SAP

PGP Encryption Engine in the iFlow

Sergei Ignatov

3 min read

I would like to present an example of the iFlow containing the PGP Encryption step, followed by further message storage in the DataStore.

Requirement

Develop an iFlow to process the sent data, encrypt it with the PGP public key, and save it in the DataStore.

Step #1. PGP Keys

Before beginning iFlow development, ensure you have a pair of PGP keys (private and public keys + secret phrase) for encrypting and decrypting the data.

Pretty Good Privacy - Wikipedia
Wikimedia Foundation, Inc.Contributors to Wikimedia projects

Step #2. Upload the keys to BTP

After obtaining the keys, upload them to your BTP Integration Suite instance. Navigate to Monitor -> Integration and APIs section in the Integration Suite and click on the 'PGP Keys' tile.

See Managing PGP Keys

Upload two of your PGP keys.

Step #3. Create the iFlow

The following steps will be used within the new iFlow:

  1. The Groovy Script
  2. The Router
  3. PGP Encryptor
  4. Write to the Data Store
  5. Content Modifier

Step #3.1 The Groovy Script

To check your Groovy code, I recommend using the provided service below.

Groovy IDE

You might find the examples helpful for expediting the iFlow development process.

See Groovy examples

In this scenario, I aim to implement the following logic:

⚠️
if the message body is empty, the Groovy script should set the custom property EmptyPayload with a 'true' value.

The below code implements the required logic:

Add the corresponding step in the iFlow.

Step #3.2 The Router

After the first step of the iFlow, the property EmptyPayload should be either 'blank' or 'true'. By adding the Router step, I intend to control the flow.

⚠️
If the payload is empty, the iFlow should stop. Otherwise, encrypt and save the message in the DataStore.

Consequently, activate two routes for this step: one for processing when the payload is not empty, and another for processing when the payload is empty.

If the payload is empty, it might be beneficial to notify the client with the corresponding information provided by the Content Modifier step.

Step #3.3 PGP Encryptor

To encrypt the payload, add the PGP Encryptor step and specify the encryption key user ID assigned to the public key.

Step # 3.4 Write to the Data Store

Save the encrypted payload in the DataStore by adding the Write to the DataStore step. This step requires a DataStore ID, visibility settings, and an entry ID, etc. for further data reading.

In this example, make the DataStore ID available across all other iFlows by assigning the 'Global' visibility level and using the standard header parameter SAP_MessageProcessingLogID as the entry ID.

See Headers and Exchange Properties Provided by the Integration Framework

SAP_MessageProcessingLogID - Contains the ID of the message processing log. You can use this property to read the ID of the message processing log (no write access supported).

Step # 3.5 Content Modifier

At the end of the iFlow, send the value of the SAP_MessageProcessingLogID property to the client. Add the Content Modifier step with the corresponding expression in the 'Body' section.

Don't forget to deploy the iFlow.

Step #4. Testing

In the video fragment below, view the results of the iFlow triggered with an empty payload and with some context in it.

0:00
/0:27

Check the DataStore with the provided message ID after successfully triggering the iFlow.

The content of the body was successfully encrypted.

Read more