XML Cryptography

Author: Preetam Deshmukh

  • The XML cryptography provides encryption/decryption of  an element within an XML document
  • It consists of elementPath, which is an XPath expression that identifies the element to encrypt.
  • It uses JCE Configuration.
  •  Depending on your needs, you can use a symmetric or asymmetric key for encrypting an XML document.
  • It is used only for XML document encryption of other types not supported.
  • We will need to convert the payload to XML before using XML cryptography with other types like JSON.

Installing Cryptography extension in Anypoint Studio

  • Open your Mule project in Anypoint Studio.
  • Go to the Mule Palette.
  • Select Search in Exchange, and search for the Cryptography Module.
  • Add the extension.
  • You can now search in the mule Palette for operations of the Cryptography module.

XML Encryption Configuration

Operations Supported

  • XML encrypt – Encrypt the XML Document.
  • XML decrypt – Decrypt the XML Document.
  • XML sign – Sign a XML Document.
  • XML validate – Validate a signed XML Document.

Demo

Encrypt

Note:- The highlighted shows the element path. In this example, we are trying to encrypt the m1 tag, not the entire payload. If we need to encrypt, the entire payload keeps the element path blank. Don’t pass anything. It will encrypt the entire XML document.

Decrypt

Sign

Saved the signed message in target variable to validate the signed message in validate operation.

Validate

Results:

Input:

<Message>

<m1>Hello</m1>

<m2>How are you</m2>

</Message>

Output:

INFO  2021-04-30 16:56:26,911 [[MuleRuntime].uber.06: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/1; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: ENCRYPTED DATA: <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>

<m1><xenc:EncryptedData xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#” Type=”http://www.w3.org/2001/04/xmlenc#Content”><xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#aes256-cbc”/><ds:KeyInfo xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>

<xenc:EncryptedKey Recipient=”asymKey”><xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p”><ds:DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1″/></xenc:EncryptionMethod><ds:KeyInfo>

<ds:KeyName>asymKey</ds:KeyName>

</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>GCoar0ztepPmNFAontikTHysyrM/jPDXzV30iciElXFAHnfAKngdc6rIV+jvwrdwsgBnZY145DN2&#13;

de9bKjDFWT2WocpTWM75eW1VvDQgUO0X+Wg4hyCT4InGX8ly4hVIuajnUXSWjwkheNRxbd7ztKzh&#13;

n2tCKh5l+DGThKuRDpbP97ks+gXsPA7eqvaLaozgC3MBBwn8cPGz2OYWIzHEm1MfTaeL7ucqqRYu&#13;

xpTvslSkFJK1uFya/ijcl1mkAhcdcYGkbjZXQnaxGdjSuM/LblSvj61UTn4rlHT6dIkAI5yzmFo2&#13;

Njv79GJstnU6tBizi1iRnNhWVlvSOy5K2lU9yQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cipizmTgC1Ej0cfwXeylgvJxdgkL57IAKj/lW738dcM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></m1>

<m2>How are you</m2>

</Message>

INFO  2021-04-30 16:56:26,972 [[MuleRuntime].uber.07: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/3; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: Decrypted Data:  <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>

<m1>Hello</m1>

<m2>How are you</m2>

</Message>

INFO  2021-04-30 16:56:27,062 [[MuleRuntime].uber.03: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/5; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: XML SIGNED DATA: <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>

<m1>Hello</m1>

<m2>How are you</m2>

<dsig:Signature xmlns:dsig=”http://www.w3.org/2000/09/xmldsig#”><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#WithComments”/><dsig:SignatureMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#rsa-sha1″/><dsig:Reference URI=””><dsig:Transforms><dsig:Transform Algorithm=”http://www.w3.org/2000/09/xmldsig#enveloped-signature”/></dsig:Transforms><dsig:DigestMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#sha256″/><dsig:DigestValue>1B9wrcUGmmYNbxuATx/gjrrmlZgZcuHkloz69aemBoQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>bk3A2XTsfQkgBmXCoRZ83MJQVJVuUalxCSAZqBw005vIG3nGZ83hc1RIonmiEwR7jGOJLVoq0pjv

BnTfs0+PCF8XaA7uQoHYW0cAKKWhzuPii1FExIR2g4CX/ElXftqT9mDG09PbYKmr3DQRXBA9nYHj

Uw8B2X9V82EF3lkcu6WkDQGq8uhvkvgAn7+vMEe8FX2xjpB6XbsXZvSQuqrtQ9ARkYsFvNx4F7Pt

cbGHX3yRPKTm0Vx3/QFdcCRhqpYZXf6lPffrzlOdaJCoQb8b0Vqq4WcLqNDD8sPJQ/Kt69tMm1ow

NEFcAlpfPcgmF3a3Q4XqcldHiT8PBAvuU/GHwg==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509SubjectName>CN=preetam,OU=key,O=Apisero,L=Pune,ST=Maharashtra,C=PU</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAk+gAwIBAgIEadHQjjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJQVTEUMBIGA1UE

CBMLTWFoYXJhc2h0cmExDTALBgNVBAcTBFB1bmUxEDAOBgNVBAoTB0FwaXNlcm8xDDAKBgNVBAsT

A2tleTEQMA4GA1UEAxMHcHJlZXRhbTAeFw0yMTAzMjUxMDM4MTVaFw0yMTA2MjMxMDM4MTVaMGQx

CzAJBgNVBAYTAlBVMRQwEgYDVQQIEwtNYWhhcmFzaHRyYTENMAsGA1UEBxMEUHVuZTEQMA4GA1UE

ChMHQXBpc2VybzEMMAoGA1UECxMDa2V5MRAwDgYDVQQDEwdwcmVldGFtMIIBIjANBgkqhkiG9w0B

AQEFAAOCAQ8AMIIBCgKCAQEAhzDgi2G8o7WjisqErf4nQBtcpKaflDZFgH4cs8BjrjG9J7+r/d+0

A1+BPnzBM+bDxLWnaXGZ66f75HAf88vj2tP6yjX2ghTGf3/Z5SOluE7hfWp8NS1sWDhM0si2LwSS

5Gqa/VvqpT3pVAYyf5Ot1yy2pc4VG4hzofdiFVwyNC4SP04lrLpxekwFBUe/D+m8LOxth80ydrA1

wEmXO43Mz0QGFF7tkTXfdP3BxS0rUN5+8I6tJ82U8mWYea6OITJSo7ZEmCGZjCPOfHSs30Rrf/Qb

IMCe0qrMIQrn8Ff0r1yJRTeYI1r/Idcq/hWwe4jvByUjQ1Q5zxbBQOu0cwMmzQIDAQABoyEwHzAd

BgNVHQ4EFgQU4AQQDCCsil12UDKHOoj88WsoG70wDQYJKoZIhvcNAQELBQADggEBAIZEiKctODWy

8gvNCPkYlDFPA0Wh9JYE/n9XVdMXs5tS7b3oZJFDDuVtsT2IiVyiVYJq/S0kgh2qkWCtG+zOhmwk

Qa9lfVgg7FRBnaV47QGGZfyySnLrHMRChd5463z2DM8IfJE8eBUvfTthSDINN+Xop5DU0JRU8vgD

+tDSCFW+zhAG/NoJqhxXONOnv8pdUKOlXGQxVlsExb7LlFV6AR540b5oatrizWL+FCqkrfIaZkwb

ZaHAfwB3GZFyioLLJfZUMrQ8HybP1FvVtb+UdXqhWVb5kiA8uncDsP40+HLIwoEwC9m4IzuwLT5X

QkGgKG4Icy+SGiWHce358rv/neY=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></Message>

INFO  2021-04-30 16:56:27,067 [[MuleRuntime].uber.07: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/7; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: VALIDATION RESULT :  <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>

<m1>Hello</m1>

<m2>How are you</m2>

</Message>

We use cookies on this site to enhance your user experience. For a complete overview of how we use cookies, please see our privacy policy.