PGP Security Encryption/Decryption/Signature/Validation in SAP CPI

OpenPGP was standardized in 1997 and since then continuously improved. Pretty Good Privacy (PGP) is an encryption framework that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting messages to increase security during data exchange. You can read more about PGP open standards and software downloads at

The process of converting plain text into cipher text is known as encryption, & converting ciphertext into plaintext is known as decryption. Likewise, to confirm the integrity of the message we can use Message Signature and Validation methods. Cryptographic algorithm of PGP module verifies data and transmits the electronic data so that it can't be read by anyone except the intended recipient, even across the insecure-network.

In SAP CPI, we have simple Security functions as PGP Encryption, Decryptor, Signature, Validation etc which are very easy to use.

Public Key is ALWAYS shared whereas Private/Secret Key is NEVER shared and will always be password protected.

Conceptually, we have to mention the Public Keys UID that we want to use for Encryption or Signature validation. The public keys must be present in the Pubring of SAP CPI tenant.

Similarly, for decryption we simply have to use the SAP CPI functions and not even specify the UID of Private Keys as they are Already present in our Secring and get scanned thru the secring to find/match the secret key pair for the public key that was shared to encrypt the message.

In SAP CPI, you would always import or export Pubring/Secring which are used to hold Public/Private(Secret) Key pairs.

You can use free tools like GoAnyWhere PGP studio to perform Key Management tasks like create, renew, export, change password etc of keys you will be using in SAP CPI for encryption/signature/decryption/validation.

You can also use command line to interact with pgp setup that can be downloaded at OpenPGP website.

Configuring the Encryption/ PGP Module

Here are some steps to implement PGP message-level security in SAP CPI

Step 1: Ensure SAP CPI Pubring/Secring has correct Public/Private Key pair to be used for Encryption and Signing.

Step 2: Drag and Drop the PGP Encryptor function from Security tab into your iflow space.You can select the dropdown values to adjust the algorithm, Key length, Compression etc. values but MUST specify the UID of Public/Private Key pair to be used for Encryption/Signing(optional).

Step 3: Drag and Drop the PGP Decryptor function from Security tab, there is no ask to specify the private key for decryption but must configure the function by specifying the UID of Public key against which the Message was signed with a corresponding Private key of vendor.

Step 4: Configure the Integration Flow Steps for Message-Level Security and Test

Step 5: Verify the files/data, they will be encrypted looking similar to below cryptic text


Pretty Good Privacy (PGP) encryption/decryption works on principle of Public and Private Key Pairs.

As far as its known, intelligence organizations aren’t able to break PGP so it is pretty safe and if used right should eliminate the data integrity challenges during transmission in SAP CPI.

GoAnywhere's OpenPGP Studio is the free PGP tool that can be used for Key Management.

SAP CPI makes it very easy to use PGP functions using configuration in combination with pubring/secring key management.

Advantages of PGP Security

- Future-proof technology and complete compatibility with different applications.In-built key administrator to securely manage yours and others' keys.

- Open Standard makes it very Easy and Universal to use.

- Provides absolute confirmation that data gets or sent has not been altered in transit. Also, in order to protect the data from unauthorized access, the data can always be archived/encrypted and decrypted by target application only.

Related Blogs
SAP CPI Message Mapping Examples (Groovy, XSLT, Graphical)