Security, Certificates, Ciphers, and Data Encryption fundamentals

Why do we need ExportPrivateKey.jar utility in SAP ASE?

We have seen a transition in the cryptographic libraries that SAP Adaptive Server Enterprise (SAP ASE) uses for encryption. 

• First, SAP ASE started using OpenSSL libraries instead of Certicom security libraries.
• Since there were securities vulnerabilities (for example, Sweet32) in OpenSSL lib, SAP ASE moved from OpenSSL to SAP CCL (sapcrypto.dll), which is SAP's own proprietary cryptographic library. 

Note that SAP ASE can handle certificates only in PKCS8 format. Since OpenSSL is not being used anymore and Java Keytool also cannot convert a certificate in PKCS8 format, SAP introduced ExportPrivateKey.jar utility that lets you convert a certificate in PKCS8 format so that SAP ASE can process it.

Reference:  Creating a Self-signed Root Certificate

Building blocks of a secured communication

To establish a secured communication between a client and server, various components and security protocols are used. 

In this post, we'll learn about the following:

• Protocols that are used (SSL and TLS, for instance)
• Certificate (SSL certificate, for example)
• Signatures
• Ciphers
• Cipher Suites (strong/weak/FIPS-compliant) and the order in which these cipher suites are negotiated between a server and its client.
• Algorithm and functions (hash function, for example)
• Libraries (Certicom/OpenSSL) and tools to generate certificate. For example, OpenSSL is a library and openssl is the tool to generate SSL certificate.
• Compliance status of the generated certificate (FIPS compliance, for example)