This destination is a CSV (comma-separated values) flat file.

Adding a Destination #

  1. In the main window of the Designer, navigate to Server > Manage Destinations. The window “Manage Destinations” opens.
  2. Click [Add] to create a new destination. The window “Destination Details” opens.
  3. Enter a Name for the destination.
  4. Select the destination Type from the drop-down menu.

Destination Details #


File output path
Enter the directory to save the destination flat files in. If the entered folder does not exist, a new folder is created.

Note: To write flat files to a network drive, you need to:
- Enter the File output path in UNC format e.g., \\Server2\Share\Test\.
- Run the Xtract Universal service by a user with write permission to the directory.

CSV Settings #

Column seperator
Defines how two columns in CSV are separated.

Row separator
Defines how two rows in CSV are separated.

Quote symbol
Defines which character is used to encase field data. A sequence of characters may be used as “Quote symbol”. Quotation is applied in the following scenarios:

  • The Column separator is part of the field data.
  • The Quote symbol is part of the field data.
  • The Row separator is part of the field data.
  • The Escape character is part of the field data.

Escape character
When Escape character is part of the field data, the respective field containing this character is encased by the “Quote symbol”. The default escape character is the backslash ‘\’. The field may remain empty.

Column names in first row
Defines if the first row contains the column names. This option is set per default.

Row separator after last row
Defines if the last row contains a row separator. This option is set per default.

Convert / Encoding #

Decimal separator
Defines the decimal separator of decimal number for the output. Dot (.) is the default value.

Date format
Defines a customized date format (e.g. YYYY-MM-DD or MM/DD/YYYY) for converting valid SAP dates (YYYYMMDD). Default is YYYY-MM-DD.

Time format
Defines a customized time format (e.g. HH-MM-SS or HH:MM:SS) for converting valid SAP times (HHMMSS). Default is HH:MM:SS.

Text Encoding
Defines the text encoding.

Column encryption #

The “Column Encryption” feature enables users to encrypt columns in the extracted data set before uploading them to the destination. By encrypting the columns you can ensure the safety of sensitive information. You can store data in its encrypted form or decrypt it right away.

The feature also supports random access, meaning that the data is decryptable at any starting point. Because random access has a significant overhead, it is not recommended to use column encryption for encrypting the whole data set.

How to proceed

Note: The user must provide an RSA public key.

  1. Select the columns to encrypt under Extraction settings > General settings > Encryption. XU_Column_Encryption_01

  2. Make sure the Enable column level encryption checkbox is activated under Extraction settings > General settings > Misc.. XU_Column_Encryption_02

  3. Click […] in Destination Details > Column Encryption to import the public key as an .xml file.

  4. Run the extraction.

  5. Wait for XtractUniversal to upload the encrypted data and the “metadata.json” file to the destination.

  6. Manually or automatically trigger your decryption routine.


The decryption depends on the destination environment. Implementation samples for Azure Storage, AWS S3 and local flat file CSV environments are provided at GitHub. Included are the cryptographic aspect, which is open source and also the interface to read the CSV data and “metadata.json” which is not open source.

Technical Information

The encryption is implemented as a hybrid cryptosystem. This means that a randomized AES session key is created when starting the extraction. The data is then encrypted via the AES-GCM algorithm with the session key.
The implementation uses the recommended length of 96 bits for the IV. To guarantee random access, each cell gets its own IV/nonce and Message Authentication Code (MAC). The MAC is the authenticity token in GCM providing a signature for the data. In the resulting encrypted data set, the encrypted cells are assembled like this:


The IV is encoded as 7-Bit integer. The session key is then encrypted with the RSA public key provided by the user. This encrypted session key is uploaded to the destination as a “metadata.json” file, including a list of the encrypted columns and formatting information of the destination.