MULE- Pretty Good Privacy

Facebooktwittergoogle_plusredditpinterestlinkedinmail

MULE-ESB is integration framework which is developed in java platform. It allows the applications to connect easily and allows to deploy it on-premises OR Cloud. It allows to communicate different applications and external applications can be anything from application servers or standalone applications with in your enterprise or across the internet.

Open source: Mule-ESB with community Edition

Commercial: Mule-ESB with Enterprise Edition

PGP (Pretty Good Privacy):

PGP is a mechanism used to encrypt and decrypt the data which provides the privacy and authentication for data communication.

PGP is hybrid cryptosystem.

Encryption:

  1. PGP first compress the data
  2. Creates the session key and using these key data will be encrypted
  3. Generated sessions key will be used to encrypt the public key of recipient’s key and it will be transmitted with ciphertext to the recipient.

Decryption:

As part of the decryption –

  1. Receiver uses private key to recover the temporary session key from the copy.
  2. PGP is responsible to decrypt the conventionally-encrypted ciphertext.

Overview:

As part of MULE ESB, we can encrypt the message payload or part of a payload using PGP technique.

Public key to distribute to those who will use it to encrypt and send messages to you

Private Key to decrypt the messages you receive which were encrypted using the public key

Generate PGP Keys:

You can use a tool such as GPG Keychain Access to create a new set of keys in the application (see screenshot below) or from the command line

Note: As part of these article, I’m not explaining key’s generation, article talks about mule flow for encryption and decryption.

Configuration:

To encrypt or decrypt the message we need to configure some important elements in Mule Flow. This extension adds PGP security on endpoint communication. With PGP you can achieve end-to-end security communication with signed and encrypted.

Security Manager: Security Manager is sole responsible for holding  key rings and the encryption strategy to be used. This allows for the encryption of all messages using the same key or to facilitate the use of different key rings.

Key Manager:  which is responsible for reading the key rings.

Credential accessor:  This bean will  find the key ring and key manager to be used to encrypt/decrypt the message being processed.

<pgp:security-manager>

    <pgp:security-provider name=“pgpSecurityProvider” keyManager-ref=“pgpKeyManager”/>

        <pgp:keybased-encryption-strategy

        name=“pgpEncryptionStrategy”

        keyManager-ref=“pgpKeyManager”

        credentialsAccessor-ref=“credentialAccessor”/>

</pgp:security-manager>

<spring:beans>

    <spring:bean id=“pgpKeyManager” class=“org.mule.module.pgp.PGPKeyRingImpl” init-method=“initialise”>                  

        <spring:property name=“publicKeyRingFileName” value=“pubring.gpg”/>

        <spring:property name=“secretKeyRingFileName” value=“secring.gpg”/>

        <spring:property name=“secretAliasId” value=“${pgp.secretAliasId}”/>

            <spring:property name=“secretPassphrase” value=“${pgp.secretPassphrase}”/>

    </spring:bean>

    <spring:bean id=“credentialAccessor” class=“com.pgp.AppCredentialAccessor”>

            <spring:property name=“credentials” value=“${pgp.principal}”/>

        </spring:bean>  

</spring:beans>

Security-Provider: Security provider for PGP related functionality

keybased-encryption-strategy: The key-based PGP encryption strategy to use.

keyManager-ref: Reference to the key manager to use.

credentialsAccessor-ref: Reference to the credentials accessor to use.

Here ‘pgpKyeManager’ bean is responsible for reading the keys (pubring , secring )

Credential Accessor:

Credential accessor is a class which determines your key id. For instance the following class (used in the example) returns always the same fixed string thus all the messages will be encrypted/decrypted using the same key id.

 

 

public class AppCredentialAccessor implements CredentialsAccessor{

           private String credentials = "pgp test (pgp) <pgptest@mulesoft.com>";

              public AppCredentialAccessor()

              {

              }

              public AppCredentialAccessor(String string)

             {

                  this.credentials = string;

              }

              public String getCredentials()

              {

                  return credentials;

              }

              public void setCredentials(String credentials)

              {

                  this.credentials = credentials;

              }

              public Object getCredentials(MuleEvent event)

              {

                  return this.credentials;

              }

              public void setCredentials(MuleEvent event, Object credentials)

              {

                  // dummy

              }

}

Mule Flow for Encryption:

<flow name=”EncryptFilesFlow”>

    <file:inbound-endpoint connector-ref=”InputFile”

        path=”<<Input Folder  location>>” moveToDirectory=”<<TempLocation>>”

        moveToPattern=”#[header:originalFilename].backup” transformer-refs=”file2Bytes” />

    <encrypt-transformer name=”pgpEncrypt”

        strategy-ref=”pgpEncryptionStrategy” />

    <file:outbound-endpoint connector-ref=”output”

        path=”<<OutPutLocation>>” outputPattern=”#[function:datestamp]-#[header:originalFilename]” />

</flow>

Mule Flow for Decryption:

 

<flow name=”DecryptFilesFlow “>

    <file:inbound-endpoint connector-ref=”InputFile”

        path=”<<InputFileLocation>>” moveToDirectory=”<<InputFileLocationforBackup>>” “

        moveToPattern=”#[header:originalFilename].backup” transformer-refs=”file2Bytes” />

    <decrypt-transformer name=”pgpDecrypt”

        strategy-ref=”pgpEncryptionStrategy” />

    <file:outbound-endpoint connector-ref=”output”

        path=”<<OutPutLocation>>” outputPattern=”#[function:datestamp]-#[header:originalFilename]” />

</flow>

One of the best approach to send the data with the encryption and the best is : Available as part of MULE-ESB community edition.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>