Author: buildbot
Date: Wed Oct 23 10:19:35 2013
New Revision: 883807
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/book-dataformat-appendix.html
websites/production/camel/content/book-in-one-page.html
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/crypto.html
Modified: websites/production/camel/content/book-dataformat-appendix.html
==============================================================================
--- websites/production/camel/content/book-dataformat-appendix.html (original)
+++ websites/production/camel/content/book-dataformat-appendix.html Wed Oct 23
10:19:35 2013
@@ -3784,7 +3784,7 @@ from("direct:key-in-header-decrypt").unm
<h3><a shape="rect"
name="BookDataFormatAppendix-PGPDataFormatOptions"></a>PGPDataFormat
Options</h3>
<div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'Usaage of Passphrase
Accessor' below. </td></tr></tbody><
/table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of
Messages Encrypted/Signed by D
ifferent Private/Public Keys' below. </td></tr></tbody></table>
</div>
</div>
@@ -3890,11 +3890,11 @@ from("direct:inline-sign")
</div></div></li></ol>
-<h3><a shape="rect"
name="BookDataFormatAppendix-UsageofPassphraseAccessor"></a>Usage of Passphrase
Accessor</h3>
+<h3><a shape="rect"
name="BookDataFormatAppendix-PGPDecrypting%2FVerifyingofMessagesEncrypted%2FSignedbyDifferentPrivate%2FPublicKeys"></a>PGP
Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public
Keys</h3>
<p>Since <b>Camel 2.12.2</b>.</p>
-<p>A PGP Data Formater can decrypt messages which have been encrypted by
different public keys. In this case you must provide the corresponding private
keys in the secret keyring and the passphrases of the private keys in the
passphrase accessor.</p>
+<p>A PGP Data Formater can decrypt/verify messages which have been encrypted
by different public keys or signed by different private keys. Just, provide the
corresponding private keys in the secret keyring, the corresponding public keys
in the public keyring, and the passphrases in the passphrase accessor.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
@@ -3906,7 +3906,10 @@ PGPPassphraseAccessor passphraseAccessor
PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
-pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// the method getSecKeyRing() provides the secret keyring as byte array
containing the private keys
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing()); // alternatively
you can use setKeyFileName(keyfileName)
+// the method getPublicKeyRing() provides the public keyring as byte array
containing the public keys
+pgpVerifyAndDecrypt.setSignatureKeyRing((getPublicKeyRing()); //
alternatively you can use setSignatureKeyFileName(signatgureKeyfileName)
// it is not necessary to specify the User Id
from("direct:start")
@@ -3916,8 +3919,8 @@ from("direct:start")
]]></script>
</div></div>
-<p><b>Remark</b><br clear="none">
-The PGP encrypted data contains a Key ID of the public key which was used to
encrypt the data. This Key ID can be used to locate the private key in the
secret keyring to decrypt the data. The same mechanism is also used to locate
the public key for verifying a signature. Therefore you no longer must specify
User IDs for the unmarshaling.</p>
+<ul><li>The functionality is especially useful to support the key exchange. If
you want to exchange the private key for decrypting you can accept for a period
of time messages which are either encrypted with the old or new corresponding
public key. Or if the sender wants to exchange his signer private key, you can
accept for a period of time, the old or new signer key.</li><li>Technical
background: The PGP encrypted data contains a Key ID of the public key which
was used to encrypt the data. This Key ID can be used to locate the private key
in the secret keyring to decrypt the data. The same mechanism is also used to
locate the public key for verifying a signature. Therefore you no longer must
specify User IDs for the unmarshaling.</li></ul>
+
<h3><a shape="rect"
name="BookDataFormatAppendix-Dependencies"></a>Dependencies</h3>
Modified: websites/production/camel/content/book-in-one-page.html
==============================================================================
--- websites/production/camel/content/book-in-one-page.html (original)
+++ websites/production/camel/content/book-in-one-page.html Wed Oct 23 10:19:35
2013
@@ -14911,7 +14911,7 @@ from("direct:key-in-header-decrypt").unm
<h3><a shape="rect"
name="BookInOnePage-PGPDataFormatOptions"></a>PGPDataFormat Options</h3>
<div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'Usaage of Passphrase
Accessor' below. </td></tr></tbody><
/table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of
Messages Encrypted/Signed by D
ifferent Private/Public Keys' below. </td></tr></tbody></table>
</div>
</div>
@@ -15017,11 +15017,11 @@ from("direct:inline-sign")
</div></div></li></ol>
-<h3><a shape="rect" name="BookInOnePage-UsageofPassphraseAccessor"></a>Usage
of Passphrase Accessor</h3>
+<h3><a shape="rect"
name="BookInOnePage-PGPDecrypting%2FVerifyingofMessagesEncrypted%2FSignedbyDifferentPrivate%2FPublicKeys"></a>PGP
Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public
Keys</h3>
<p>Since <b>Camel 2.12.2</b>.</p>
-<p>A PGP Data Formater can decrypt messages which have been encrypted by
different public keys. In this case you must provide the corresponding private
keys in the secret keyring and the passphrases of the private keys in the
passphrase accessor.</p>
+<p>A PGP Data Formater can decrypt/verify messages which have been encrypted
by different public keys or signed by different private keys. Just, provide the
corresponding private keys in the secret keyring, the corresponding public keys
in the public keyring, and the passphrases in the passphrase accessor.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
@@ -15033,7 +15033,10 @@ PGPPassphraseAccessor passphraseAccessor
PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
-pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// the method getSecKeyRing() provides the secret keyring as byte array
containing the private keys
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing()); // alternatively
you can use setKeyFileName(keyfileName)
+// the method getPublicKeyRing() provides the public keyring as byte array
containing the public keys
+pgpVerifyAndDecrypt.setSignatureKeyRing((getPublicKeyRing()); //
alternatively you can use setSignatureKeyFileName(signatgureKeyfileName)
// it is not necessary to specify the User Id
from("direct:start")
@@ -15043,8 +15046,8 @@ from("direct:start")
]]></script>
</div></div>
-<p><b>Remark</b><br clear="none">
-The PGP encrypted data contains a Key ID of the public key which was used to
encrypt the data. This Key ID can be used to locate the private key in the
secret keyring to decrypt the data. The same mechanism is also used to locate
the public key for verifying a signature. Therefore you no longer must specify
User IDs for the unmarshaling.</p>
+<ul><li>The functionality is especially useful to support the key exchange. If
you want to exchange the private key for decrypting you can accept for a period
of time messages which are either encrypted with the old or new corresponding
public key. Or if the sender wants to exchange his signer private key, you can
accept for a period of time, the old or new signer key.</li><li>Technical
background: The PGP encrypted data contains a Key ID of the public key which
was used to encrypt the data. This Key ID can be used to locate the private key
in the secret keyring to decrypt the data. The same mechanism is also used to
locate the public key for verifying a signature. Therefore you no longer must
specify User IDs for the unmarshaling.</li></ul>
+
<h3><a shape="rect" name="BookInOnePage-Dependencies"></a>Dependencies</h3>
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/crypto.html
==============================================================================
--- websites/production/camel/content/crypto.html (original)
+++ websites/production/camel/content/crypto.html Wed Oct 23 10:19:35 2013
@@ -315,7 +315,7 @@ from("direct:key-in-header-decrypt").unm
<h3><a shape="rect" name="Crypto-PGPDataFormatOptions"></a>PGPDataFormat
Options</h3>
<div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'Usaage of Passphrase
Accessor' below. </td></tr></tbody><
/table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Type </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> The userid of the key in the PGP keyring.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password
used when opening the private key (not used for encryption). </td></tr><tr><td
colspan="1" rowspan="1" c
lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> Filename of the keyring; must be accessible as a
classpath resource (but you can specify a location in the file system by using
the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption
keyring; you can not set the keyFileName and encryptionKeyRing at the same
time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="con
fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in
the PGP keyring to use for signing (during encryption) or signature
verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password
used when opening the private key used for signing (during encryption).
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the
keyring to us
e for signing (during encryption) or for signature verification (during
decryption); must be accessible as a classpath resource (but you can specify a
location in the file system by using the "file:" prefix). </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>;
symmetric key encryption algorithm; possible val
ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash
algorithm; possible values are defined in
<tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (=
SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="con
fluenceTd"> This option will cause PGP to base64 encode the encrypted text,
making it available for copy/paste, etc. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the
encryption file. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
s corresponding to user Ids. If no passpharase can be found from the option
<tt>password</tt> or <tt>signaturePassword</tt> and from the headers
<tt>CamelPGPDataFormatKeyPassword</tt> or
<tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched
from the passphrase accessor. You provide a bean which implements the interface
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java";
rel="nofollow">PGPPassphraseAccessorDefault</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of
Messages Encrypted/Signed by D
ifferent Private/Public Keys' below. </td></tr></tbody></table>
</div>
</div>
@@ -421,11 +421,11 @@ from("direct:inline-sign")
</div></div></li></ol>
-<h3><a shape="rect" name="Crypto-UsageofPassphraseAccessor"></a>Usage of
Passphrase Accessor</h3>
+<h3><a shape="rect"
name="Crypto-PGPDecrypting%2FVerifyingofMessagesEncrypted%2FSignedbyDifferentPrivate%2FPublicKeys"></a>PGP
Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public
Keys</h3>
<p>Since <b>Camel 2.12.2</b>.</p>
-<p>A PGP Data Formater can decrypt messages which have been encrypted by
different public keys. In this case you must provide the corresponding private
keys in the secret keyring and the passphrases of the private keys in the
passphrase accessor.</p>
+<p>A PGP Data Formater can decrypt/verify messages which have been encrypted
by different public keys or signed by different private keys. Just, provide the
corresponding private keys in the secret keyring, the corresponding public keys
in the public keyring, and the passphrases in the passphrase accessor.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
@@ -437,7 +437,10 @@ PGPPassphraseAccessor passphraseAccessor
PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
-pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// the method getSecKeyRing() provides the secret keyring as byte array
containing the private keys
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing()); // alternatively
you can use setKeyFileName(keyfileName)
+// the method getPublicKeyRing() provides the public keyring as byte array
containing the public keys
+pgpVerifyAndDecrypt.setSignatureKeyRing((getPublicKeyRing()); //
alternatively you can use setSignatureKeyFileName(signatgureKeyfileName)
// it is not necessary to specify the User Id
from("direct:start")
@@ -447,8 +450,8 @@ from("direct:start")
]]></script>
</div></div>
-<p><b>Remark</b><br clear="none">
-The PGP encrypted data contains a Key ID of the public key which was used to
encrypt the data. This Key ID can be used to locate the private key in the
secret keyring to decrypt the data. The same mechanism is also used to locate
the public key for verifying a signature. Therefore you no longer must specify
User IDs for the unmarshaling.</p>
+<ul><li>The functionality is especially useful to support the key exchange. If
you want to exchange the private key for decrypting you can accept for a period
of time messages which are either encrypted with the old or new corresponding
public key. Or if the sender wants to exchange his signer private key, you can
accept for a period of time, the old or new signer key.</li><li>Technical
background: The PGP encrypted data contains a Key ID of the public key which
was used to encrypt the data. This Key ID can be used to locate the private key
in the secret keyring to decrypt the data. The same mechanism is also used to
locate the public key for verifying a signature. Therefore you no longer must
specify User IDs for the unmarshaling.</li></ul>
+
<h3><a shape="rect" name="Crypto-Dependencies"></a>Dependencies</h3>
