Over a million developers have joined DZone.

Encrypt/Decrypt Mule Message Using PGP Encryption

DZone's Guide to

Encrypt/Decrypt Mule Message Using PGP Encryption

A step-by-step guide to encrypting your Mule messages using Pretty Good Privacy (PGP) in Windows.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.


Pretty Good Privacy (PGP) is an ecryption program which can be used for the encryption and decryption of files. In this article, I'm going to explain from scratch on how to create PGP keys in Windows and encrypt Mule messages.

Steps for Creating Keys

Step 1: Download the Gpg4win application from here. Run the application and install the below components.Image title

Step 2: Navigate to installation folder & open gpa.exe application(or you can even just open GPA desktop app). In the clipboard go to Windows -> Keyring Manager, then you will see the below window open.

Key Manager

Now to generate new keys, go to Keys -> Ney Key. A new window will pop up which will ask a few standard questions. The answers you enter will be a part of a new key.

Remember to select the Create backup copy option while generating the key as shown below. 

Create key backup copy

Enter passphraseBackup key location

Make sure to copy the path highlighted in yellow (C:\Users\ \AppData\Roaming\gnupg\secret-key-******.asc ) before you modify the location for backing up key. Normally the path highlighted in the image is the place where you will find generated public and secure key rings. These will always be in hidden folders. Specify the path and click Save. Now you have generated a new key.

Image title

Public keys are used for encrypting a file.

Private keys are used for decrypting a file.

The user name will used as Principal in configuring an Encryption component in Mule.

Demo of Mule Flow

Now we will learn how to encrypt a Mule message using PGP encryption.

Step 1: Download and install Encryption Message Processor from the update site http://security-update-site-1.3.s3.amazonaws.com.

Step 2: Create a new Mule Project and copy pubring.gpg & secring.gpg files from the path that I highlighted above(C:\Users\<user_name>\AppData\Roaming\gnupg) to src/main/resources folder in your created application.

Step 3: Create a new flow as shown below:

Image titleStep 4: Configure the Encryption element as below:

Image title

Image title

Specify Public and Secret Key Ring file names, Secret Alias ID, Secret Passphrase, and Principal.

Principal is nothing but the user name in the key (usually it is a combination of name and emailID that you specified while generating keys).

Here, finding Secret Alias Id is a bit tricky. The GPA tool does not provide this detail. What you can do is pass some random value, deploy application, and run your flow. Mule throws an exception and in the console you can see the list of keys (secret alias ID) that you can use (as shown below). You have all the parameters required to configure PGP Encrypter now.

Image title

Step 5: Once the encryption element is configured, specify the Operation, Input Reference, and Select Encrypter as shown below:

Image title

Step 6: Find the final XML config below:

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:tracking="http://www.mulesoft.org/schema/mule/ee/tracking" xmlns:encryption="http://www.mulesoft.org/schema/mule/encryption"
xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xsi:schemaLocation="http://www.mulesoft.org/schema/mule/encryption http://www.mulesoft.org/schema/mule/encryption/current/mule-encryption.xsd
http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/ee/tracking http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd">
  <encryption:config name="Encryption" defaultEncrypter="PGP_ENCRYPTER" doc:name="Encryption">
        <encryption:pgp-encrypter-config publicKeyRingFileName="pubring.gpg" secretKeyRingFileName="secring.gpg" secretPassphrase="*********" principal="divyu &lt;divyu.rani@gmail.com&gt;" secretAliasId="******************"/>
    <file:connector name="File" autoDelete="true" outputAppend="true" streaming="true" validateConnections="true" doc:name="File"/>
   <flow name="pgp_pocFlow">
        <file:inbound-endpoint path="C:\Users\Documents\ftp" responseTimeout="10000" doc:name="File" 
        <encryption:encrypt config-ref="Encryption" doc:name="Encryption" using="PGP_ENCRYPTER"/>       
        <file:outbound-endpoint path="C:\Users\Documents\ftp\encrypted" 
        outputPattern="final-encrypted1.PGP" connector-ref="File" responseTimeout="10000" doc:name="File"/>

Step 7: Deploy you application and test it by placing a plain text file in the inbound File path and see the file generated with encrypted content in the outbound file path:

Image title

Input file check-encry.txt :

Good Morning, India

Output file final-encrypted1.PGP: 

Version: BCPG v1.54

Version: BCPG v1.54



So now you know how to use PGP Encrypter for Encrypting Mule messages. Similarly, we can select the decrypt operation in Encryption Message Processor and decrypt an encrypted message in same way.

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

mulesoft ,encryption ,anypoint studio ,integration ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}