SAP Process Integration, SAP Process Orchestration, Cloud Integration

SAP CPI – Encryption and Decryption using PGP keys

When we are doing HR or Bank related integration here main factor is data secure, so one of way is encrypt data using PGP keys.

In this tutorial I am going to explore

  1. How to generate PGP Keys using Kleopatra Software
  2. How to Encrypt data using PGP Public key in SAP CPI
  3. How to Decrypt the data using PGP Private Key in SAP CPI

Generating PGP Keys using Kleopatra Software

Open the Kleopatra application > File > New Key Pair

Provide the Key Pair Name > Advanced Settings > Select Validity

Enter the Passphrase

Click on Finish

Key Pair are Successfully generated.

Now we need to export the PGP Public and Private keys.

Exporting PGP Public Key

Save as FileName .pgp format

Exporting PGP Private Key

Finally, we have generated the PGP public and private keys

These keys we are going to use in the SAP CPI Iflow to Encrypt and Decrypt the content.

PGP Encryption

In this case we need to get PGP public key from the Non-SAP/Third party application team.

CPI Flow Chart


Importing the PGP Public Key in Security Material

Step -2 Navigate to Design > Select Package > Artifact tab > Add Iflow

From the sender Drag the connecting arrow to connect to start action, from the Adapter Type box select the HTTPS.

  • In Connection tab, enter the Address or URL details
  • Enter /PGPEncryption Optionally, you can enter any value of your choice, but ensure that you use “/”symbol before specifying the endpoint name

Groovy script for the payload logging

import java.util.HashMap;
def Message processData(Message message) {
    def body = message.getBody(java.lang.String) as String;
    def messageLog = messageLogFactory.getMessageLog(message);
    if(messageLog != null){
        messageLog.setStringProperty("Logging#1", "Printing Payload As Attachment")
        messageLog.addAttachmentAsString("ResponsePayload:", body, "text/plain");
    return message;

Step-3 PGP Encryptor

Here we are using the PGP Encryptor pallet to encrypt the incoming data

Drag and Drop the PGP Encryptor function from Security tab into Iflow space. In the Processing tab we can select the dropdown values to adjust the algorithm, Key length, Compression etc. values but MUST specify the UID(User ID) of Public/Private Key pair to be used for Encryption

Save and deploy the Iflow

Step-4 Testing the Integration Flow Using Postman

PGP Decryption

In this case we need to generate PGP keys (Public and private), and public key will share with the third-party application team to encrypt the data.

CPI Flow Chart


Importing the PGP Private Key in Security Material


Here we are using the PGP Decryptor pallet to Decrypt the incoming content

In the Processing tab Specify the UID(User ID) of Public/Private Key pair to be used for Decryption

Step-3 Testing the Integration flow using Postman