Author: Prathamesh P. Kulkarni
What is PGP?
PGP (Pretty Good Privacy) encryption is used for encrypting, signing, and decrypting data like emails, text, files, directories, and whole disk partitions. It also increases the security of email communication and can be used to authenticate digital certificates. Public and private keys play a vital role in PGP to encrypt and decrypt the data. Generally, a public key is used to encrypt the data and it is always shared with end-users. The private key is used to decrypt the data and it is never shared with anyone.
How to create Public key and Private Key.
We create keys with the use of tools Kleopatra and Git Bash. Here we are going to use Kleopatra.
Kleopatra is freely available and you can download it from the below URL https://www.gpg4win.org/download.html
Now, let us see how to create key in Kleopatra,
To create a new you need to go to File. Click on the new key pair, one message will pop up saying which format you want to use. As this is for my personal use I will go with Personal OpenPGP key pair
Once you click on next, it will ask you for Name and Email after that click on create,
After that it will ask you to create a Passphrase.
Passphrase is a password which is used while creating a secret key and also for decrypting message.
Save fingerprint somewhere as we will need this in mule and click on the finish button.
You will be able to see your key in Kleopatra.
Now, right-click on the name and click export, this will be your public key which you will be using for encryption.
Save it with gpg extension.
Similarly save the secret key but for that you need to enter the passphrase which you created earlier.
Now we have both public key and private key. Lets us proceed with the demonstration.
How to Encrypt payload in Mule
Open the Anypoint Studio, Create a project and get the module Crypto in the mule Palette, if it is not available then add it from exchange.
I have created a simple flow here where I am encrypting the message and writing it in a file for the demo purpose.
The configuration for the pgp encryption is shown in the below screenshot.
Here I am using the BLOWFISH algorithm. You can use default also.
You need to give the keyid, you can give any name to keyid. Here I am using test and the filename I have given as a stream.
In the public keyring, you need to specify the path of the public key which you exported. As this key is present in my main/src/resources so I have given the above path.
I have kept a private keyring as I am not decrypting the message here also I have given the same keyid name which I gave earlier and the 16 digit fingerprint which I have saved.
Passphrase we don’t need here as I mentioned we are decrypting the message here.
The message I am going to encrypt is in the transform message.
Now I will run this flow.
You can see the message has been encrypted. You can see it in file also.
How to Decrypt payload in Mule
Now I have encrypted the message and now I want to decrypt it.
For that I have created another project and I am posting this encrypted message to requester and decrypting.
And the decryption flow looks like below one
For the decryption you would need the pgp decrypt module that you will get in mule Palette.
The configuration for pgp decrypt is
You can also see I have added a private key here in resources.
File name is stream. I have used the same for the encryption purpose
Here you would need only a private keyring and passphrase as you are going to decrypt the message. Rest all things are the same for key id and fingerprint.
Let us see the demo of this. I will run both projects at the same time.
You can see from the logs that the message is decrypted and we got the original payload.
This is how you can do PGP Encryption and Decryption in mule 4