[CONF] Apache Camel > Crypto

[Franz Forsthofer (Confluence)]

Franz Forsthofer edited the page: Crypto ... The functionality is especially useful to support the key exchange. If you want to exchange the private key for decrypting you can accept for a period of time messages which are either encrypted with the old or new corresponding public key. Or if the sender wants to exchange his signer private key, you can accept for a period of time, the old or new signer key. Technical background: The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling. Restricting the Signer Identities during PGP Signature Verification Since Camel 2.12.3. If you verify a signature you not only want to verify the correctness of the signature but you also want check that the signature comes from a certain identity or a specific set of identities. Therefore it is possible to restrict the number of public keys from the public keyring which can be used for the verification of a signature.   Code Block title Signature User IDs language java // specify the User IDs of the expected signer identities List<String> expectedSigUserIds = new ArrayList<String>(); expectedSigUserIds.add("Trusted company1"); expectedSigUserIds.add("Trusted company2");   PGPDataFormat pgpVerifyWithSpecificKeysAndDecrypt = new PGPDataFormat(); pgpVerifyWithSpecificKeysAndDecrypt.setPassword("my password"); // for decrypting with private key pgpVerifyWithSpecificKeysAndDecrypt.setKeyFileName(keyfileName); pgpVerifyWithSpecificKeysAndDecrypt.setSignatureKeyFileName(signatgureKeyfileName); pgpVerifyWithSpecificKeysAndDecrypt.setSignatureKeyUserids(expectedSigUserIds); // if you have only one signer identity then you can also use setSignatureKeyUserid("expected Signer")   from("direct:start") ... .unmarshal(pgpVerifyWithSpecificKeysAndDecrypt) ... If the PGP content has several signatures the verification is successful as soon as one signature can be verified. If you do not want to restrict the signer identities for verification then do not specify the signature key User IDs. In this case all public keys in the public keyring are taken into account. Dependencies To use the Crypto dataformat in your camel routes you need to add the following dependency to your pom. ... View Online · Like · View Changes Stop watching space · Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software