With version 15.1 and later, SAP Replication Server uses SAP Common Security Infrastructure (CSI) to provide server or client authentication, provide key-pair generation to support extended password encryption, and provide cryptography for encryption and decryption of passwords that are transmitted in the network between SAP Replication Servers, and between SAP Replication Server and the primary and replicate data servers.
Extended password encryption uses asymmetric key encryption, which allows Open Client applications with connection property CS_SEC_EXTENDED_ENCRYPTION enabled to connect to the SAP Replication Server. It also allows SAP Replication Server to enable CS_SEC_EXTENDED_ENCRYPTION when connecting to other servers.
Asymmetric key encryption uses a public key to encrypt the password and a private key to decrypt the password. The private key is not shared across the network, and is therefore secure.