Author: Preetam Deshmukh
- The XML cryptography provides encryption/decryption of an element within an XML document
- It consists of elementPath, which is an XPath expression that identifies the element to encrypt.
- It uses JCE Configuration.
- Depending on your needs, you can use a symmetric or asymmetric key for encrypting an XML document.
- It is used only for XML document encryption of other types not supported.
- We will need to convert the payload to XML before using XML cryptography with other types like JSON.
Installing Cryptography extension in Anypoint Studio
- Open your Mule project in Anypoint Studio.
- Go to the Mule Palette.
- Select Search in Exchange, and search for the Cryptography Module.
- Add the extension.
- You can now search in the mule Palette for operations of the Cryptography module.
XML Encryption Configuration
Operations Supported
- XML encrypt – Encrypt the XML Document.
- XML decrypt – Decrypt the XML Document.
- XML sign – Sign a XML Document.
- XML validate – Validate a signed XML Document.
Demo
Encrypt
Note:- The highlighted shows the element path. In this example, we are trying to encrypt the m1 tag, not the entire payload. If we need to encrypt, the entire payload keeps the element path blank. Don’t pass anything. It will encrypt the entire XML document.
Decrypt
Sign
Saved the signed message in target variable to validate the signed message in validate operation.
Validate
Results:
Input:
<Message>
<m1>Hello</m1>
<m2>How are you</m2>
</Message>
Output:
INFO 2021-04-30 16:56:26,911 [[MuleRuntime].uber.06: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/1; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: ENCRYPTED DATA: <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>
<m1><xenc:EncryptedData xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#” Type=”http://www.w3.org/2001/04/xmlenc#Content”><xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#aes256-cbc”/><ds:KeyInfo xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>
<xenc:EncryptedKey Recipient=”asymKey”><xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p”><ds:DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1″/></xenc:EncryptionMethod><ds:KeyInfo>
<ds:KeyName>asymKey</ds:KeyName>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>GCoar0ztepPmNFAontikTHysyrM/jPDXzV30iciElXFAHnfAKngdc6rIV+jvwrdwsgBnZY145DN2
de9bKjDFWT2WocpTWM75eW1VvDQgUO0X+Wg4hyCT4InGX8ly4hVIuajnUXSWjwkheNRxbd7ztKzh
n2tCKh5l+DGThKuRDpbP97ks+gXsPA7eqvaLaozgC3MBBwn8cPGz2OYWIzHEm1MfTaeL7ucqqRYu
xpTvslSkFJK1uFya/ijcl1mkAhcdcYGkbjZXQnaxGdjSuM/LblSvj61UTn4rlHT6dIkAI5yzmFo2
Njv79GJstnU6tBizi1iRnNhWVlvSOy5K2lU9yQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cipizmTgC1Ej0cfwXeylgvJxdgkL57IAKj/lW738dcM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></m1>
<m2>How are you</m2>
</Message>
INFO 2021-04-30 16:56:26,972 [[MuleRuntime].uber.07: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/3; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: Decrypted Data: <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>
<m1>Hello</m1>
<m2>How are you</m2>
</Message>
INFO 2021-04-30 16:56:27,062 [[MuleRuntime].uber.03: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/5; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: XML SIGNED DATA: <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>
<m1>Hello</m1>
<m2>How are you</m2>
<dsig:Signature xmlns:dsig=”http://www.w3.org/2000/09/xmldsig#”><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#WithComments”/><dsig:SignatureMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#rsa-sha1″/><dsig:Reference URI=””><dsig:Transforms><dsig:Transform Algorithm=”http://www.w3.org/2000/09/xmldsig#enveloped-signature”/></dsig:Transforms><dsig:DigestMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#sha256″/><dsig:DigestValue>1B9wrcUGmmYNbxuATx/gjrrmlZgZcuHkloz69aemBoQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>bk3A2XTsfQkgBmXCoRZ83MJQVJVuUalxCSAZqBw005vIG3nGZ83hc1RIonmiEwR7jGOJLVoq0pjv
BnTfs0+PCF8XaA7uQoHYW0cAKKWhzuPii1FExIR2g4CX/ElXftqT9mDG09PbYKmr3DQRXBA9nYHj
Uw8B2X9V82EF3lkcu6WkDQGq8uhvkvgAn7+vMEe8FX2xjpB6XbsXZvSQuqrtQ9ARkYsFvNx4F7Pt
cbGHX3yRPKTm0Vx3/QFdcCRhqpYZXf6lPffrzlOdaJCoQb8b0Vqq4WcLqNDD8sPJQ/Kt69tMm1ow
NEFcAlpfPcgmF3a3Q4XqcldHiT8PBAvuU/GHwg==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509SubjectName>CN=preetam,OU=key,O=Apisero,L=Pune,ST=Maharashtra,C=PU</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAk+gAwIBAgIEadHQjjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJQVTEUMBIGA1UE
CBMLTWFoYXJhc2h0cmExDTALBgNVBAcTBFB1bmUxEDAOBgNVBAoTB0FwaXNlcm8xDDAKBgNVBAsT
A2tleTEQMA4GA1UEAxMHcHJlZXRhbTAeFw0yMTAzMjUxMDM4MTVaFw0yMTA2MjMxMDM4MTVaMGQx
CzAJBgNVBAYTAlBVMRQwEgYDVQQIEwtNYWhhcmFzaHRyYTENMAsGA1UEBxMEUHVuZTEQMA4GA1UE
ChMHQXBpc2VybzEMMAoGA1UECxMDa2V5MRAwDgYDVQQDEwdwcmVldGFtMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAhzDgi2G8o7WjisqErf4nQBtcpKaflDZFgH4cs8BjrjG9J7+r/d+0
A1+BPnzBM+bDxLWnaXGZ66f75HAf88vj2tP6yjX2ghTGf3/Z5SOluE7hfWp8NS1sWDhM0si2LwSS
5Gqa/VvqpT3pVAYyf5Ot1yy2pc4VG4hzofdiFVwyNC4SP04lrLpxekwFBUe/D+m8LOxth80ydrA1
wEmXO43Mz0QGFF7tkTXfdP3BxS0rUN5+8I6tJ82U8mWYea6OITJSo7ZEmCGZjCPOfHSs30Rrf/Qb
IMCe0qrMIQrn8Ff0r1yJRTeYI1r/Idcq/hWwe4jvByUjQ1Q5zxbBQOu0cwMmzQIDAQABoyEwHzAd
BgNVHQ4EFgQU4AQQDCCsil12UDKHOoj88WsoG70wDQYJKoZIhvcNAQELBQADggEBAIZEiKctODWy
8gvNCPkYlDFPA0Wh9JYE/n9XVdMXs5tS7b3oZJFDDuVtsT2IiVyiVYJq/S0kgh2qkWCtG+zOhmwk
Qa9lfVgg7FRBnaV47QGGZfyySnLrHMRChd5463z2DM8IfJE8eBUvfTthSDINN+Xop5DU0JRU8vgD
+tDSCFW+zhAG/NoJqhxXONOnv8pdUKOlXGQxVlsExb7LlFV6AR540b5oatrizWL+FCqkrfIaZkwb
ZaHAfwB3GZFyioLLJfZUMrQ8HybP1FvVtb+UdXqhWVb5kiA8uncDsP40+HLIwoEwC9m4IzuwLT5X
QkGgKG4Icy+SGiWHce358rv/neY=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></Message>
INFO 2021-04-30 16:56:27,067 [[MuleRuntime].uber.07: [crypto-demo].crypto-xml-demoFlow.CPU_INTENSIVE @668316ec] [processor: crypto-xml-demoFlow/processors/7; event: e6cecd31-a9a6-11eb-836b-00059a3c7a00] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: VALIDATION RESULT : <?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><Message>
<m1>Hello</m1>
<m2>How are you</m2>
</Message>