JCE Cryptography

Author: Preetam Deshmukh

Cryptography 

  • Cryptography is a technique of securing information and communications over a network.
  • The cryptography module provides cryptographic capabilities to a Mule application. Its main features include:
    • Symmetric encryption and decryption of messages.
    • Asymmetric encryption and decryption of messages.
    • Message signing and signature validation of signed messages.
  • This module supports three different strategies to encrypt and sign your messages:
    • PGP: Signature/encryption using PGP.
    • JCE: For using a wider range of cryptography capabilities as provided by the Java Cryptography Extension.
    • XML: For signing or encrypting XML documents or elements.

This blog will describe JCE cryptography in detail.

JCE Cryptography

  • The Java Cryptography Extension (JCE) is an officially released Standard Extension to the Java Platform and part of Java Cryptography Architecture (JCA).
  • JCE provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms.
  • The JCE strategy enables you to use the wider range of cryptography capabilities provided by the Java Cryptography Extension.
  • You can use cryptographic capabilities in two ways:
  • Password-based encryption (PBE):
    This method enables you to encrypt and sign content by providing only an encryption password.
  • Key-based encryption:
    Similar to how PGP and XML encryption works, this method enables you to configure a symmetric or asymmetric key to perform encryption and signing operations.
  • We can encrypt all, or part of a message using any of these two methods

PBE

  • This method applies a hash function over the provided password to generate a symmetric key that is compatible with standard encryption algorithms.
  • Because PBE only requires a password, a global configuration element is not needed for the PBE operations.

Installing Cryptography extension in Anypoint Studio

  • Open your Mule project in Anypoint Studio.
  • Go to the Mule Palette.
  • Select Search in Exchange, and search for the Cryptography Module.
  • Add the extension.
  • You can now search in the mule Palette for operations of the Cryptography module.

Configure Password-Based Encryption from Anypoint Studio

To configure PBE from Anypoint Studio, follow these steps:

  • From the Mule palette, add Crypto to your project.
  • Select the desired operation, and drag the component to the flow:
  • In the component view, configure the Algorithm and Password properties:

PBE Operations Supported 

  • Jce encrypt pbe – Encrypt a stream using Jce, with a password.
  • Jce decrypt pbe – Decrypt a stream using Jce, with a password.
  • Jce sign pbe – Sign a stream using Jce, with a key.
  • Jce validate pbe – Validate a stream against a signature using a key.

Demo

Converting encrypted payload to base 64.

Encrypt

Decrypt

Sign

Validate

Results

Input:

{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Output:

INFO  2021-04-30 15:36:26,008 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/2; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE ENCRYPTED DATA :gf88h2mSCNvNOdaSnzNbLeBvz2ta8EccOXgR2AQYMtTv8zVYR2wGTYhDy7gOzhz3jMZM1kb6r4dpSMV9VxYluNJ6u999iM2lVit3ohnfe5A=

INFO  2021-04-30 15:36:26,036 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/5; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE DECRYPTED DATA : {

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

INFO  2021-04-30 15:36:26,054 [[MuleRuntime].uber.06: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/7; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE SIGNED DATA :8o6xPCDgBTpBnQvE2qZoLC9L28DroxsQubKa/lSQmT4=

INFO  2021-04-30 15:36:26,070 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/9; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE VALIDATED DATA :{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

KBE 

  • We can use symmetric or asymmetric keys for encryption and decryption.
  • To use Jce encrypt and decrypt operations, we need a keystore.
  • Below command will generate a symmetric jceks type keystore using Blowfish algorithm:
  • keytool.exe -genseckey -alias encKey -keyalg Blowfish -keystore C:\Certificates\encKeystore.jceks -keysize 128 -storeType jceks
  • Copy the keystore file under src/main/resources.

KBE Operations Supported:

  • Jce encrypt – Encrypt a stream using Jce, with a key.
  • Jce decrypt – Decrypt a stream using Jce, with a key.
  • Jce sign – Sign a stream using Jce, with a key.
  • Jce validate – Validate a stream against a signature using a key.

Demo

Encrypt

Decrypt

Sign

Validate

KBE Configuration

Results

Input:

{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Output:

INFO  2021-04-30 15:59:29,156 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/2; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE ENCRYPTED  DATA :PYVTOjWo3citi2WNAiP0QWxIYeHmNWXwh7Mcahvz1xnVjxp8H90VHb+L3loGdx9i5Pd2cpFSQyQjT8Lj2t6pUeteS3ZHUUwTvV8pGPzTtKY=

INFO  2021-04-30 15:59:29,163 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/5; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE DECRYPT DATA :{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

INFO  2021-04-30 15:59:29,169 [[MuleRuntime].uber.06: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/7; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE SIGNED DATA : 2jBM91/xGRPGjZMWzmrTtG5uRB2iXy3cggFJH++++b8=

INFO  2021-04-30 15:59:29,175 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/9; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: Validated {

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Note:- Algorithms used for encryption and decryption should be the same.

Recent Posts
Categories
Facebook
Twitter
LinkedIn

Stay connected with Apisero

Company
About
Recognition
Locations
Our customers
Solutions
MuleSoft
Salesforce
Insights
Success stories
Webinars
News + Events
Blog
Careers
Open positions
Why Apisero?
Contact
Contact us
+1 (480) 527-0975
info@apisero.com
Privacy Policy
Terms of Service
Cookie Policy
Facebook Twitter Youtube Instagram Linkedin

We use cookies on this site to enhance your user experience. For a complete overview of how we use cookies, please see our privacy policy.

Accept