Problem solve Get help with specific problems with your technologies, process and projects.

What is the best way to encrypt messages?

Want to encrypt a particular message? SAP expert Axel Angeli explains how.

We have a particular message type that we wish to encrypt. There are a number of options for how to do this, since we are using SAP, SAP BC, and MQSeries to deliver the IDocs to a client.

We are using version R/3 4.6. I understand that this version has a standard set of security and encryption libraries. What would be involved in encrypting an IDoc before it leaves SAP? What are your thoughts? Are there any white papers on the subject?

All code in R/3 is written in ABAP and is visible to every developer through the usual development tools. Therefore, encoding messages within R/3 is not your best choice. I understand that your motivation to encrypt the IDocs is to send them in encrypted format to a client through one of your middleware systems.

Without knowing the exact circumstance, final advice is difficult to give. If you encrypt only to guarantee secure transmission of data to the recipient, however, I suggest you use "on-the-fly" encryption by the sending middleware. Isn't it sufficient to transmit the data via HTTPS or FTPS to your receiving partner? HTTPS uses a secure encryption whose parameters are negotiated the moment when the communication line established. This is usually secure enough for all-day transmissions. Alternatively, you could send the data via a secure VPN tunnel with PGP encryption.

Again, it is difficult to give advice without knowing the circumstances so that I can evaluate the potential risks. Overall, however, encrypting data with R/3 is not really recommended.

Dig Deeper on SAP security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.