top of page
lp.jpeg

Blog

Tags:

Cryptography Module Mule 4 - Part 1 (PGP Encryption/Decryption)

GitHub repository with the Mule project can be found at the end of the post.



Mule 4 has a Cryptography module which includes these 3 different strategies:

  • PGP

  • XML

  • JCE

In this article, we will see the PGP technique.




PGP


Pretty Good Privacy (PGP) is a cryptographic way that allows secure communication between two entities. It uses the public and private key concepts to encrypt the data as shown in the below diagram.




Prerequisites


1. Install the Crypto Module from Exchange, located in the Mule palette.


Note: Here is the reference documentation on how to install new modules to your Mule Project: Adding Modules to Your Project.



2. Create private and public keys


Please follow the below steps to generate a public/private key pair:

  • Download and install the GnuPG from this link.

  • Install Kleopatra to use a Graphical User Interface (GUI).

  • To generate the keys, click on “New Key Pair” and follow the instructions on the screen.

  • Once the keys are generated, export them to the file system.

  • The generated files are of ASC format, which is not supported by Mule yet, so we need to dearmor the keys first. Run the following command: "./gpg --dearmor <PATH_TO_YOUR_ASC_FILE>" for each of the keys. This command will create new files alongside the ASC files that will have .gpg appended to their filename which are supported in Mule.


This is what you will get after following the previous steps:

  1. Public/Private keys

  2. Fingerprint

  3. Passphrase

  4. KeyId



Mule Code Implementation


We will limit our scope to PGP encrypt/decrypt operation in this article.



Global configurations


Create 2 global configurations:

  • Encryption – Configure public key, keyId, and fingerprint.

  • Decryption – Configure private key, keyId, and fingerprint.


**For projects: you should have these 2 configurations in different projects and all fields should be read from property files. The passphrase should be treated as a secure pr