PGP Crypto Connector Mule4

PGP stands for "Pretty Good Privacy," and it's a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. PGP has found applications beyond just email encryption, including secure file sharing, secure messaging platforms, and more. It is especially valuable for situations where strong data privacy and security are essential.

PGP combines data compression and data encryption to secure messages. The compression reduces message transmission time between origin and destination. There are two scenarios that this post addresses:

• Public key is used to encrypt data and shared with end-users.
• Private key is used to decrypt the encrypted data.

1. Download the tool Kleopatra which is used to create the private and public keys

• Windows: https://www.gpg4win.org/download.html
• Linux: https://kde.org/applications/en/utilities/org.kde.kleopatraOpen Kleopatra on your system and Click the "New Key Pair" this is used to generate new key pairs

1. Provide Name, Email then fill the box protect the generated key with a passphrase( so that you can secure the key pairs with the pass phrase )
2. Go to the Advanced Settings make sure that the Key material is RSA

Key material is RSA(RSA, which stands for Rivest–Shamir–Adleman, is a widely used public-key cryptosystem and encryption algorithm. RSA is based on the mathematical properties of large prime numbers. It's used for secure data transmission, digital signatures, and other cryptographic applications.)

1. Click OK.

1. Create the Passphrase to protect your new key pairs(public key and private key)

Now we can see the key pair with the given Name and E-mail.

1. Right click on the certificate we can see the 'Export' which exports the Public key in the preferred location

1. Right click on the certificate we can see the 'Backup Secret Keys' which exports the Private key in the preferred location

1. Enter the Passphrase to export the Private key

1. Right click on the certificate we can see the 'Details' which contains the Fingerprint

Let's integrate the Mule and PGP(Pretty Good Privacy)

Create a New Mule project -> Go to Search in exchange-> Search Cryptography Module -> Add to Mule palette.

PGP Crypto Module Configuration:

1. Public keyring: Public keyring file, create a file in src/main/resources named as public key (public key.gpg)
2. Private keyring: Private keyring file, create a file in src/main/resources named as public key (private key.gpg)
3. Add PGP asymmetric key info 1. Key id: name of the key id

2. Fingerprint: Fingerprint of the keypair

3.Passphrase: passphrase used to protect the key pairs.

Drag and drop the PGP encrypt

PGP encrypt:

In the PGP encrypt, the input payload is encrypted by using the Public key.

The input payload is #[%dw 2.0

output application/json

---

{"name": "xxx","password": "12345"}]

PGP encrypt-General:

1. content: content of the payload
2. Algorithm: the symmetric algorithm use for the encryption. AES_256 is default.
3. File name: the internal file name to use in the PGP header
4. Disable mdc: MDC(Modification Detection Code) will not be used during encryption
5. Key id: As defined in the PGP asymmetric key info

Let's start the flow

the input payload gets encrypted.

PGP decrypt:

PGP decrypt, decrypts the encrypted data by using the private key

VM Queue publishes the encrypted payload to decryption flow where the

PGP decrypt component decrypts the encrypted payload.

VM Queue- configuration:

Go to the VM Queue Configuration -> Queues -> Add Queue

1. Queue name: Name of the queue
2. Queue type: Transient(Temporary) is default, Persistent(Permanent)

VM Queue config - General:

1. content: Content of the payload.
2. Queue name: Name of the Queue defined in the Queue configuration.
3. Timeout: How long to wait in Queue to complete and operation (either consuming and publishing) before failing with a timeout error.
4. Timeout unit: Unit of the timeout

PGP decrypt-General:

1. content: content of the payload
2. File name: the internal file name to use in the PGP header, File name is stream.

Let's start the flow

Now we can see that PGP decrypt component, decrypts the encrypted payload and the decrypted payload is shown in console.

Calculate checksum:

The checksum is a network method to check for any error or damage to the data transmitted to the sender side from the sender side. The checksum method applies the bit addition and bit complement method to perform the checksum implementation.

checksums are useful for error detection and basic integrity verification, they are not a replacement for more robust security measures like encryption.

Checksum algorithms like MD5 and SHA-1, which were commonly used in the past, are now considered weak due to vulnerabilities that allow attackers to generate collisions. Modern checksum practices involve using stronger hash algorithms like SHA-256 or SHA-3 for better security.

Let's calculate the checksum for the input payload

#[%dw 2.0

output application/json

---

{"name": "xxx","password": "12345"}]

Calculate checksum config - General:

1. content: content of the payload
2. Algorithm: SHA_256 is default

Let's start the flow

Now we can see the checksum for the input payload.

Conclusion:

PGP Encryption adds a security layer that makes sure that the data being transmitted via various channels is secured and can only be accessed by the person with the key that can decrypt the data. Using Mule 4 crypto module, a MuleSoft developer we can achieve different functionalities like PGP encryption-decryption, JCE encryption, calculating checksum and more.