Mule ESB + PGP: Pretty Good Privacy

RajeshKumar D

5.00/5 (1 vote)

22 May 2016CPOL3 min read

11.1K

Configuring PGP Encryption and Decryption part of MULE ESB

Introduction

Mule ESB is an integration framework developed on the Java platform. It allows applications to connect easily and allows you to deploy on-premises or in the cloud. It also allows you to communicate with different applications, internal and external ; these applications can be anything from application servers to standalone applications within your enterprise or across the internet.

PGP (Pretty Good Privacy)

PGP is a mechanism used to encrypt and decrypt data, providing privacy and authentication for data communication.

PGP is hybrid cryptosystem.

Encryption:

PGP first compresses the data
It then creates the session key and uses this key data will be encrypted
The generated session keys will be used to encrypt the public key of recipient’s key and it will be transmitted with ciphertext to the recipient.

Decryption:

The receiver uses a private key to recover the temporary session key from the copy.
PGP is responsible for decrypting the conventionally-encrypted ciphertext.

As part of Mule ESB, we can encrypt the message payload or part of a payload using the PGP technique.

Use a public key to distribute to those who will use it to encrypt and send messages to you.

Use a private key to decrypt the messages you receive which were encrypted using the public key.

Background

Basic understanding of MULE and PGP

Using the code

Configuration

To encrypt or decrypt the message we need to configure some important elements in Mule Flow. This extension adds PGP security on endpoint communication. With PGP you can achieve end-to-end security communication with signed and encrypted.

Security Manager: Security Manager is solely responsible for holding key rings and the encryption strategy to be used. This allows for the encryption of all messages using the same key or to facilitate the use of different key rings.

Key Manager: which is responsible for reading the key rings.

Credential accessor: This bean will find the key ring and key manager to be used to encrypt/decrypt the message being processed.

Java

//
// <pgp:security-manager>
    <pgp:security-provider name="pgpSecurityProvider" keyManager-ref="pgpKeyManager"/>
        <pgp:keybased-encryption-strategy
        name="pgpEncryptionStrategy"
        keyManager-ref="pgpKeyManager"
        credentialsAccessor-ref="credentialAccessor"/>
</pgp:security-manager>

<spring:beans>
    <spring:bean id="pgpKeyManager" class="org.mule.module.pgp.PGPKeyRingImpl" init-method="initialise">                  
        <spring:property name="publicKeyRingFileName" value="pubring.gpg"/>
        <spring:property name="secretKeyRingFileName" value="secring.gpg"/>
        <spring:property name="secretAliasId" value="${pgp.secretAliasId}"/>
            <spring:property name="secretPassphrase" value="${pgp.secretPassphrase}"/>
    </spring:bean>

        <spring:bean id="credentialAccessor" class="com.pgp.AppCredentialAccessor">
            <spring:property name="credentials" value="${pgp.principal}"/>
        </spring:bean>  
</spring:beans>

//Java :
public class AppCredentialAccessor implements CredentialsAccessor {

    private String credentials = "pgp test (pgp) <pgptest@mulesoft.com>";

    public AppCredentialAccessor() {

    }

    public AppCredentialAccessor(String string) {
        this.credentials = string;
    }

    public String getCredentials() {
        return credentials;
    }

    public void setCredentials(String credentials) {
        this.credentials = credentials;
    }

    public Object getCredentials(MuleEvent event) {
        returnthis.credentials;
    }

    public void setCredentials(MuleEvent event, Object credentials) {
        // dummy
    }
}

Security-Provider: Security provider for PGP related functionality

keybased-encryption-strategy: The key-based PGP encryption strategy to use.

keyManager-ref: Reference to the key manager to use.

credentialsAccessor-ref: Reference to the credentials accessor to use.

Here the ‘pgpKeyManager’ bean is responsible for reading the keys (pubring, secring).

Credential Accessor: Credential accessor is a class which determines your key id. For instance the following class (used in the example) always returns the same fixed string, thus all the messages will be encrypted/decrypted using the same key id.

Mule Flow for Encryption:

<flow name="EncryptFilesFlow"><br />
    <file:inbound-endpoint connector-ref="InputFile"<br />
        path="<<Input Folder  location>>" moveToDirectory="<<TempLocation>>"<br />
        moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />

<encrypt-transformer name="pgpEncrypt" strategy-ref="pgpEncryptionStrategy" />

    <file:outbound-endpoint connector-ref="output"<br />
        path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" /><br />
</flow>

Mule Flow for Decryption:

<flow name="DecryptFilesFlow ">

    <file:inbound-endpoint connector-ref="InputFile"<br />
        path="<<InputFileLocation>>" moveToDirectory="<<InputFileLocationforBackup>>" "<br />
        moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />

    <decrypt-transformer name="pgpDecrypt"<br />
        strategy-ref="pgpEncryptionStrategy" />

    <file:outbound-endpoint connector-ref="output"<br />
        path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" />

</flow>

Points of Interest

Data transformation made easy and no more coding, its just configuration and makes data is very secure while transformation of data

History

Keep a running update of any changes or improvements you've made here.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)