Using Advantco PGP Solution for SAP BTP and Integration Suite
1. Introduction
Having a central PGP Key Management that provides features to create, export, import and manage your PGP keys is critical as it would be very complex and time consuming to do these steps with separate tools. To simply the tasks to maintain and secure the PGP keys, Advantco provides a solution for the SAP BTP platform with an adapter for the SAP Integration Suite.
The PGP Solution for SAP BTP:
The Advantco PGP Solution is a Java application that is deployed to the SAP BTP environment.
Fig 1: The PGP Solution is application running inside SAP BTP.
The solution consists of the following components:
- The PGP Key Management tool: This is a web-based management toll to create, export, import and manage your PGP keys. A role-based authorization guaranteed that only users with the right permissions use these features. An administrator can view the audit logs for any activities on the keys.
- The PGP Webservices: This exposes APIs for encryption/decryption and signing/verification with the PGP keys.
- The PGP adapter for Integration Suite: The adapter allows for seamless integration between SAP Integration Suite and the PGP Webservices.
The PGP Key Management Tool: Private PGP keys can be generated with different tools and by different persons. Public PGP keys from external parties must be managed and import into different systems. These tasks are a burden for the security team and application teams as often there are no central tool to manage these keys. The PGP Key Management tool provides the following functionalities:
Key manager: An UI5 web-based application with overview of all PGP keys with search option based on key id, email, user id or a key description.
Fig 2: Overview of the private and public PGP keys.
Creating new private PGP keys: the PGP keys can be create using a simple web-based interface. The keys are stored in a secured DB on SAP BTP. Any changes to a key are logged and can be audited.
Fig 3: Creating a new PGP key pair.
Importing public PGP keys: public PGP keys from external parties or internal secret keys can be imported and managed in the Key Management Tool.
Fig 4: Importing PGP keys into the Key Management Tool.
Testing the PGP keys: The Tool provides a test functionality for private and public keys.
Fig 5: Testing encryption.
Fig 6: Testing decryption and signature verification.
View audit log: The Tool logs all actions on the PGP keys, and these logs can be viewed by an user with administrative role.
Fig 7: Testing decryption and signature verification.
The PGP Webservices: The PGP webservices expose the functionalities of the PGP Solution to external applications. The following services are supported:
AdvantcoOpenPGPSendingService: This service enables external applications to encrypt or sign payloads with the PGP keys that are stored in the Key Management Tool.
AdvantcoOpenPGPReceivingService: This service enables external applications to decrypt or verify payloads with the PGP keys that are stored in the Key Management Tool.
AdvantcoOpenPGPKeyManagementService: This service enables external applications to create or import PGP keys into the Key Management Tool.
Fig 8: Accessing the PGP Webservices endpoints and WSDL files.
The Advantco PGP Adapter for Integration Suite: The Advantco PGP Adapter enables the users to call the PGP Webservices from the integration iflows.
Fig 9: Calling the PGP Webservices from Integration Suite iflow to encrypt a payload.
Conclusion: Having a central PGP Key Management Tool eliminates many cumbersome tasks as different teams and applications no longer need to import these PGP keys into their own space. As the PGP Solution is an SAP BTP application, it inherits all the advantages of these platform.
Please reach out to our sales team at sales@advantco.com if you have any questions.