Encrypting Message Content on Database Level (Central IE)
Use
To increase data security, you have the option to encrypt the payload of messages on database level. That means, all messages configured that way are stored in the message database encrypted. Users that query the message database, for example, using SQL, cannot read the content of the payload.
This section provides all configuration steps to be performed in the system of the central Integration Engine (Integration Server).
Procedure
Configuration Tasks
Perform the following steps in the system of the central Integration Engine (Integration Server).
Define the encryption keys and maintain the Personal Security Environment (PSE):
-
Choose transaction SSFA .
-
Choose New Entries .
-
Select the SSF application PI Key1 DB Message Encryption .
-
For the Encryption Algorithm select the value TRIPLE-DES.
-
Save your changes.
-
Repeat these steps for the SSF application PI Key 2 DB Message Encryption .
-
Choose transaction STRUST .
-
Position the cursor on the entry SSF PI Key 1 DB Message Encryption .
-
In the context menu choose Create .
-
Set RSA as Algorithm .
-
Repeat these steps for the entry SSF PI Key 2 DB Message Encryption .
-
Check if entries for all application servers are indicated as OK (green traffic light).
To finish Integration Engine configuration, perform the following steps:
-
Call transaction SXMB_ADM .
-
Choose Integration Engine Configuration .
-
As Category , choose Runtime.
-
Choose Configuration .
-
Create a new entry with the following settings:
-
In the Parameters column, select ENCRYPTION_KEY.
-
In the Current Value column, select the key that was defined previously using transaction STRUST .
Use the input help to make your selections.
-
Checking Usage of Keys
You can find out for each key which messages they encrypt.
To do that, perform the following steps:
-
Choose transaction SXMB_CHK_ENCKEY .
-
You can display a list of messages encrypted either for a specific key or for all keys in use.