We are using version R/3 4.6. I understand that this version has a standard set of security and encryption libraries. What would be involved in encrypting an IDoc before it leaves SAP? What are your thoughts? Are there any white papers on the subject?
Without knowing the exact circumstance, final advice is difficult to give. If you encrypt only to guarantee secure transmission of data to the recipient, however, I suggest you use "on-the-fly" encryption by the sending middleware. Isn't it sufficient to transmit the data via HTTPS or FTPS to your receiving partner? HTTPS uses a secure encryption whose parameters are negotiated the moment when the communication line established. This is usually secure enough for all-day transmissions. Alternatively, you could send the data via a secure VPN tunnel with PGP encryption.
Again, it is difficult to give advice without knowing the circumstances so that I can evaluate the potential risks. Overall, however, encrypting data with R/3 is not really recommended.
Dig Deeper on SAP security
Related Q&A from Axel Angeli
An SAP user is having difficulty with PERNR iDoc while transporting data from SAP to an external system. Continue Reading
An SAP user wants to know how to upload data into SAP R/3 when SAP Scripting is not enabled. Continue Reading
An SAP user is receiving an error message while integrating SAP iDoc PORDCR1 for a purchase order. Continue Reading