PGP (Pretty Good Privacy) encryption is used to encrypting, signing and decrypting the data like emails, text, files, directories and whole disk partitions and it also increases the security of emails communication. Public and Private key plays vital role in PGP to encrypt and decrypt the data. Generally public key is used to encrypt the data and it is always shared with end users. Private Key is used to decrypt the data and it never shares with anyone.
For example, Alice will used public key to encrypt the data and send to Bob. Now, Bob will decrypt the data using private key.
Mule ESB added PGP Encryption and Decryption as a part of Enterprise security. Let’s walkthrough how to implement PGP with Mule ESB.
Generate Private and Public Key
There are many tools available to generate PGP private and public key. In this article we will see Kleopatra to generate private and public key. Go to File < New Certificate < Create a personal OpenPGP key pair
Provide Name and Email as it is mandatory fields. Click Next and Create Key. Provide Passphrase and don’t forget the passphrase. Finally clicked on Finish.
It will generate public key and private key.
Exporting Public Key
Right click on the certificate and Export Certificates. Save the public key in .gpg format to some folder location on your disk.
Exporting Secret(Private) Key
Right click on the certificate and Export Secret Keys. Save the private or secret key in .gpg format to some folder location on your disk.
Implementing PGP With Mule ESB
Place the File Connector in message source region and configure it.
Drag and Drop encryption component in message processor region. Encryption is part of enterprise security. So download and install enterprise security in your Anypoint studio. Configure the Encryption component. First click on plus sign to do connector configuration. Under general tab, select default Encrypter as PGP_Encrypter.
Now go to PGP Encrypter tab and select radio button define attributes. Provide Public Key Ring File Name (public key path), Secret Key Ring File Name (private key path), Passphrase that you have provided while generating certificate, Principal is nothing it is combination of your name and email you have provided while generating certificate (e.g jdsja <email@example.com>) and Secret Alias Id is bit tricky as it is not provided while generating certificate, so provide some dummy value. Whenever you will deploy application, it will failed and you can see available Secret Alias Id in error logs. So configure correct Secret Alias Id and deploy it again.
Make sure you have copied your private key and public key in your application folder src/main/resources.
Select Operation as Encrypt and Encrypter as PGP_Encrypter.
For decrypting the data, you have to similar configuration and jus change operation to Decrypt.