We are using version R/3 4.6. I understand that this version has a standard set of security and encryption libraries. What would be involved in encrypting an IDoc before it leaves SAP? What are your thoughts? Are there any white papers on the subject?
Without knowing the exact circumstance, final advice is difficult to give. If you encrypt only to guarantee secure transmission of data to the recipient, however, I suggest you use "on-the-fly" encryption by the sending middleware. Isn't it sufficient to transmit the data via HTTPS or FTPS to your receiving partner? HTTPS uses a secure encryption whose parameters are negotiated the moment when the communication line established. This is usually secure enough for all-day transmissions. Alternatively, you could send the data via a secure VPN tunnel with PGP encryption.
Again, it is difficult to give advice without knowing the circumstances so that I can evaluate the potential risks. Overall, however, encrypting data with R/3 is not really recommended.
This was first published in June 2005