ABAP String Encryption: AES, Base64, SSF Methods in SAP

SAP ABAP provides multiple ways to encrypt strings, depending on your security needs and ABAP version.

1. Using `CL_SEC_SXML_WRITER` (Base64 Encoding)

Base64 is not encryption but can be used to obfuscate data.

DATA: lv_string TYPE string VALUE 'Hello ABAP',
      lv_encrypted TYPE string.

CALL METHOD CL_SEC_SXML_WRITER=>BASE64_ENCODE
  EXPORTING
    raw = lv_string
  IMPORTING
    encoded = lv_encrypted.

WRITE: 'Base64 Encrypted:', lv_encrypted.
" Output: SGVsbG8gQUJBUA==

Use case: Obfuscating data (not secure encryption).

2. Using `CL_HARD_WIRED_ENCRYPTOR` (AES-256 Encryption)

SAP provides AES encryption via CL_HARD_WIRED_ENCRYPTOR.

DATA: lo_encryptor TYPE REF TO cl_hard_wired_encryptor,
      lv_key       TYPE string VALUE '1234567890123456', " 16-char key
      lv_string    TYPE string VALUE 'Hello ABAP',
      lv_encrypted TYPE string.

lo_encryptor = cl_hard_wired_encryptor=>get_instance( ).
lv_encrypted = lo_encryptor->encrypt_string( iv_key = lv_key iv_text = lv_string ).

WRITE: 'AES Encrypted:', lv_encrypted.

Key should be 16, 24, or 32 characters (AES-128, AES-192, AES-256).
Use case: Secure encryption (available in newer SAP versions).

3. Using `CL_SEC_SXML_WRITER` with AES

For secure encryption, use CL_SEC_SXML_WRITER=>ENCRYPT (if available).

DATA: lv_key TYPE string VALUE 'MySecretKey123456',
      lv_string TYPE string VALUE 'Hello ABAP',
      lv_encrypted TYPE xstring.

CALL METHOD CL_SEC_SXML_WRITER=>ENCRYPT
  EXPORTING
    key     = lv_key
    raw     = lv_string
  IMPORTING
    encoded = lv_encrypted.

WRITE: 'AES Encrypted XSTRING:', lv_encrypted.

Converts the string into an encrypted XSTRING.

4. Using SAP Secure Store & Forward (SSF)

For SAP standard encryption, use SSF functions:

DATA: lv_string TYPE string VALUE 'Hello ABAP',
      lv_encrypted TYPE string.

CALL FUNCTION 'SSF_KRN_ENCRYPT'
  EXPORTING
    data       = lv_string
  IMPORTING
    encrypted  = lv_encrypted.

WRITE: 'SSF Encrypted:', lv_encrypted.

Requires SSF configuration.

Which Method Should You Use?

Method	Security Level	Use Case
Base64 Encoding	Low	Obfuscation, simple encoding
`CL_HARD_WIRED_ENCRYPTOR` (AES)	High	Secure encryption (AES-256)
`CL_SEC_SXML_WRITER` (AES)	High	Secure encryption for XML processing
`SSF_KRN_ENCRYPT` (SAP SSF)	Very High	Secure encryption with SSF configuration

1. Using CL_SEC_SXML_WRITER (Base64 Encoding)

2. Using CL_HARD_WIRED_ENCRYPTOR (AES-256 Encryption)

3. Using CL_SEC_SXML_WRITER with AES

4. Using SAP Secure Store & Forward (SSF)

Which Method Should You Use?

1. Using `CL_SEC_SXML_WRITER` (Base64 Encoding)

2. Using `CL_HARD_WIRED_ENCRYPTOR` (AES-256 Encryption)

3. Using `CL_SEC_SXML_WRITER` with AES