How to use Encryption in SAP and Store in Database
I have the task to save username and passwords in a SAP table. The password should be stored encrypted (aes128) in the database. Before sending, the password should be decrypted again. Decrypting doesn't work. Does anyone have experience with this?
This is my source code for storing the data:
data : passwd type string,
encoded type string,
decoded type string.
data: lv_plaintext type xstring.
data: lv_plaintext2 type xstring.
data: lv_key type xstring.
*----------------------------------------------------------------------*
* Selection-Screen
*----------------------------------------------------------------------*
parameters: p_name type char10.
parameters: p_usern type char10.
parameters: p_pass type text10.
parameters: p_descr type text120.
*----------------------------------------------------------------------*
* At Selection Screen Output
*----------------------------------------------------------------------*
at selection-screen output.
loop at screen.
if screen-name = 'P_PASS'.
screen-invisible = 1.
modify screen.
endif.
endloop.
*----------------------------------------------------------------------*
* Start of Selection
*----------------------------------------------------------------------*
start-of-selection.
* create message
data: lr_conv_sec type ref to cl_abap_conv_out_ce .
data: lr_conv_key type ref to cl_abap_conv_out_ce .
try.
call method cl_abap_conv_out_ce=>create
exporting
encoding = 'DEFAULT'
* endian =
replacement = '#'
ignore_cerr = abap_false
receiving
conv = lr_conv_sec
.
catch cx_parameter_invalid_range .
catch cx_sy_codepage_converter_init .
endtry.
lr_conv_sec->write( p_pass ).
* create key
try.
call method cl_abap_conv_out_ce=>create
exporting
encoding = 'DEFAULT'
* endian =
replacement = '#'
ignore_cerr = abap_false
receiving
conv = lr_conv_key
.
catch cx_parameter_invalid_range .
catch cx_sy_codepage_converter_init .
endtry.
lr_conv_key->write( p_pass ).
try.
call method lr_conv_sec->get_buffer
receiving
buffer = lv_plaintext.
endtry.
try.
call method lr_conv_key->get_buffer
receiving
buffer = lv_key.
endtry.
data: lv_message type xstring.
* encrypt using AES256
call method cl_sec_sxml_writer=>encrypt
exporting
plaintext = lv_plaintext
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
importing
ciphertext = lv_message.
data: ls_pwdstore type /vaps/pwdstore.
ls_pwdstore-name = p_name.
ls_pwdstore-username = p_usern.
ls_pwdstore-pwd = lv_message.
ls_pwdstore-pwdkey = lv_key.
ls_pwdstore-description = p_descr.
modify /vaps/pwdstore from ls_pwdstore.
write:/ 'Name', ' : ', ls_pwdstore-name.
write:/ 'Benutzername', ' : ', ls_pwdstore-username.
write:/ 'Passwort', ' : ', ls_pwdstore-pwd.
write:/ 'PWDKEY', ' : ', ls_pwdstore-pwdkey.
And here is the code for the display:
data : passwd type string,
encoded type string,
decoded type string.
data: lv_plaintext type xstring.
data: lv_plaintext2 type xstring.
data: lv_key type xstring.
*----------------------------------------------------------------------*
* Selection-Screen
*----------------------------------------------------------------------*
parameters: p_name type char10.
*----------------------------------------------------------------------*
* At Selection Screen Output
*----------------------------------------------------------------------*
at selection-screen output.
*----------------------------------------------------------------------*
* Start of Selection
*----------------------------------------------------------------------*
start-of-selection.
data: lv_message type xstring.
data: ls_pwdstore type /vaps/pwdstore.
data: lv_length type i,
e_string type string,
lt_binary type standard table of x255.
select single * from /vaps/pwdstore into ls_pwdstore
where name = p_name.
lv_key = ls_pwdstore-pwdkey.
lv_message = ls_pwdstore-pwd.
call method cl_sec_sxml_writer=>decrypt
exporting
ciphertext = lv_message
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
importing
plaintext = lv_plaintext2.
call function 'SCMS_XSTRING_TO_BINARY'
exporting
buffer = lv_plaintext2
importing
output_length = lv_length
tables
binary_tab = lt_binary.
call function 'SCMS_BINARY_TO_STRING'
exporting
input_length = lv_length
importing
text_buffer = e_string
tables
binary_tab = lt_binary
exceptions
failed = 1
others = 2.
if sy-subrc <> 0.
* Implement suitable error handling here
endif.
write:/ 'Name', ' : ', p_name.
write:/ 'PWD', ' : ', e_string.
The table columns PWD and PWDKEY are defined as RWASTRING.
Solution
I created sample code and it looks working. Maybe you can check your db routine, maybe you lost some data during db oprerations.
REPORT zmky_enc_dec.
DATA: lv_key TYPE xstring,
lv_plaintext TYPE xstring,
lv_plaintext2 TYPE xstring,
lv_message TYPE xstring,
lv_length TYPE i,
e_string TYPE string,
lv_ciphertext TYPE xstring.
DATA: lt_binary TYPE STANDARD TABLE OF x255.
lv_plaintext = '646570'.
lv_key = '5A1F47FE14F72'.
* encription
* encrypt using AES256
CALL METHOD cl_sec_sxml_writer=>encrypt
EXPORTING
plaintext = lv_plaintext
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
IMPORTING
ciphertext = lv_ciphertext.
* decription
lv_ciphertext = 'D8B7F50D13B58F8C0B9B50A59891ED2F1C368D6F2DB97A789BDAC131EE346CE8'.
CALL METHOD cl_sec_sxml_writer=>decrypt
EXPORTING
ciphertext = lv_ciphertext
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
IMPORTING
plaintext = lv_plaintext2.
CALL FUNCTION 'SCMS_XSTRING_TO_BINARY'
EXPORTING
buffer = lv_plaintext2
IMPORTING
output_length = lv_length
TABLES
binary_tab = lt_binary.
CALL FUNCTION 'SCMS_BINARY_TO_STRING'
EXPORTING
input_length = lv_length
IMPORTING
text_buffer = e_string
TABLES
binary_tab = lt_binary
EXCEPTIONS
failed = 1
OTHERS = 2.
WRITE:/ 'PWD', ' : ', e_string.
Separated report:
REPORT zmky_enc.
DATA: lv_key TYPE xstring,
lv_plaintext TYPE xstring,
lv_ciphertext TYPE xstring.
lv_plaintext = '6D6B79736F6674'.
lv_key = '5A1F47FE14F72'.
* encrypt using AES256
CALL METHOD cl_sec_sxml_writer=>encrypt
EXPORTING
plaintext = lv_plaintext
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
IMPORTING
ciphertext = lv_ciphertext.
WRITE:/ 'Encrypt', ' : ', lv_ciphertext.
Decryption
REPORT zmky_dec.
DATA: lv_key TYPE xstring,
lv_plaintext TYPE xstring,
lv_text TYPE string,
lv_length TYPE i,
lv_ciphertext TYPE xstring.
DATA: lt_binary TYPE STANDARD TABLE OF x255.
lv_key = '5A1F47FE14F72'.
lv_ciphertext = 'D9276417EA8C93AE373CE24272BD68974C524CC6E34AB2D9496162F5E1CEB2B8'.
CALL METHOD cl_sec_sxml_writer=>decrypt
EXPORTING
ciphertext = lv_ciphertext
key = lv_key
algorithm = cl_sec_sxml_writer=>co_aes128_algorithm
IMPORTING
plaintext = lv_plaintext.
CALL FUNCTION 'SCMS_XSTRING_TO_BINARY'
EXPORTING
buffer = lv_plaintext
IMPORTING
output_length = lv_length
TABLES
binary_tab = lt_binary.
CALL FUNCTION 'SCMS_BINARY_TO_STRING'
EXPORTING
input_length = lv_length
IMPORTING
text_buffer = lv_text
TABLES
binary_tab = lt_binary
EXCEPTIONS
failed = 1
OTHERS = 2.
WRITE:/ 'Decrypted', ' : ', lv_text.
- What are the differences between .pem, .cer, and .der?
- How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?
- Securely storing an access token
- convert Bouncy Castle's AsymmetricCipherKeyPair (RSA) to java.security.KeyPair
- Should I impose a maximum length on passwords?
- Encrypted the $PROFILE file successfully, but getting back the exact decrypted $PROFILE file not working
- How can encrypt\encode (Base64) for a generated key including secret message with 2nd public data key in Python?
- Get parameter + replace with space when processing in action class
- How to decrypt AES-128 encrypted m3u8 video files?
- How can find key while decrypting the ciphertext? (unknown key)
- .NET Core encryption padding is invalid and cannot be removed
- Fast and secure cryptography algorithm C#
- How to export non-exportable private key from store
- phpseclib zero byte padding
- Certificate and Symmetric Key Restore is not decrypting the data originally encrypted
- PGP BouncyCastle + Kleopatra Decryption: Unknown Packet Type: 20
- Spring Properties Decryption
- Symmetric encryption using Fernet in Python - Master password use case
- Decrypting a string with private key (RSA 2048 Key size)
- BadPaddingException when trying to decrypt Fingerprint API cypher
- Python Data Extraction from an Encrypted PDF
- Java Crypto Api - how to choose a cipher provider
- JSch session.connect error : Algorithm negotiation fail
- Fill empty C string correctly
- Is TLS over TLS possible?
- Create a procedure with Alter Database option
- Gmail - Encrypt all emails with S/MIME
- OpenSSL 3.3.1 Rsa decrypt does not remove padding
- How do I compute the approximate entropy of a bit string?
- What is the simplest way to protect communication between an iOS application and a Rails application?