,

SAP Cloud Integration / CPI – AES Encryption of Payload ( Symmetric Encryption)

By.

min read

Share

Introduction

For one of our Integrations to Salesforce, we had to send data to Salesforce APEX Webservices as a Encrypted Payload. Salesforce has standard methods for Encryption and Decryption as documented here. Our requirement was to send the data as AES128 Encrypted from Cloud Integration. Of course you might think of using SAP Cloud Integration PKCS7 Encryptor (Encrypt and Sign the Message Content with PKCS#7/CMS Encryptor) but Cloud Integration PKCS7 Encryptor works on Asymmetric Keys ( Private and Public Certificates) whereas in the case of our requirement we needed to use Symmetric Encryption ( Same key for both Encryption and Decryption.

AES (Symmetric) Encryption using Groovy in Cloud Integration

As veteran Integration experts on Cloud Integration would have guessed, the only approach to handling this is to use Groovy in Cloud Integration / CPI. Below is the code snippet that encrypts the Payload / Message Body as AES-128 in Cloud Integration.

import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
def Message processData(Message message) {
    //Body
    def body = message.getBody(java.lang.String) as String;
    // Provided Key and IV as String (make sure these are correctly formatted for your use case)
	String keyString = "<<key>>" // Replace with actual key string
	String ivString = "<<InitializationVector>>" // Replace with actual IV string
	// Convert strings to binary formats suitable for the encryption algorithm
	byte[] keyBytes = keyString.bytes // This assumes the key is directly in a suitable format
	byte[] ivBytes = ivString.bytes

	// Ensure key and iv have correct lengths (16 bytes for AES-128)
	SecretKeySpec key = new SecretKeySpec(keyBytes, "AES")
	IvParameterSpec iv = new IvParameterSpec(ivBytes)
	// Prepare the cipher for encryption
	Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
	cipher.init(Cipher.ENCRYPT_MODE, key, iv)
	// Data to be encrypted
	String dataToEncrypt = body
	byte[] encryptedData = cipher.doFinal(dataToEncrypt.bytes)
	// Encode encrypted data as Base64 for easier handling
	String base64Encrypted = encryptedData.encodeBase64().toString()	
	message.setBody(base64Encrypted)
    return message;
}

Testing in Cloud Integration

AES (Symmetric) Decryption Using Groovy in Cloud Integration

import com.sap.gateway.ip.core.customdev.util.Message;
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
import java.util.HashMap;
def Message processData(Message message) {
    //Body
    def base64Encrypted = message.getBody(java.lang.String) as String;
   // Assume these are provided by your Salesforce team and properly formatted
  String keyString = "<<key>>" // Replace with actual key string
	String ivString = "<<InitializationVector>>" // Replace with actual IV string
// Convert the provided key and IV strings to binary format
    byte[] keyBytes = keyString.bytes // Ensure this conversion aligns with how your key is actually encoded (e.g., Base64, Hex)
    byte[] ivBytes = ivString.bytes
    // Create the key and IV specifications from the bytes
    SecretKeySpec key = new SecretKeySpec(keyBytes, "AES")
    IvParameterSpec iv = new IvParameterSpec(ivBytes)
    // Initialize the Cipher for decryption
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
    cipher.init(Cipher.DECRYPT_MODE, key, iv)
    // Decode the encrypted data from Base64 to binary
    byte[] encryptedData = base64Encrypted.decodeBase64()
    // Decrypt the data
    byte[] decryptedData = cipher.doFinal(encryptedData)
    // Convert the decrypted binary data to string
    String decryptedString = new String(decryptedData)
    message.setBody(decryptedString)
    return message;
}

Testing Decryption

AES Decryption Testing
AES Decryption Testing

Final Thoughts

That’s it! You can do standard AES Encryption / Decryption for Symmetric Keys in Cloud Integration using Standard Groovy Scripting!


Leave a Reply

Your email address will not be published. Required fields are marked *