Apisero is now part of NTT DATA - Learn more.

Search
Close this search box.

JCE Cryptography

Author: Preetam Deshmukh

Cryptography 

  • Cryptography is a technique of securing information and communications over a network.
  • The cryptography module provides cryptographic capabilities to a Mule application. Its main features include:
    • Symmetric encryption and decryption of messages.
    • Asymmetric encryption and decryption of messages.
    • Message signing and signature validation of signed messages.
  • This module supports three different strategies to encrypt and sign your messages:
    • PGP: Signature/encryption using PGP.
    • JCE: For using a wider range of cryptography capabilities as provided by the Java Cryptography Extension.
    • XML: For signing or encrypting XML documents or elements.

This blog will describe JCE cryptography in detail.

JCE Cryptography

  • The Java Cryptography Extension (JCE) is an officially released Standard Extension to the Java Platform and part of Java Cryptography Architecture (JCA).
  • JCE provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms.
  • The JCE strategy enables you to use the wider range of cryptography capabilities provided by the Java Cryptography Extension.
  • You can use cryptographic capabilities in two ways:
  • Password-based encryption (PBE):
    This method enables you to encrypt and sign content by providing only an encryption password.
  • Key-based encryption:
    Similar to how PGP and XML encryption works, this method enables you to configure a symmetric or asymmetric key to perform encryption and signing operations.
  • We can encrypt all, or part of a message using any of these two methods

PBE

  • This method applies a hash function over the provided password to generate a symmetric key that is compatible with standard encryption algorithms.
  • Because PBE only requires a password, a global configuration element is not needed for the PBE operations.

Installing Cryptography extension in Anypoint Studio

  • Open your Mule project in Anypoint Studio.
  • Go to the Mule Palette.
  • Select Search in Exchange, and search for the Cryptography Module.
  • Add the extension.
  • You can now search in the mule Palette for operations of the Cryptography module.

Configure Password-Based Encryption from Anypoint Studio

To configure PBE from Anypoint Studio, follow these steps:

  • From the Mule palette, add Crypto to your project.
  • Select the desired operation, and drag the component to the flow:
  • In the component view, configure the Algorithm and Password properties:

PBE Operations Supported 

  • Jce encrypt pbe – Encrypt a stream using Jce, with a password.
  • Jce decrypt pbe – Decrypt a stream using Jce, with a password.
  • Jce sign pbe – Sign a stream using Jce, with a key.
  • Jce validate pbe – Validate a stream against a signature using a key.

Demo

Converting encrypted payload to base 64.

Encrypt

Decrypt

Sign

Validate

Results

Input:

{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Output:

INFO  2021-04-30 15:36:26,008 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/2; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE ENCRYPTED DATA :gf88h2mSCNvNOdaSnzNbLeBvz2ta8EccOXgR2AQYMtTv8zVYR2wGTYhDy7gOzhz3jMZM1kb6r4dpSMV9VxYluNJ6u999iM2lVit3ohnfe5A=

INFO  2021-04-30 15:36:26,036 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/5; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE DECRYPTED DATA : {

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

INFO  2021-04-30 15:36:26,054 [[MuleRuntime].uber.06: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/7; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE SIGNED DATA :8o6xPCDgBTpBnQvE2qZoLC9L28DroxsQubKa/lSQmT4=

INFO  2021-04-30 15:36:26,070 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-pbe-demoFlow.CPU_INTENSIVE @58ed0b7b] [processor: crypto-jce-pbe-demoFlow/processors/9; event: b93e6070-a99b-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: PBE VALIDATED DATA :{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

KBE 

  • We can use symmetric or asymmetric keys for encryption and decryption.
  • To use Jce encrypt and decrypt operations, we need a keystore.
  • Below command will generate a symmetric jceks type keystore using Blowfish algorithm:
  • keytool.exe -genseckey -alias encKey -keyalg Blowfish -keystore C:\Certificates\encKeystore.jceks -keysize 128 -storeType jceks
  • Copy the keystore file under src/main/resources.

KBE Operations Supported:

  • Jce encrypt – Encrypt a stream using Jce, with a key.
  • Jce decrypt – Decrypt a stream using Jce, with a key.
  • Jce sign – Sign a stream using Jce, with a key.
  • Jce validate – Validate a stream against a signature using a key.

Demo

Encrypt

Decrypt

Sign

Validate

KBE Configuration

Results

Input:

{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Output:

INFO  2021-04-30 15:59:29,156 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/2; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE ENCRYPTED  DATA :PYVTOjWo3citi2WNAiP0QWxIYeHmNWXwh7Mcahvz1xnVjxp8H90VHb+L3loGdx9i5Pd2cpFSQyQjT8Lj2t6pUeteS3ZHUUwTvV8pGPzTtKY=

INFO  2021-04-30 15:59:29,163 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/5; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE DECRYPT DATA :{

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

INFO  2021-04-30 15:59:29,169 [[MuleRuntime].uber.06: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/7; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: KBE SIGNED DATA : 2jBM91/xGRPGjZMWzmrTtG5uRB2iXy3cggFJH++++b8=

INFO  2021-04-30 15:59:29,175 [[MuleRuntime].uber.07: [crypto-demo].crypto-jce-kbe-demoFlow.CPU_INTENSIVE @189e0dbc] [processor: crypto-jce-kbe-demoFlow/processors/9; event: f1ba08c0-a99e-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: Validated {

“message1”: “Hello !!”,

“message2”: “Welcome to Mulesoft”

}

Note:- Algorithms used for encryption and decryption should be the same.

We use cookies on this site to enhance your user experience. For a complete overview of how we use cookies, please see our privacy policy.