Encrypt string in ABAP and decrypt in JavaScript

Question

I have an ABAP class which encodes a string as qr code and sends this code as email. At a later point, the code will be decoded by a SAPUI5 app based on JavaScript.

I don't want that everyone can decode the string behind that qr code with some basic barcode scanner app. That's why I'm looking for some ideas for encrypting the string in ABAP and decrypting it with JavaScript. Maybe also with a simple algorithm? It's just that the string should not give usable information to someone who decodes the qr code by himself.

Thank you for your hints and ideas!

hint: relying solely on security by obscurity is usually a bad idea. Someone who understands that QR-Codes can be decoded might also be able to recognize base64-encoded text when he sees it. It depends a bit on what exactly you're trying to hide, but if it is remotely relevant, you're not really adding reliable security. — Dirk Trilsbeek, Jun 08 '18 at 10:34

score 2 · Answer 1 · answered Aug 05 '19 at 22:08

There is the class in ABAP cl_hard_wired_encryptor that does exactly what you want. It uses base64 encryption so will be easily decryptable in JS.

Here is the sample code:

DATA: input_string  TYPE string VALUE `This is the house that Jack built`.

TRY.
    DATA(encrypted_string) = NEW cl_hard_wired_encryptor( )->encrypt_string2string( the_string = input_string ).
  CATCH cx_encrypt_error.
ENDTRY.

IF sy-subrc EQ 0.
  cl_demo_output=>begin_section( `Initial` ).
  cl_demo_output=>write_text( input_string ).
  cl_demo_output=>begin_section( `Encrypted` ).
  cl_demo_output=>write_text( encrypted_string ).
ELSE.
  cl_demo_output=>display( 'Error while encryption' ).
ENDIF.

TRY.
    DATA(reverted_string) = NEW cl_hard_wired_encryptor( )->decrypt_string2string( the_string = encrypted_string ).
  CATCH cx_encrypt_error.
ENDTRY.

IF sy-subrc EQ 0.
  cl_demo_output=>begin_section( `Decrypted` ).
  cl_demo_output=>write_text( reverted_string ).
  cl_demo_output=>display( ).
ELSE.
  cl_demo_output=>display( 'Error while decryption' ).
ENDIF.

FWIW using a very common encoding such as base64 is not quite encryption, not even obfuscation. The ABAP class has a strange name. — Jonas Wilms, Aug 23 '21 at 21:53

score 0 · Answer 2 · answered Jun 20 '18 at 21:13

0

ABAP has SSF_KRN_ENVELOPE function for encrypting data with RSA using certificate. You can use it, I think there is js library for decrypt it. But the data is huge because of enveloping standart.

I prefer using https://github.com/Sumu-Ning/AES library, you can encrypt with more small data as a result and not need to use certificate just keys.

answered Jun 20 '18 at 21:13

mkysoft

5,392
1
21
30

Why do you suggest RSA when the question shows no need for asymmetric encryption. Typically data is encrypted with AES since it is fast, secure and has no data size limitation. – zaph Jun 20 '18 at 22:16
I try to give more option to user. One of them OOTB function, other one custom. More options not bad I think. – mkysoft Jun 20 '18 at 22:27

Encrypt string in ABAP and decrypt in JavaScript

2 Answers2

Linked