe offers a tool for this purpose called Key Manager. You can also use an external product to create and manage your keys, such as PGP Desktop of the PGP Corporation or Gnu Privacy Guard. This section describes how to use these tools to manage your key rings.
4.1
Managing Keys with Key Manager
Key Manager is a simple key management tool that is offered alongside the AEDAPTIVe PGP Module. For downloads go to the AEDAPTIVe web site http://aeadptive.com and browse to Customer Area Downloads - Software and Documentation for PI 7.1 AEDAPTIVe PGP Latest Release. The instructions in this section pertain to Key Manager, version 1.0.
4.1.1 Creating a New Key

This section describes how to generate a new private key with Key Manager. Perform the following steps to create a new key: 1. In Key Manager first choose to open existing key ring files to to create new onces. 2. Next choose Key New or click the New button on the toolbar. The New Key window appears. 3. If you want the key to expire, select the option On Date after Expire and specify an expiry date. 4. Change any of the other options. Please refer to the references listed in section Error! Reference source not found. for more information about these options. Note that you cannot change the Key Type; this version of Key Manager only supports the generation of RSA key pairs. 5. Specify a User ID, for instance the name of your company. 6. Specify by Email an email address. Please choose your name and email address carefully as these will be used by your partners to find your key in their key rings. The best policy is to use the name of your company or department as the user ID and the generic email address of the corresponding support team for the email address. 7. Type a passphrase. Your passphrase protects your private key so you should use a long passphrase that is difficult to guess. Retype the passphrase after Repeat Passphrase. 8. Click OK to start generating the key pair, and optionally a key pair for signing. 9. You have now successfully created a key pair. 10. Select the new key pair and click Export in the tool bar. 15 Key Management | AEDAPTIVe Solutions
11. Optionally change the name of the key and click Save. Be careful not to select the option Include Private Key(s). Selecting this option will also export your private keys. This can be useful, for instance if you want to store a backup of your private key in a safe location, but files generated with this option should never been shared with your partners. 12. You can now send the file with your public key to your partners.
4.1.2 Importing Keys

Your partners will share their keys with you by sending them as a key file. Before you can use these keys you have to import them in your key files. Perform the following steps to import a key file with Key Manager: 1. In Key Manager choose Key Import or click the Import button on the toolbar. The File Open dialog appears. Specify the file containing the key and click Open. The key file should be in ASCII format. 3. 4. Select the key file and click Open. The key will be imported. The newly imported key will be visible in the list. You can now sign the key with one of your private keys.
2.
4.1.3 Using the Key Ring Files with PGP Module

Perform the following steps to be able to use the keys with PGP Module: 1. 2. 3. 4. Start Key Manager. Check the name of the key ring files in the lower left corner. Start Windows Explorer and open the directory that contains your key rings. Copy both key ring files and save them on the server containing the NetWeaver installation where you want to use the PGP Adapter. On the server, move the files in a directory that is accessible by the user running SAP NetWeaver, otherwise the PGP Module will not be able to use the files.
5.
4.2
Managing Keys with PGP Desktop
PGP Desktop is one of the PGP products of the PGP Corporation (http://www.pgp.com). It is a commercial product that is owned by and needs to be licensed from PGP Corporation. For downloads go to the following address http://www.pgp.com/downloads/desktoptrial2.php. You have to negotiate a license from PGP Corporation and install the product as described in the installation manual.
16
Key Management | AEDAPTIVe Solutions
Note: AEDAPTIVe Solutions does not support PGP Desktop. For questions about installing and using this product, please contact PGP Corporation. The instructions in this section pertain to PGP Desktop version 9.6.

This section describes how to generate a new private key with PGP Desktop. Perform the following steps to create a new key: 1. Start PGP Desktop. 2. Choose File New PGP Key. The PGP Key Generation Assistant appears. 3. Click Next. 4. Type your name after Full Name and your email address after Primary Email. Please choose your name and email address carefully as these will be used by your partners to find your key in their key rings. The best policy is to use the name of your company or department as the full name and the generic email address of the corresponding support team for the primary email address. 5. Click Advanced. The Advanced Key Settings appear. 6. Select either RSA or Diffie-Helmann/DSS as the key type, and specify the key size. A key size of 2048 is generally considered a good choice between security and performance. Also note that the specified key size is not used for the DSS signing keys; DSS keys are always 1024 bits. 7. Optionally: Click Advanced and specify an expiration date. Click OK to close Advanced Key Settings. 8. Click Next. 9. Now you are asked to provide a passphrase. Your passphrase protects your private key so you should use a long passphrase that is difficult to guess. Type the passphrase twice and click Next. 10. PGP Desktop will now generate your key. Click Next to continue. 11. Finally click Done to close the wizard. 12. You have now successfully created a private key. Next we will export the key so that it can be used by your partners. Find the key in the key list and right click on the key. You can bring up a list of all private keys, by choosing View PGP Keys in the menu bar, and selecting My Private Keys from the menu on the left. 13. Now choose Export from the context menu. 14. Optionally change the name of the key and click Save.
17
Be careful not to select the option Include Private Key(s). Selecting this option will also export your private keys. This can be useful, for instance if you want to store a backup of your private key in a safe location, but files generated with this option should never been shared with your partners. 15. You can now send the file with your public key to your partners.

Your partners will share their keys with you by sending them as a key file. Before you can use these keys you have to import them in your key files. Perform the following steps to import a key file with PGP Desktop: 1. Start PGP Desktop. 2. Choose View PGP Keys in the menu bar. Your default key ring will be selected. If you have created multiple key rings in PGP Desktop, select the key ring you want to use with PGP Module. Please refer to the PGP Desktop manuals for more information. 3. Choose File Import in the menu bar. 4. Select the key file and click Open. 5. Click Import. PGP Desktop will import the public keys of your partner. 6. Now right click on the key you have just imported and select Sign from the context menu. 7. Optionally select the option Allow signature to be exported. 8. Click OK. 9. Select your private key in the list and click OK. 10. The public key of your partner is now signed with your private key so that you can use it to validate your partners signatures.

Perform the following steps to be able to use the keys with PGP Module: 1. Start PGP Desktop.
2. Choose View PGP Keys in the menu bar. Your default key ring will be selected. If you have created multiple key rings in PGP Desktop, select the key ring you want to use with PGP Module. Please refer to the PGP Desktop manuals for more information. 3. Right click on the key ring and select Properties. 4. A window appears with the location of your key rings. (See image below.)
18
5. Start Windows Explorer and open the directory that contains your key rings. 6. Copy both the .pkr and the .skr files and save them on the server containing the NetWeaver installation where you want to use the PGP Adapter. The file with the extension .skr contains your secret key ring; the other file contains the public key ring. 7. On the server, move the files in a directory that is accessible by the user running SAP NetWeaver, otherwise the PGP Module will not be able to use the files.
4.3
Managing Keys with Gnu Privacy Guard
Gnu Privacy Guard short name GnuPGP or GPG is a free PGP product suite published under version 2 of the Gnu Public License. Unlike PGP Desktop it can be used by corporations free of charge. However, commercial support for this product is not available. Information about this product can be found on the Internet: http://www.gnupg.org. A Windows version of the product called Gpg4Win can be downloaded from the following address: http://www.gpg4win.org. Note: AEDAPTIVe Solutions does not support Gnu Privacy Guard. For questions about installing and using this product, please refer to the on line documentation and user groups on the Internet. The instructions in this section pertain to Gpg4Win version 1.1.1.

This section describes how to generate a new private key with Gnu Privacy Guard. In GnuPG there are two ways to create new private keys: using the Gnu Privacy Assistant and using the command line. If you generate keys with Gnu Privacy Assistant (GPA) you are restricted to generating 1024 bits DSA/DH keys. If you want to use a larger key size, you have to generate your key using the command line. Both methods share the same key ring files, so after you have created a key on the command line, you can export this key using Gnu Privacy Assistant. Perform the following steps to create a new key using GPA: 1. Select GnuPG for Windows GPA in the Windows Start menu. Gnu Privacy Assistant starts. 2. Select Keys New Key from the menu. The Generate Key wizard appears.
19
3. Type your name and click Forward. 4. Type the email address corresponding to the name and click Forward. Please choose your name and email address carefully as these will be used by your partners to find your key in their key rings. The best policy is to use the name of your company or department as the full name and the generic email address of the corresponding support team for the primary email address. 5. Type your passphrase twice and click Forward. Your passphrase protects your private key so you should use a long passphrase that is difficult to guess. 6. Now you have the option to create a backup of your key. Choose one of the options and click Apply. 7. Now the wizard generates your key. Once this is completed the wizard will close automatically. Perform the following steps to create a key using the GnuPG command line: 1. Select Run in the Windows Start menu. 2. Type cmd and hit Enter. 3. Type gpg --gen-key and hit Enter. 4. Select the key type and hit Enter. If you want to encrypt data, you should select option 1 DSA and Elgamal. 5. Type the key size and hit Enter. Specify a key size of 1024, 2048, or 4096 bits. 6. Specify when you want the key to expire and hit Enter, for instance type 1y for after one year. 7. Type y and hit Enter to confirm the expiry date. 8. Type your name and hit Enter. 9. Type your email address and hit Enter. 10. A prompt appears that asks you for a comment. Type optionally a comment for your key and hit Enter. 11. Confirm your name and email address by typing O. Hit Enter. 12. Now type your passphrase. 13. Confirm the passphrase. 14. GnuPG will now generate your key. Once you have generated your private key, you should export it so you can share the key with your partners. Perform the following steps to export your private key with Gnu Privacy Assistant: 1. 2. Select GnuPG for Windows GPA in the Windows Start menu. Gnu Privacy Assistant starts. Select the key you want to export in the list.
20
3. 4. 5. 6.
Right click on the key and select Export Keys in the context menu. Specify the folder where you want to export your keys and type a file name. Finally click OK. The key will be saved on the file system. You can now send the file with your public keys to your partners.
Note: When exporting a 2048 bits key with Gnu Privacy Assistant, you might be confused because in GPA the key size is listed as 1024 bits. The reason is that only the key size of the master (signing) key is visible. In the case of DSA/DH keys this is always the 1024 bits DSA key. If you want to see the key size of the sub keys, you can use the command gpg --list-keys on the Windows command line.

Your partners keys can be easily imported using the Gnu Privacy Assistant. Perform the following steps to import a public key: 1. Select GnuPG for Windows GPA in the Windows Start menu. Gnu Privacy Assistant starts. 2. Select Keys Import Keys in the menu bar. 3. Select the file with the key on your file system and click OK. 4. A confirmation screen appears. Close this screen by clicking Close. 5. Your partners key will now be available in the public key ring. Right click on this key and select Sign. 6. Click OK to sign this key with your default private key. 7. You can now use your partners key in the PGP Module.

Perform the following steps to be able to use the keys with PGP Module: 1. Start Windows Explorer and open the following directory: C:\Documents and Settings\<user>\Application Data\gnupg Where <user> is your Windows user name. 2. Copy the files secring.gpg and pubring.gpg and save them on the server containing the NetWeaver installation where you want to use the PGP Adapter. The file secring.gpg contains your secret key ring; the other file contains the public key ring. 3. On the server, move the files in a directory that is accessible by the user running SAP NetWeaver, otherwise the PGP Module will not be able to use the files.
21
5 AEDAPTIVe PGP Module Configuration

The AEDAPTIVe PGP Module actually consists of two different modules that can be used in SAP Process Integration (formally eXchange Infrastructure): PGP Encryption Module PGP Decryption Module
The modules can be used as a local enterprise bean on the module tab of a Communication Channel. They are compatible with all standard SAP adapters and most third party adapters for instance the File/FTP, SMTP, and HTTP(S) adapters from SAP and the AS2 and SFTP adapters from AEDAPTIVe but some advanced adapter features that manipulate the data stream can not be used with these modules. This is in particular true for the File Content Conversion of the File adapter. This chapter describes how to configure these two modules.
5.1
PGP Encryption Module
The PGP Encryption Module can be used to encrypt and/or sign data. This section describes how to configure this module.
5.1.1 Adding the PGP Encryption Module to a Communication Channel

To configure the PGP Encryption Module, the module must be entered in the processing sequence and the parameters of the module must be entered in the configuration table. Both are located on the tab Module of the Communication Channel. Proceed as follows to add the PGP Encryption Module to the processing sequence of a Communication Channel: 1. 2. 3. 4. 5. 6. Open the Communication Channel for which you want to encrypt data and click on the tab Module. Add a processing sequence by clicking on the green plus sign. Enter the following text in the column Module Name: localejbs/PGPEncryptionModule Select Local Enterprise Bean under Type. Except the default value for the Module Key or change it to something more descriptive. Move the processing sequence up one line so that it is positioned before the module CallSapAdapter.
22
AEDAPTIVe PGP Module Configuration | AEDAPTIVe Solutions
Note: Make sure that the default module CallSapAdapter is the last module in the list. Otherwise the behavior of the Communication Channel will be unpredictable. 7. Now enter the module parameters as described in the next section.
5.1.2 Module Parameters

Once you have added the PGP Encryption Module to the Communication Channel, you have to enter the module parameters in the Module Configuration pane. You find the module configuration pane below the Processing Sequence. Do not forget to set the Module Key of each parameter to the Module Key of the PGP Encryption Module in the processing sequence. The following table gives an overview of the PGP Encryption Module parameters. Optional parameters are in italics. Parameter publicKeyRing Description Set this parameter to the full path of the PGP public key ring, e.g. C:/share/AEDAPTIVE_TEST_SCENARIOS/PGP/Keys/pubring.gpg. The key ring must be readable by the SAP J2EE engine. Set this parameter to the full path of the PGP secret key ring, e.g. C:/share/AEDAPTIVE_TEST_SCENARIOS/PGP/Keys/secring.gpg. The key ring must be readable by the SAP J2EE engine. Set this parameter to the desired cipher or encryption algorithm. The following algorithms are supported: AES_256 AES_192 AES_128 TRIPLE_DES TWOFISH BLOWFISH CAST5 DES If this parameter is omitted, the data will not be encrypted. Refer to section 3.4 Symmetric Key Algorithms for more information about supported algorithms.
secretKeyRing
encryptionAlgorithm
23
Parameter recipient
Description Set this parameter to the user id or email address of the intended recipient. You can specify multiple recipients in a semicolon separated list. The user ids or email addresses you specify should match part of a user id or email address of a public key in the public key ring. The public keys of specified recipients are used to encrypt the data. If you specify the parameter encryptionAlgorihm, you also have to specify a recipient. If you omit the parameter recipient, the PGP Module will search for the recipient in the supplemental data variable com.aedaptive.module.pgp.recipient. This allows for a dynamic configuration of the recipient(s). See section 5.1.3 for more information. If you omit the parameter encryptionAlgorihm , this parameter can also be omitted. In that case the data will not be encrypted. Set this parameter to the desired hash algorithm for signing. The following algorithms are supported: SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5 MD2 If the parameter is not provided the data will not be signed. Refer to section 3.5 Hash Algorithms for more information. Note: The algorithms RIPEMD160, MD5, and MD2 can only be used in combination with RSA private keys. Set this parameter to the user id or email address of the secret key you want to use to sign the message. If you specify the parameter hashAlgorithm, this parameter is required. Otherwise this parameter can be omitted. The parameter should match part of the user id or email address. It is case sensitive. This parameter is the passphrase of the secret key of the signer you have specified. You have to enter the password twice. (There are two input fields in the column Parameter Value). If you specify the parameter hashAlgorithm, this parameter is required. Otherwise this parameter can be omitted. This parameter is case sensitive. If this parameter is set to true, the output will be encoded using radix64 encoding. Valid values for this parameter are true and false. If you omit this parameter, the default value false will be used If this parameter is set to true, encrypted data is treated as text. This allows the recipient to obey local text convention so that Windows line ends can be converted to Unix line ends, and vice versa. Use this parameter to specify the compression algorithm you want to use. The following compression algorithms are supported, ZIP or ZLIB. If the parameter is not provided the data will not be compressed..
hashAlgorithm
signer
pwdPassphrase
armor
textMode
compression
24
Parameter compatibilityMode
Description If this parameter is set to RFC2440, the output will be compatible with the PGP standard outlined in RFC 2440. If you specify RFC4880 or omit this parameter, the output will be compatible with the standard defined in RFC 4880. If your partner is using an older version of PGP (5.0 or later) and is not able to decrypt your data, you can use this parameter to ensure compatibility.
This following image gives an example of the parameters.
5.1.3 Dynamic Configuration of the Recipient(s)

The PGP Encryption Module allows for a dynamic configuration of the recipients of the data. To enable this feature, you need to define the module parameter encryptionAlgorithm and omit the parameter recipient from the Module Configuration list. In this setup the PGP Encryption Module will search for the supplemental data variable com.aedaptive.module.pgp.recipient and use its value for the recipient. You can set this supplemental data variable by creating your own module and add this to the module list above the PGP Encryption Module. In this custom module you can set the variable using the following code fragment: String recipient = "some value"; inputModuleData.setSupplementalData( "com.aedaptive.module.pgp.recipient", recipient);
25
5.2
PGP Decryption Module
The PGP Decryption Module can be used to decrypt and/or verify PGP encrypted and/or signed data. This section describes how to configure this module.
5.2.1 Adding the PGP Decryption Module to a Communication Channel

To configure the PGP Decryption Module, the module must be entered in the processing sequence and the parameters of the module must be entered in the configuration table. Both are located on the tab Module of the Communication Channel. Proceed as follows to add the PGP Decryption Module to the processing sequence of a Communication Channel: 1. 2. 3. 4. 5. 6. Open the Communication Channel for which you want to decrypt data and click on the tab Module. Add a processing sequence by clicking on the green plus sign. Enter the following text in the column Module Name: localejbs/PGPDecryptionModule Select Local Enterprise Bean under Type. Except the default value for the Module Key or change it to something more descriptive. Move the processing sequence up one line so that it is positioned before the module CallSapAdapter.
Note: Make sure that the default module CallSapAdapter is the last module in the list. Otherwise the behavior of the Communication Channel will be unpredictable. 7. Now enter the module parameters as described in the next section.
5.2.2 Module parameters

Once you have added the PGP Decryption Module to the Communication Channel, you have to enter the module parameters in the Module Configuration pane. You find the module configuration pane below the
26
Processing Sequence. Do not forget to set the Module Key of each parameter to the Module Key of the PGP Decryption Module in the processing sequence. The following table gives an overview of the PGP Decryption Module parameters. Optional parameters are in italics. Parameter publicKeyRing Description Set this parameter to the full path of the PGP public key ring, e.g. C:/share/AEDAPTIVE_TEST_SCENARIOS/PGP/Keys/pubring.gpg. The key ring must be readable by the SAP J2EE engine. Set this parameter to the full path of the PGP secret key ring, e.g. C:/share/AEDAPTIVE_TEST_SCENARIOS/PGP/Keys/secring.gpg. The key ring must be readable by the SAP J2EE engine. This parameter is the passphrase of the key that was used to encrypt the data. You have to enter the password twice. (There are two input fields in the column Parameter Value). If the data is not encrypted, this parameter can be omitted. This parameter is case sensitive. This parameter is used to validate if the message is signed. If you set this parameter to true, the PGP Decryption Module will validate if the data has been signed. If this is not the case, the message will go in error. This is an optional parameter.
secretKeyRing
pwdPassphrase
isSigned
This following image gives an example of the parameters.
27
6 Troubleshooting
This chapter contains tips and tricks that can be used to pinpoint configuration errors with the PGP Module.
6.1
Message Details
The PGP Module reports its activities in the Run-Time Workbench. To access this information, proceed as follows: 1. Start Run-Time Workbench and click Message Monitoring. Next Select the after Messages from Component the option Adapter Engine and select after From the option Database. Click Start.
2.
Select the message details and go to the tab Audit Log. Browse through the log until you reach the entries generated by the PGP Module. The following image shows details from the encryption module.
You see that the module reports the specified module parameters (with the exception of the passphrase). It also reports any activities it has executed. The image on the next page shows details from the decryption module. Please note the key ids.
28
Troubleshooting | AEDAPTIVe Solutions
3. 4.
If an error is reported, check the error lists in this chapter for more information. In some cases, the information in the message details will not be enough to troubleshoot your issue. In that case you can use the logs and traces from SAP NetWeaver to obtain more information. This is also described in this chapter.
6.1.1 Errors Reported by the PGP Encryption Module

This section contains a list of common errors that can be reported in the Run-time Workbench by the PGP Encryption Module. These errors are often caused by incorrectly specified module parameters, or the use of expired or unknown keys. An error occurred when reading the public key ring. Check the parameter publicKeyRing. Either you have omitted this parameter or the path to the public key ring file is incorrect. If this does not solve your issue, check if the OS user that is running the NetWeaver PI Adapter Engine has access rights to the file. An error occurred when reading the secret key ring. Check the parameter secretKeyRing. Either you have omitted this parameter or the path to the secret key ring file is incorrect. If this does not solve your issue, check if the OS user that is running the NetWeaver PI Adapter Engine has access rights to the file. Public key not found in key ring. First check if the parameter recipient is specified. If this is the case, check if a public key is available for the selected recipient in the public key ring you have specified. Secret key not found in key ring. First check if the parameter signer is specified. If this is the case, check if a private key is available for the selected signer in the key rings you have specified. The specified encryption algorithm (<xxx>) is not supported. Check the parameter encryptionAlgorithm and specify a supported encryption algorithm. 29 Troubleshooting | AEDAPTIVe Solutions
The given signature algorithm (<xxx>) is not supported. Check the parameter hashAlgorithm and specify a supported hash algorithm. The specified compression method (<xxx>) is not supported. Check the parameter compression and specify a supported compression algorithm. Incorrect compatibility mode specified: <xxx> Check the parameter compatibilityMode and specify a supported value. Supported values are: RFC2440 and RFC4880. Cannot sign: public key with keyID <keyID> is expired The key of the specified signer or recipient has expired. Use PGP Desktop or GNU Privacy Guard to create a new signing key or ask your partner for a new key. Parameter signer missing; this parameter is required if the parameter hashAlgorithm is specified Self explanatory. Unsupported keysize or algorithm parameters If you see this error, please check if you have installed the "unlimited strength" version of JCE (Java Cryptography Extension). See section 2.2 of the AEDAPTIVe PGP Installation Guide.
6.1.2 Errors Reported by the PGP Decryption Module

This section contains a list of common errors that can be reported in the Run-time Workbench by the PGP Decryption Module. These errors are often caused by incorrectly specified module parameters, or the use of expired or unknown keys. An error occurred when reading the public key ring. Check the parameter publicKeyRing. Either you have omitted this parameter or the path to the public key ring file is incorrect. If this does not solve your issue, check if the OS user that is running the NetWeaver PI Adapter Engine has access rights to the file. An error occurred when reading the secret key ring. Check the parameter secretKeyRing. Either you have omitted this parameter or the path to the secret key ring file is incorrect. If this does not solve your issue, check if the OS user that is running the NetWeaver PI Adapter Engine has access rights to the file. The message is encrypted but a passphrase is not specified. You have not specified a passphrase but the message data is encrypted. If the input data is encrypted, a passphrase is required. The message is not signed but a signature was expected If you set the parameter isSigned to true, the PGP Decryption Module throws this error if the message data is not signed. 30 Troubleshooting | AEDAPTIVe Solutions
Public key found in key ring. The specified public key ring does not contain the public key of the key pair that was used to sign the message. Ask your partner for the correct public key and use PGP Desktop or GNU Privacy Guard to import this key in the public key ring. Secret key not found in key ring. The specified secret key ring does not contain a secret key that can be used to decrypt the message. Your partner is using an incorrect public key to encrypt this message or you have not imported your key pair in the specified key rings. No usable private key found in the secret key ring. Check the parameter pwdPassphrase. You either have specified an incorrect value for this parameter or your partner is using an incorrect key to encrypt the data. Look In the communication channel logging for the line Found a secret key in the secret key ring for keyID <keyID>. Use PGP Desktop or Gnu Privacy Guard to see if the specified key ID belongs to the key you have provided to your partner. Public key with keyID <keyID> is expired The key that was used to sign the message has expired. Your partner has to provide you with a new key. The PGP Decryption Module does not have an option to override this error. Unsupported keysize or algorithm parameters If you see this error, please check if you have installed the "unlimited strength" version of JCE (Java Cryptography Extension). See section 2.2 of the AEDAPTIVe PGP Installation Guide.
6.2
Viewing AEDAPTIVe Logging
This section describes how to enable and use the logging features of the AEDAPTIVe Software. These can be useful to troubleshoot connections with your partners. As with standard SAP modules, the logging can be enabled using Visual Administrator. Proceed as follows to change the log level for one or more AEDAPTIVe components: 1. Start a web browser and go to the following address: http://<server>:<port>/nwa/log-config where <server> is de server name of your SAP NetWeaver PI server and <port> is de J2EE port of this server (default 50000). 2. 3. 4. Log on to NetWeaver Administrator. NetWeaver Administrator Log Configuration appears. After Show select Tracing Locations. Browse to ROOT LOCATION/com/aedaptive.
31
5.
Open the node aedaptive and select the AEDAPTIVe component for you want to change the log level and select the desired logging level in the column Severity.
6.
You can change the log level for all underlying nodes, by selecting a node, changing the log severity and choosing Copy to Subtree. Save the changed log severity by clicking on Save Configuration.
7.
To view the logging from NetWeaver Administrator, perform the following steps: 1. Start a web browser and go to the following address: http://<server>:<port>/nwa/logs where <server> is de server name of your SAP NetWeaver PI server and <port> is de J2EE port of this server (default 50000). 2. 3. Log on to NetWeaver Administrator. NetWeaver Administrator Log Viewer appears. In the Log Viewer screen select the General View for the last 24 hours, or another view that will contain the desired log information. In the filter row under Location specify the desired location e.g. com.aedaptive.pgp.module and press Enter. The log data is now displayed on the screen.
4.
5.
32
7 Index
AES, 13 ASCII armoring, 14 authenticity, 6 Blowfish, 13 CAST5, 13 common errors, 29 compression, 13 DES, 13 digital signature, 8 DSA, 12 ElGamal, 12 encryption, 6 Gnu Privacy Guard, 18 creating new keys, 18 importing keys, 20 GPG. See Gnu Privacy Guard key management, 15 key ring public. See public key ring key rings, 11 secret. See secret key ring logging, 31 MD2, 13 MD5, 13 message digest, 9 non-repudiation, 6 PGP ASCII armoring. See ASCII armoring compression. See compression digital signature, 9 hash algorithms, 13 key management. See key management public key algorithms, 12 symmetric key algorithms, 12 technical features, 11 PGP Decryption Module, 26 common errors, 30 parameters, 26 PGP Desktop, 15 creating new keys, 15 importing keys, 17 PGP Encryption Module, 22 common errors, 29 dynamic configuration of recipient, 25 parameters, 23 public key cryptography, 7 public key ring, 11 radex64, 14 RIPEMD160, 13 RSA, 12 secret key ring, 11 SHA1, 13 SHA2, 13 sign and encryption, 9
33
Index | AEDAPTIVe Solutions
symmetric key cryptography, 6 Triple DES, 13
troubleshooting, 28 Twofish, 13
34
AEDAPTIVe Solutions B.V. P.O. Box 2011 4200 BA GORINCHEM The Netherlands
(T) +31-183-693738 (F) +31-183-693747 (I) www.aedaptive.com
AEDAPTIVe Solutions B.V. is a private limited company of the AEGROUP and is registered at the Chamber of Commerce with number 11065386.
35

Aedaptive PGP 3.0 Users Guide

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Aedaptive PGP 3.0 Users Guide

Caricato da

Copyright:

Formati disponibili

AEDAPTIVe PGP for SAP NetWeaver Release 3.

System Administrators Technology Consultants

Document version: 16 March 2010

About This Guide | AEDAPTIVe Solutions

About This Guide............................................................................................................................. 5 1.1 References .............................................................................................................................. 5

2.1.1 2.1.2 2.1.3 2.2

2.2.1 2.2.2 2.3 3

4.1.1 4.1.2 4.1.3 4.2

4.2.1 4.2.2 4.2.3 4.3

5.1.1 5.1.2 5.1.3 5.2

6.1.1 6.1.2 6.2 7

Viewing AEDAPTIVe Logging ................................................................................................. 31

About This Guide | AEDAPTIVe Solutions

1 About This Guide

About This Guide | AEDAPTIVe Solutions

2 Short Introduction to PGP

2.1.1 Symmetric Key Cryptography

Short Introduction to PGP | AEDAPTIVe Solutions

Public Key Cryptography

2.1.3 Encryption with PGP

Short Introduction to PGP | AEDAPTIVe Solutions

2.2.1 Signing Messages Using Message Digests

2.2.2 Signing and Encrypting Messages

Short Introduction to PGP | AEDAPTIVe Solutions

Short Introduction to PGP | AEDAPTIVe Solutions

3 Technical Features of PGP

Public Keys, Private Keys, and Key Ring Files

Signing Keys and Encrypting Keys

Public Key Algorithms

Symmetric Key Algorithms

Technical Features of PGP | AEDAPTIVe Solutions

Key Strength 256, 192, 128

Twofish Blowfish CAST5 DES

256 128 128 56

Technical Features of PGP | AEDAPTIVe Solutions

Technical Features of PGP | AEDAPTIVe Solutions

Managing Keys with Key Manager

4.1.1 Creating a New Key

4.1.2 Importing Keys

4.1.3 Using the Key Ring Files with PGP Module

Managing Keys with PGP Desktop

Key Management | AEDAPTIVe Solutions

4.2.1 Creating a New Key

Key Management | AEDAPTIVe Solutions

4.2.2 Importing Keys

4.2.3 Using the Key Ring Files with PGP Module

Key Management | AEDAPTIVe Solutions

Managing Keys with Gnu Privacy Guard

4.3.1 Creating a New Key

Key Management | AEDAPTIVe Solutions

Key Management | AEDAPTIVe Solutions

4.3.2 Importing Keys

4.3.3 Using the Key Ring Files with PGP Module

Key Management | AEDAPTIVe Solutions

5 AEDAPTIVe PGP Module Configuration

PGP Encryption Module

5.1.1 Adding the PGP Encryption Module to a Communication Channel

AEDAPTIVe PGP Module Configuration | AEDAPTIVe Solutions

5.1.2 Module Parameters

AEDAPTIVe PGP Module Configuration | AEDAPTIVe Solutions

AEDAPTIVe PGP Module Configuration | AEDAPTIVe Solutions

This following image gives an example of the parameters.