PGP Encryption in MuleSoft

This article gives high-level idea about how the encryption works and how we can make a use of PGP encryption for data encryption in MuleSoft.

So, let’s start with basic questions, what is encryption and why it is really required.

What is Encryption?

In simple term, encryption is the process of changing information in such a way as to make it unreadable by anyone except those possessing special knowledge (usually referred to as a “key”) that allows them to change the information back to its original, readable form.

Why is Encryption Important?

Sensitive Data without Encryption

Encryption is a way of keeping your data safe and confidential as it is sent over the internet (as shown in above diagram). Whenever you send personal information across the internet, be it passwords, credit card information or personal contact details, encryption stops others from seeing what you are doing.

How does Encryption help to protect the data?

Sensitive Data with Encryption

When data gets encrypted, data would jumble up in a manner so that when it travels through the internet it is completely unreadable, this stops hackers who may intercept the data from seeing what you’re doing, as all they’d receive is a random bunch of letters, numbers & symbols (as shown in above diagram).

Asymmetric and Symmetric encryption are two main kinds of encryption. For more details about the Symmetric and Asymmetric Encryption refer here.

Now we have basics understanding about the encryption and decryption, let’s see what the PGP encryption is and how that can be used in MuleSoft.

Pretty Good Privacy (PGP) Encryption

• Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories, and whole disk partitions to increase the security of e-mail communications.
• Public and private keys play a vital role in PGP to encrypt and decrypt the data. Generally, a public key is used to encrypt the data, and it is always shared with end-users. The private key is used to decrypt the data.
• Let’s understand how we can generate the private and public keys.

How to generate PGP key pairs

• Here we are going to make a use of Kleopatra — OpenPGP tool to generate the keys.
• Once installation done, open Kleopatra Utility and click on new key pair.

• Enter the username, email id and enable the check box.

• Click on advance setting for any other configuration changes.

• Click OK, you will get another pop-up for entering the passphrase. Enter the passphrase, this would be needed when you try to access the private key.

• Click ok, then you would observe that key has been created.

Extract the public key from the private key.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Ensure that file is saved in gpg format, because in MuleSoft connector gpg format is expected.

Also store the private key.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

This file contains both private and public key so make sure you will not share this file with client application. This file should be part of Server application only.

Once you extracted the private and public key, share the respective keys with appropriate application.

I have renamed the key’s to pgp_public_key.gpg and pgp_private_key.gpg

→ Public Key (pgp_public_key.gpg) — Client Application

→ Private Key (pgp_private_key.gpg) — Server Application

Now we have all the required details, let’s see how to implement the PGP encryption and decryption in MuleSoft.

Implement the Encryption flow in MuleSoft.

First step first, if cryptography module is not present in the studio, then add it from the exchange.

• For this implementation we are going to create a simple application, which will read the file from local system → encrypt the file → write the encrypted file into local system.

Encryption Module Configuration

• Place the public key under resources folder.

• Add PGP encryption module and add the require configurations like, Public Key Path and Fingerprint details.

PGP Encrypt Configuration Details

PGP Encrypt Connector Details

You can obtain the fingerprint value from your public key. Import the public key in Kleopatra and fetch the fingerprint value.

• Once all configurations done, sample application would look like

Encryption Flow

Test an Encryption Flow

• Before Execution

Input Folder

Output Folder

During Execution, Debug Logs

After reading the plain text file

After encryption

After Execution

Output Folder

Implement the Decryption flow in MuleSoft.

We will be creating another simple application for decryption flow, which will read the file from local system → decrypt the file → write the decrypted file into local system.

Decryption Module Configuration

• Place the private key under resources folder.

• Add PGP decryption module and add the require configurations like, Private Key Path and fingerprint details along with passphrase.

PGP Module Configuration

PGP Decrypt Connect Configuration

• The sample application would look like

PGP Decryption Flow

Test Decryption Flow

• Before Execution

Input Folder

Output Folder Path

• During Execution, Debug Logs

Read Encrypted Data

Decrypt Data to Original Plain Text

• After Execution

Output Folder

Conclusion

This article help reader to understand -

• How to create a private and public key using Kleopatra Utility.
• How to implement both PGP encryption and decryption in MuleSoft Application.