cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encrypt and Decrypt Data in SAPui5 which is hosted in BTP and also data in SAP On-Premise system

durgaprasanth_vemula
Participant

on ‎11-21-2023 9:47 AM

0 Kudos

Hi,

I have a requirement where I Have a SAPui5 application which is hosted in BTP and consuming the Data in On-Premise SAP system through ODATA.

we want our application request for sending the data to SAP On-Premise should be encrypted in client side(SAPUi5) and same decrypt in the SAP On-Premise System(ABAP).

Thanks

Durga Prasanth

Show replies
Show replies
gregorw
Active Contributor
‎11-23-2023 4:04 PM
0 Kudos

As an SAPUI5 Application is running it's code in the browser also the encryption code. So to make it secure the Encryption Key would need to be provided from the user. But how would you like to manage the key then in the ABAP Backend? Can you provide more information why the by default connection security isn't enough here?

durgaprasanth_vemula
Participant
‎11-29-2023 10:58 AM
0 Kudos

gregor.wolf : There are Networkcall of ODATA in sapui5 application where we can see the data which is going to SAP On-premise system and that data we want should be encrypted.Is there any standard approach is there where i can encrypt the data in sapui5 and send this to ODATA and from On-Premise system we can decrypt the data.

Thanks

Durga Prasanth

gregorw
Active Contributor
‎11-29-2023 12:31 PM
0 Kudos

You mean the data that you can see in the browser development tools network tab and in the SAP On Premise System in the Gateway Trace? This data will be encrypted using TLS (Transport Layer Security) if you see https and the padlock in your browser URL.

durgaprasanth_vemula
Participant
‎12-01-2023 7:13 AM
0 Kudos

gregor.wolf

Please find the below screen shot where i can see the data that should be encrypted as you are asking to implement TLS (Transport Layer Security) in BTP as my Application is hosted in BTP.

Could you please help me any blogs or any documents are there how to implement TLS (Transport Layer Security

Answer
View Entire Topic
gregorw
Active Contributor
‎12-01-2023 7:45 AM
0 Kudos

If you're using SAP BTP it's using TLS by default as all connections use HTTPS. In the On Premise ABAP System the SAP Basis Team has to configure HTTPS for the Applicaiton Servers.

Show replies
Show replies
durgaprasanth_vemula
Participant
‎12-04-2023 11:35 AM
0 Kudos

gregorw :

Hi Gregor,

I found one SAP Note 2821444 - TLS/SSL version requirements for SAP BTP and ABAP Platform integration scenarios and this SAP Note need to be implemented by BASIS team to configure HTTPS for the Applicaiton Servers.

Thanks

Durga Prasanth

durgaprasanth_vemula
Participant
‎12-06-2023 10:47 AM
0 Kudos

@ gregorw gregor.wolf :

My requirement is to mask the sensitive data which is showing in Network tab as per the below screen shot which is highlighted in yellow color and is there any standard approach to mask this data it means I will encrypt it Application which is hosted in BTP and In On-Premise system I need to decrypt and save the data to SAP data base tables

akuller_q
Participant
‎12-06-2023 11:42 AM
0 Kudos

Hi,


The traffic is encrypted if you use an HTTPS connection. You can see this when you look at the address in the request. The browser can decrypt the data, which is why the data is displayed in plain text. However, if you go one step further, e.g. look at the packets in the router, you will only see useless character strings. You can also check this on your own computer, e.g. with Wireshark, Fiddler, ... but not in the browser. It would be pointless to additionally encrypt the information at this point because the client can read it in plain text anyway.

Please search the Internet for HTTPS, TLS to understand this in more detail.

durgaprasanth_vemula
Participant
‎12-13-2023 8:22 AM
0 Kudos

a.kuller

There is Audit happening for my application which is hosted in BTP that the sensitive data should be encrypted because it showing in Network call. so that is reason I am looking for any standard solution.

Thanks

Durga Prasanth

gregorw
Active Contributor
‎12-13-2023 8:38 AM
0 Kudos

If your Auditor does not understand that the data that you see in the Network Tab of the Browser Devtools is the data before getting encrypted by the browser using TLS then you might need to switch the Auditor. If they want to verify that the data is encrypted they can trace the network traffic with https://www.wireshark.org/

Ask a Question