DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • Geo-Zoning Through Driving Distance Using K-Medoids Algorithm
  • Doubly Linked List in Data Structures and Algorithms
  • Linked List in Data Structures and Algorithms
  • Cryptography Module in Mule 4

Trending

  • Ethical AI in Agile
  • A Modern Stack for Building Scalable Systems
  • How To Introduce a New API Quickly Using Quarkus and ChatGPT
  • MCP Servers: The Technical Debt That Is Coming
  1. DZone
  2. Data Engineering
  3. AI/ML
  4. Asymmetric JCE Cryptography API Using RSA Algorithm in Mule 4

Asymmetric JCE Cryptography API Using RSA Algorithm in Mule 4

See how to encrypt and decrypt stream, byte[], or string using the Asymmetric JCE Cryptography module in Mule 4 taking an API as the reference implementation.

By 
Sudeshna Mitra user avatar
Sudeshna Mitra
·
Dec. 17, 18 · Tutorial
Likes (4)
Comment
Save
Tweet
Share
20.3K Views

Join the DZone community and get the full member experience.

Join For Free

This article provides how to encrypt and decrypt stream, byte[], or string using the Asymmetric JCE Cryptography module in Mule 4 taking an API as the reference implementation.

What Is Asymmetric JCE Cryptography?

The Java Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Types of encryptions supported are symmetric, asymmetric, block, and stream ciphers.

Asymmetric encryption is a strong encryption technique which uses a key pair. The key pair consists of a public key and a private key. Data or message encrypted using the private key can only be decrypted using the public key and vice versa.

Asymmetric key encryption can be implemented in a number of algorithms. Some of the common algorithms are RSA, DSA and Elliptic Curve. The most commonly used asymmetric key algorithm is RSA.

MuleSoft Cryptography Strategies

MuleSoft provides various encryption/decryption strategies to encrypt your messages.

Encryption strategy

Description

JCE encrypter

Encrypts stream, byte[], or string.

XML encrypter

Encrypts string; encrypts individual fields using xpath expressions.

PGP encrypter

Encrypts stream, byte[], or string; applies tighter security (relative to JCE and XML); increases processing load (relative to JCE and XML).

About This API

Key Benefits and Problem Statement

Security has always been the most important aspect when developing integration solutions, especially in the banking and finance domain. In many APIs, sensitive information is sent over the channel in raw format, which is prone to threats like a man in the middle of an attack. While sending data securely over the channel to third parties, it is very important that data is always encrypted so it becomes unreadable for unauthorized entities.

Solution

A proposed solution is a reusable API with a POST and a GET method using Asymmetric JCE Cryptography with RSA algorithm. The POST method accepts the sensitive information, encrypts the data and signs it with private key and stores it in an object store. The GET method is used to fetch the data every time the sensitive information is used in an application from object store in an unreadable format, validates the data and decrypts using a public key.

API Overview

  1. Create a Keystore using Keytool
  2. Add a cryptography connector in Anypoint Studio
  3. Project overview of jce-asymmetry-api
  4. Encryption of sensitive data using private key and storing in Object Store
  5. Signing and storing in Object Store
  6. Validation of sensitive data against the signed data retrieved from Object Store
  7. Decryption of unreadable data using public key for authorized entities

API Layout

Step 1: Create a Keystore Using Keytool

Create a Temp folder and execute the following command.

C:\Temp>keytool -genkey -keyalg RSA -alias sampleAlias -keystore cryptokeystore.jks -storepass password123 -keypass password123

The principal information necessary to configure JCE Encrypter using keystore are

  1. Name of the keystore: cryptokeystore.jks
  2. Password of the keystore: password123
  3. Name of the key: crypto
  4. Password of the key: password123
  5. Name of the alias: sampleAlias

Step 2: Add a Cryptography Connector in Anypoint Studio

** Installing encryption/cryptography connector in studio from anypoint enterprise security update site is currently unavailable for Mule 4.

Hence, download the dependency from exchange.

Else add the dependency in pom.

<dependency>
  <groupId>com.mulesoft.modules</groupId>
  <artifactId>mule-cryptography-module</artifactId>
  <version>1.0.0</version>
  <classifier>mule-plugin</classifier>
</dependency>

Step 3: Project Overview of jce-asymmetry-api

  1. Current application developed in studio 7.1.3 and deployed in Mule runtime version 4.1.4.
  2. Create a API specification (RAML) in design center.
#%RAML 1.0
title: jce-asymmetry
description: This API enable global encryption and decryption of data while storing and retrieving from object store

/jce-asymmetry:
  post:
    description: Method used to store sensitive data with data key
    queryParameters: 
      datakey:   
    responses:
      201:
        body: 
          application/json:
            example: {response: Data Posted Successfully!}
  /{datakey}:
    description: Retrieve data from store using data key
    get:
      responses: 
        200:
          body: 
            application/json:
              example: {response: Data fetched sucessfully!}

3. Mule application structure specifying the API definition file.Mule application structure specifying the API definition file.

Step 4: JCE Asymmetry Cryptography — Encryption

  • Encryption of sensitive data using private key and storing in Object Store.JCE Asymmetry Cryptography — Encryption

Step 5: JCE Asymmetry Cryptography — Signature

  • Signing and storing in Object Store.JCE Asymmetry Cryptography — Signature

Step 6: JCE Asymmetry Cryptography — Validation

  • Validation of sensitive data against the signed data retrieved from Object Store.JCE Asymmetry Cryptography — Validation

Step 7: JCE Asymmetry Cryptography — Decryption

  • Decryption of unreadable data using public key for authorized entitiesJCE Asymmetry Cryptography — Decryption

Testing the API

  1. Create sample mule application and use the POST method in a HTTP Request call to store sensitive data using unique object store key.API-Test-Post-Method
  2. Use the GET method in an application to retrieve the sensitive data using the same object store key.API-Test_Get_Method
  3. A glimpse of the log file for the above implementation.
**********************************************************************
* Application: jce-asymmetry-api                                     *
* OS encoding: windows-1252, Mule encoding: UTF-8                    *
*                                                                    *
**********************************************************************
INFO  2018-12-13 12:17:57,674 [[MuleRuntime].cpuLight.05: [jce-asymmetry-api].post:\jce-asymmetry:jce-asymmetry-config.CPU_LITE @7fa378] 0-047263d1-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: before encrypting: {password:abcd}
INFO  2018-12-13 12:17:58,191 [[MuleRuntime].cpuLight.05: [jce-asymmetry-api].post:\jce-asymmetry:jce-asymmetry-config.CPU_LITE @7fa378] 0-047263d1-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: after encrypt: ?A/????????L('?4?eka}3?Q2??J-1?M??6r?B??c??pz*L?k??%????(??mG?R?????4e??5?=1.????!?h'???*^?v?c??aS?s?w????~??*???qK?n??/4L????f?y?)}j?`S?D?h???7?b?l? ????V?j?
?&}w?*?luqUz?g?~pU?L?"GV#?/???oO?qby??#$y??rU?6???"?[
INFO  2018-12-13 12:17:58,388 [[MuleRuntime].cpuLight.05: [jce-asymmetry-api].post:\jce-asymmetry:jce-asymmetry-config.CPU_LITE @7fa378] 0-047263d1-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: before sign: ?A/????????L('?4?eka}3?Q2??J-1?M??6r?B??c??pz*L?k??%????(??mG?R?????4e??5?=1.????!?h'???*^?v?c??aS?s?w????~??*???qK?n??/4L????f?y?)}j?`S?D?h???7?b?l? ????V?j?
?&}w?*?luqUz?g?~pU?L?"GV#?/???oO?qby??#$y??rU?6???"?[
INFO  2018-12-13 12:17:58,513 [[MuleRuntime].cpuLight.05: [jce-asymmetry-api].post:\jce-asymmetry:jce-asymmetry-config.CPU_LITE @7fa378] 0-047263d1-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: after sign: duLCTboEQjdepSA4KjbUAhuwdrKvNWgMsLQvwwc1WD8NpTmi7ZIVqzGZRx9Sye4ziLZoouHe58ePakJnOM/ql1HXF0FkXTvKYD/OmrzLX2nuLowk/2bWh+xY47cwcvctSCfN3BpIUwMqbFq1dAC+/c96DuZZAK0a+CNx8Z58Dykvh1Tz35KVS6YbI2JdYHVG2a8O4Bsd21L8krQ43v4Rhygo8xuNouPOHSeZrKZdfPl5M9iKk3/tLFphYBftYMvA7q/Xmnt/K07z95mTnc6cTVLxqVlUwD+ketBgmp4at0ZycWG3Mt1/A3sjrls9y/0Mj39Pwgw8HFBf40TAztdzLA==

INFO  2018-12-13 12:18:06,757 [[MuleRuntime].cpuLight.01: [jce-asymmetry-api].get:\jce-asymmetry\(datakey):jce-asymmetry-config.CPU_LITE @f45d68] 0-0b1833e0-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: Before validating
INFO  2018-12-13 12:18:06,807 [[MuleRuntime].cpuLight.01: [jce-asymmetry-api].get:\jce-asymmetry\(datakey):jce-asymmetry-config.CPU_LITE @f45d68] 0-0b1833e0-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: After validating
INFO  2018-12-13 12:18:06,876 [[MuleRuntime].cpuLight.01: [jce-asymmetry-api].get:\jce-asymmetry\(datakey):jce-asymmetry-config.CPU_LITE @f45d68] 0-0b1833e0-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: Before decryption: ?A/????????L('?4?eka}3?Q2??J-1?M??6r?B??c??pz*L?k??%????(??mG?R?????4e??5?=1.????!?h'???*^?v?c??aS?s?w????~??*???qK?n??/4L????f?y?)}j?`S?D?h???7?b?l? ????V?j?
?&}w?*?luqUz?g?~pU?L?"GV#?/???oO?qby??#$y??rU?6???"?[
INFO  2018-12-13 12:18:06,986 [[MuleRuntime].cpuLight.01: [jce-asymmetry-api].get:\jce-asymmetry\(datakey):jce-asymmetry-config.CPU_LITE @f45d68] 0-0b1833e0-fea3-11e8-b138-80a5899fd9bforg.mule.runtime.core.internal.processor.LoggerMessageProcessor: Decrypted data is: {password:abcd}

Note: The complete source code is available in GitHub.

Summary

Asymmetric encryption using RSA algorithm is a relatively new technique and is preferred over symmetric encryption even though asymmetric encryption takes relatively more time than the symmetric encryption. Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetrical encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating. Make use of this reusable API to securely send data over a channel to third parties.

Java Cryptography Extension API Algorithm

Opinions expressed by DZone contributors are their own.

Related

  • Geo-Zoning Through Driving Distance Using K-Medoids Algorithm
  • Doubly Linked List in Data Structures and Algorithms
  • Linked List in Data Structures and Algorithms
  • Cryptography Module in Mule 4

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: