Introduction
Mule ESB is an integration framework developed on the Java platform. It allows applications to connect easily and allows you to deploy on-premises or in the cloud. It also allows you to communicate with different applications, internal and external ; these applications can be anything from application servers to standalone applications within your enterprise or across the internet.
PGP (Pretty Good Privacy)
PGP is a mechanism used to encrypt and decrypt data, providing privacy and authentication for data communication.
PGP is hybrid cryptosystem.
Encryption:
- PGP first compresses the data
- It then creates the session key and uses this key data will be encrypted
- The generated session keys will be used to encrypt the public key of recipient’s key and it will be transmitted with ciphertext to the recipient.
Decryption:
- The receiver uses a private key to recover the temporary session key from the copy.
- PGP is responsible for decrypting the conventionally-encrypted ciphertext.
As part of Mule ESB, we can encrypt the message payload or part of a payload using the PGP technique.
Use a public key to distribute to those who will use it to encrypt and send messages to you.
Use a private key to decrypt the messages you receive which were encrypted using the public key.
Background
Basic understanding of MULE and PGP
Using the code
Configuration
To encrypt or decrypt the message we need to configure some important elements in Mule Flow. This extension adds PGP security on endpoint communication. With PGP you can achieve end-to-end security communication with signed and encrypted.
Security Manager: Security Manager is solely responsible for holding key rings and the encryption strategy to be used. This allows for the encryption of all messages using the same key or to facilitate the use of different key rings.
Key Manager: which is responsible for reading the key rings.
Credential accessor: This bean will find the key ring and key manager to be used to encrypt/decrypt the message being processed.
<pgp:security-provider name="pgpSecurityProvider" keyManager-ref="pgpKeyManager"/>
<pgp:keybased-encryption-strategy
name="pgpEncryptionStrategy"
keyManager-ref="pgpKeyManager"
credentialsAccessor-ref="credentialAccessor"/>
</pgp:security-manager>
<spring:beans>
<spring:bean id="pgpKeyManager" class="org.mule.module.pgp.PGPKeyRingImpl" init-method="initialise">
<spring:property name="publicKeyRingFileName" value="pubring.gpg"/>
<spring:property name="secretKeyRingFileName" value="secring.gpg"/>
<spring:property name="secretAliasId" value="${pgp.secretAliasId}"/>
<spring:property name="secretPassphrase" value="${pgp.secretPassphrase}"/>
</spring:bean>
<spring:bean id="credentialAccessor" class="com.pgp.AppCredentialAccessor">
<spring:property name="credentials" value="${pgp.principal}"/>
</spring:bean>
</spring:beans>
public class AppCredentialAccessor implements CredentialsAccessor {
private String credentials = "pgp test (pgp) <pgptest@mulesoft.com>";
public AppCredentialAccessor() {
}
public AppCredentialAccessor(String string) {
this.credentials = string;
}
public String getCredentials() {
return credentials;
}
public void setCredentials(String credentials) {
this.credentials = credentials;
}
public Object getCredentials(MuleEvent event) {
returnthis.credentials;
}
public void setCredentials(MuleEvent event, Object credentials) {
}
}
Security-Provider: Security provider for PGP related functionality
keybased-encryption-strategy: The key-based PGP encryption strategy to use.
keyManager-ref: Reference to the key manager to use.
credentialsAccessor-ref: Reference to the credentials accessor to use.
Here the ‘pgpKeyManager’ bean is responsible for reading the keys (pubring, secring).
Credential Accessor: Credential accessor is a class which determines your key id. For instance the following class (used in the example) always returns the same fixed string, thus all the messages will be encrypted/decrypted using the same key id.
Mule Flow for Encryption:
<flow name="EncryptFilesFlow"><br />
<file:inbound-endpoint connector-ref="InputFile"<br />
path="<<Input Folder location>>" moveToDirectory="<<TempLocation>>"<br />
moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />
<encrypt-transformer name="pgpEncrypt" strategy-ref="pgpEncryptionStrategy" />
<file:outbound-endpoint connector-ref="output"<br />
path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" /><br />
</flow>
Mule Flow for Decryption:
<flow name="DecryptFilesFlow ">
<file:inbound-endpoint connector-ref="InputFile"<br />
path="<<InputFileLocation>>" moveToDirectory="<<InputFileLocationforBackup>>" "<br />
moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />
<decrypt-transformer name="pgpDecrypt"<br />
strategy-ref="pgpEncryptionStrategy" />
<file:outbound-endpoint connector-ref="output"<br />
path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" />
</flow>
Points of Interest
Data transformation made easy and no more coding, its just configuration and makes data is very secure while transformation of data
History
Keep a running update of any changes or improvements you've made here.
Submit an article or tip
