Key generation process. In some situation for secret key generation, it is not desirable to trust one entity with key generation. In such situation distribute the process of key generation among a group of entities in such a way that no member of the group individually have control over the process. So we generate a key in component form as. Key agreement A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants, so that neither party can.
AES (acronym of Advanced Encryption Standard) is a symmetric encryption algorithm. The algorithm was developed by two Belgian cryptographer Joan Daemen and Vincent Rijmen. AES was designed to be efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128, 192, and 256 bits. From other cryptographic keys. For generating a derived keys, key distribution function and previously derived keys are used for generating a new keys. In a DES and AES the process of Transforming plaintext into cipher text is completed in a number of rounds and each round needs a separate keys that are derived from its previous round.
Introduction
Key Generator
Recently we had a requirement in our organization to implement encryption for all data transmission happening from SAP to external systems to have an additional layer of security. The requirement was to AES256 encrypt and Base64 Encode the information shared between the systems.The encryption/decryption was done with a common key which gets generated in SAP and shared through automated email from the system.
SAP Class/Function Modules used for the process:
- CL_SEC_SXML_WRITER is used to implement the logic for generation of AES key and encryption/decryption of information.
- SCMS_BASE64_<EN/DE>CODE_STR FM is being used for Base64 Encoding/Decoding the information.
High Level Process Flow
Following are the steps and sample code we have used for encryption/decryption.
Generate Encryption Key
We use following logic to generate Key for encryption which is stored in a table and then shared with external systems.
Process Of Key Generation In Aesthetic
Decryption
External System sends AES encrypted and Base64 encoded data and in SAP we used following logic to decrypt the text.
Encryption:
![Aes Aes](/uploads/1/2/6/0/126046204/864652860.png)
SAP processes the information and sends encrypted response back using following logic:
Sample Output:
Conclusion
The blog post provides information on how to encrypt and decrypt information in SAP and how you can plan the integration with external systems. The sample code here works for AES256/CBC/PKCS5 Padding algorithm, but CL_SEC_SXML_WRITER class has other AES encryption algorithms as well.
Aes Key Iv
Please note along with the encryption key, we also need to share the IV key which is 16bit hexadecimal string (‘0000000000000000’).
Hopefully this blog post will help in implementing similar requirements where we need to send encrypted information between multiple systems.