Use

You use this Customizing activity to encrypt the payload of postprocessing orders on database level for better data security. You can assign an encryption key to the business processes of the error and conflict handler. You use this key to encrypt the payloads of newly created postprocessing orders.

This means that all appropriately configured postprocessing order payloads are encrypted when stored in the database. Users that start a database query, for example, with SQL, cannot read the contents of the payload.

Requirements

Before you can assign an encryption key, you first need to define the encryption key and determine the personal security environment (PSE). Proceed as follows:

1. Choose Application-Specific SSF Parameters (Transaction SSFA).
2. Choose New Entries.
3. Select the SSF application ECH Key 1 - Payload Encryption This SSF application is included in this delivery.
4. Choose Save.
5. Select a secure encryption algorithm, such as TRIPLE_DES.
6. Save your changes.
7. Repeat these steps for the SSF application ECH Key 2 - Payload Encryption.
8. Select Trust Manager (Transaction STRUST).
9. Position the cursor on the entry ECH Key 1 - Payload Encryption.
10. In the context menu, choose Create.
11. Select RSA as the algorithm.
12. Repeat these steps for the entry ECH Key 2 - Payload Encryption.
13. Check whether the entries for all application servers are correct (green light).

Note

Note the following recommendations in your activities involving transaction STRUST:

• Select an appropriate key length (2048 bytes are recommended).
• If the scenario requirements allow it, select a suitably long validity time for the key. Otherwise, take the appropriate measures to prepare your business processes and systems for the key procedure.
• Create a backup copy of the key by exporting it.
• If you want to delete a key, check your plan first. Some messages that cannot be read with the key may still be saved to the database.

Check the use of the key

You can find out which payloads have been encrypted with each encryption key.

Example

If a key has been disclosed, you can find out whether it is still being used for payload encryption. To do so, execute the following step:

1. Select the Object Navigator (Transaction SE80).
2. Start the Encrypting and Reassigning Payloads program (FEHR_CHANGE_ENCRYPTION_KEY).
3. Run the simulation.

   Use the Simulate Processes function to determine the number of payloads that have been encrypted with this key. If you have changed or deleted the encryption key in this Customizing activity, you can encrypt, reassign, or decrypt payloads.

Standard settings

If no entry exists for a business process or if no encryption key is specified, then the payload is not encrypted when saved to the database.

Activities

• Assign an encryption key to the required business process by selecting one in the Private Address Book for SSF field.
• Save your entries.

Example