Modified: websites/production/camel/content/crypto.html
==============================================================================
--- websites/production/camel/content/crypto.html (original)
+++ websites/production/camel/content/crypto.html Thu Sep 24 16:21:02 2015
@@ -98,7 +98,7 @@ from("direct:basic-encryption"
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>In Spring the dataformat is configured first and then used in
routes</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+</div></div>In Spring the dataformat is configured first and then used in
routes<div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[<camelContext id="camel"
xmlns="http://camel.apache.org/schema/spring">
<dataFormats>
<crypto id="basic" algorithm="DES"
keyRef="desKey" />
@@ -127,7 +127,7 @@ from("direct:hmac-algorithm")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>A list of the available algorithms in Java 7 is available via
the <a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html";
rel="nofollow">Java Cryptography Architecture Standard Algorithm Name
Documentation</a>.</p><h3
id="Crypto-SpecifyinganInitializationVector">Specifying an Initialization
Vector</h3><p>Some crypto algorithms, particularly block algorithms, require
configuration with an initial block of data known as an Initialization Vector.
In the JCE this is passed as an AlgorithmParameterSpec when the Cipher is
initialized. To use such a vector with the CryptoDataFormat you can configure
it with a byte[] containing the required data e.g.</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>A list of the available algorithms in Java 7 is available via the
<a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html";
rel="nofollow">Java Cryptography Architecture Standard Algorithm Name
Documentation</a>.<h3 id="Crypto-SpecifyinganInitializationVector">Specifying
an Initialization Vector</h3><p>Some crypto algorithms, particularly block
algorithms, require configuration with an initial block of data known as an
Initialization Vector. In the JCE this is passed as an AlgorithmParameterSpec
when the Cipher is initialized. To use such a vector with the CryptoDataFormat
you can configure it with a byte[] containing the required data e.g.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
0x06, 0x07};
@@ -141,11 +141,11 @@ from("direct:init-vector")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring, suppling a reference to a byte[]</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div>or with spring, suppling a reference to a byte[]<div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<crypto id="initvector"
algorithm="DES/CBC/PKCS5Padding" keyRef="desKey"
initVectorRef="initializationVector" />
]]></script>
-</div></div><p>The same vector is required in both the encryption and
decryption phases. As it is not necessary to keep the IV a secret, the
DataFormat allows for it to be inlined into the encrypted data and subsequently
read out in the decryption phase to initialize the Cipher. To inline the IV set
the /oinline flag.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+</div></div>The same vector is required in both the encryption and decryption
phases. As it is not necessary to keep the IV a secret, the DataFormat allows
for it to be inlined into the encrypted data and subsequently read out in the
decryption phase to initialize the Cipher. To inline the IV set the /oinline
flag.<div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
0x06, 0x07};
@@ -163,13 +163,13 @@ from("direct:inline")
.unmarshal(decryptFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<crypto id="inline" algorithm="DES/CBC/PKCS5Padding"
keyRef="desKey" initVectorRef="initializationVector"
inline="true" />
<crypto id="inline-decrypt"
algorithm="DES/CBC/PKCS5Padding" keyRef="desKey"
inline="true" />
]]></script>
-</div></div><p>For more information of the use of Initialization Vectors,
consult</p><ul><li><a shape="rect" class="external-link"
href="http://en.wikipedia.org/wiki/Initialization_vector";
rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a
shape="rect" class="external-link"
href="http://www.herongyang.com/Cryptography/";
rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a
shape="rect" class="external-link"
href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation";
rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul><h3
id="Crypto-HashedMessageAuthenticationCodes(HMAC)">Hashed Message
Authentication Codes (HMAC)</h3><p>To avoid attacks against the encrypted data
while it is in transit the CryptoDataFormat can also calculate a Message
Authentication Code for the encrypted exchange contents based on a configurable
MAC algorithm. The calculated HMAC is appended to the stream after encryption.
It
is separated from the stream in the decryption phase. The MAC is recalculated
and verified against the transmitted version to insure nothing was tampered
with in transit.For more information on Message Authentication Codes see <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC";
rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>For more information of the use of Initialization Vectors,
consult<ul><li><a shape="rect" class="external-link"
href="http://en.wikipedia.org/wiki/Initialization_vector";
rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a
shape="rect" class="external-link"
href="http://www.herongyang.com/Cryptography/";
rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a
shape="rect" class="external-link"
href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation";
rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul><h3
id="Crypto-HashedMessageAuthenticationCodes(HMAC)">Hashed Message
Authentication Codes (HMAC)</h3><p>To avoid attacks against the encrypted data
while it is in transit the CryptoDataFormat can also calculate a Message
Authentication Code for the encrypted exchange contents based on a configurable
MAC algorithm. The calculated HMAC is appended to the stream after encryption.
It is sep
arated from the stream in the decryption phase. The MAC is recalculated and
verified against the transmitted version to insure nothing was tampered with in
transit.For more information on Message Authentication Codes see <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC";
rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -182,11 +182,11 @@ from("direct:hmac")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<crypto id="hmac" algorithm="DES"
keyRef="desKey" shouldAppendHMAC="true" />
]]></script>
-</div></div><p>By default the HMAC is calculated using the HmacSHA1 mac
algorithm though this can be easily changed by supplying a different algorithm
name. See <a shape="rect" class="unresolved" href="#">here</a> for how to check
what algorithms are available through the configured security providers</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div>By default the HMAC is calculated using the HmacSHA1 mac algorithm
though this can be easily changed by supplying a different algorithm name. See
<a shape="rect" class="unresolved" href="#">here</a> for how to check what
algorithms are available through the configured security providers<div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -200,11 +200,11 @@ from("direct:hmac-algorithm")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<crypto id="hmac-algorithm" algorithm="DES"
keyRef="desKey" macAlgorithm="HmacMD5"
shouldAppendHMAC="true" />
]]></script>
-</div></div><h3 id="Crypto-SupplyingKeysDynamically">Supplying Keys
Dynamically</h3><p>When using a Recipient list or similar EIP the recipient of
an exchange can vary dynamically. Using the same key across all recipients may
neither be feasible or desirable. It would be useful to be able to specify keys
dynamically on a per exchange basis. The exchange could then be dynamically
enriched with the key of its target recipient before being processed by the
data format. To facilitate this the DataFormat allow for keys to be supplied
dynamically via the message headers
below</p><ul><li><code>CryptoDataFormat.KEY</code>
<code>"CamelCryptoKey"</code></li></ul><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="Crypto-SupplyingKeysDynamically">Supplying Keys
Dynamically</h3><p>When using a Recipient list or similar EIP the recipient of
an exchange can vary dynamically. Using the same key across all recipients may
neither be feasible or desirable. It would be useful to be able to specify keys
dynamically on a per exchange basis. The exchange could then be dynamically
enriched with the key of its target recipient before being processed by the
data format. To facilitate this the DataFormat allow for keys to be supplied
dynamically via the message headers
below</p><ul><li><code>CryptoDataFormat.KEY</code>
<code>"CamelCryptoKey"</code></li></ul><p></p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
CryptoDataFormat cryptoFormat = new CryptoDataFormat("DES", null);
/**
@@ -226,11 +226,11 @@ from("direct:key-in-header-decrypt&
}
}).to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
<crypto id="nokey" algorithm="DES" />
]]></script>
-</div></div><h3 id="Crypto-PGPDataFormatOptions">PGPDataFormat
Options</h3><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyUserid</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The user ID of the key in the
PGP keyring used during encryption. See also option <code>keyUserids</code>.
Can also be only a part of a user ID. For example, if the user ID is "Test User
<t...@camel.com>" then you can use the part "Test User" or
"<t...@camel.com>" to addr
ess the user ID.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>keyUserids</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>: PGP allows to encrypt the symmetric key by several asymmetric
public receiver keys. You can specify here the User IDs or parts of User IDs of
several public keys contained in the PGP keyring. If you just have one User ID,
then you can also use the option <code>keyUserid</code>. The User ID specified
in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be
merged together and the corresponding public keys will be used for the
encryption.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>password</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>S
tring</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Password used when opening the private key (not used
for encryption).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>keyFileName</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Filename of the keyring; must be accessible
as a classpath resource (but you can specify a location in the file system by
using the "file:" prefix).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>encryptionKeyRing</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd">
<p><strong>Since camel 2.12.1</strong>; encryption keyring; you can not set
the keyFileName and encryptionKeyRing at the same time.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyUserid</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>;
optional User ID of the key in the PGP keyring used for signing (during
encryption) or signature verification (during decryption). During the signature
verification process the specified User ID restricts the public keys from the
public keyring which can be used for the verification. If no User ID is
specified for the signature verficiation then any public key in the public
keyring can be used for the verification. Can also be only a part of a user ID.
For example, if the user ID is "Test User <test@c
amel.com>" then you can use the part "Test User" or
"<t...@camel.com>" to address the User ID.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyUserids</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.3</strong>;
optional list of User IDs of the key in the PGP keyring used for signing
(during encryption) or signature verification (during decryption). You can
specify here the User IDs or parts of User IDs of several keys contained in the
PGP keyring. If you just have one User ID, then you can also use the option
<code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the
User IDs in <code>keyUserids</code> will be merged together and the
corresponding keys will be used for the signing or signature verificatio
n. If the specified User IDs reference several keys then for each key a
signature is added to the PGP result during the encryption-signing process. In
the decryption-verifying process the list of User IDs restricts the list of
public keys which can be used for signature verification. If the list of User
IDs is empty then any public key in the public keyring can be used for the
signature verification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signaturePassword</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>;
optional password used when opening the private key used for signing (during
encryption).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyFileName</code></p></td><td
colspan="1" rowspan="1" class="co
nfluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; optional filename
of the keyring to use for signing (during encryption) or for signature
verification (during decryption); must be accessible as a classpath resource
(but you can specify a location in the file system by using the "file:"
prefix).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyRing</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.1</strong>;
signature keyring; you can not set the signatureKeyFileName and
signatureKeyRing at the same time.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>algorithm</c
ode></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>SymmetricKeyAlgorithmTags.CAST5</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>; symmetric key encryption algorithm; possible values are
defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>; for
example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting.</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>compressionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>CompressionAlgorithmTags.ZIP</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>; compression algorithm; possible values are defined in
<code>org.bouncycastle.bcpg.Compress
ionAlgorithmTags</code>; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (=
ZLIB), 3 (= BZIP2). Only relevant for encrypting.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>hashAlgorithm</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>HashAlgorithmTags.SHA1</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>: signature hash algorithm; possible values are defined in
<code>org.bouncycastle.bcpg.HashAlgorithmTags</code>; for example 2 (= SHA1), 8
(= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for
signing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>armored</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" cla
ss="confluenceTd"><p>This option will cause PGP to base64 encode the encrypted
text, making it available for copy/paste, etc.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>integrity</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>boolean</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Adds an integrity check/sign into the
encryption file.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>passphraseAccessor</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a></code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>;
provides passphrases corresponding to user Ids. If no passpharase can be found
from the option <code>password</code> or <code>signaturePassword</code> and
from the headers <code>CamelPGPDataFormatKeyPassword</code> or
<code>CamelPGPDataFormatSignatureKeyPassword</code> then the passphrase is
fetched from the passphrase accessor. You provide a bean which implements the
interface <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/DefaultPGPPassphraseAccessor.java";
rel="nofollow">DefaultPGPPassphraseAccessor</a>. The passphrase accessor is
espec
ially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of
Messages Encrypted/Signed by Different Private/Public Keys'
below.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureVerificationOption</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>"optional"</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since camel 2.13.0</strong>:
controls the behavior for verifying the signature during unmarshaling. There
are three values possible:</p><ul><li><code>"optional"</code>: The PGP message
may or may not contain signatures; if it does contain signatures, then a
signature verification is executed. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_OPTIONAL.</li><li><code>"required"</code>:
The PGP message must contain at least one signature; if this is not the case
an exception (PGPException) i
s thrown. A signature verification is executed. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_REQUIRED.</li><li><code>"ignore"</code>:
Contained signatures in the PGP message are ignored; no signature verification
is executed. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_IGNORE.</li><li><code>"no_signature_allowed"</code>:
The PGP message must not contain a signature; otherwise an exception
(PGPException) is thrown. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.</li></ul></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><code>FileName</code></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>String</code></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>"_CONSOLE"</code></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.15.0:</strong> Sets the file name for the literal data packet. Can be
overwritten by the  header {@link Excha
nge#FILE_NAME}.</p><p>"<code>_CONSOLE</code>" indicates that the message is
considered to be "for your eyes only". This advises that the message data is
unusually sensitive, and the receiving program should process it more
carefully, perhaps avoiding storing the received data to disk, for example.Only
used for marshaling.</p></td></tr></tbody></table></div><h3
id="Crypto-PGPDataFormatMessageHeaders">PGPDataFormat Message
Headers</h3><p>You can override the PGPDataFormat options by applying below
headers into message dynamically.</p><p> </p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyFileName</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</
code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the
keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionKeyRing</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the encryption
keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserid</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.11.0</strong>; the User ID of the key in the PGP keyring; will override
existing setting directly on the PGPDataFormat.</p></td></tr><tr><td
colspan="1" r
owspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserids</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: the
User IDs of the key in the PGP keyring; will override existing setting directly
on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyPassword</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.11.0</strong>; password used when opening the private key; will override
existing setting directly on the PGPDataFormat.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyFileName</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowsp
an="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename
of the signature keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyRing</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the signature
keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyUserid</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the
signature key in the PGP keyring; will override existing setting directly on
the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="
1"
class="confluenceTd"><code>CamelPGPDataFormatSignatureKeyUserids</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><code>List<String></code></td><td colspan="1"
rowspan="1" class="confluenceTd"><strong>Since Camel 2.12.3</strong>; the User
IDs of the signature keys in the PGP keyring; will override existing setting
directly on the PGPDataFormat.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyPassword</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when
opening the signature private key; will override existing setting directly on
the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>;
symmetric key encryption algorithm; will override existing setting directly on
the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureHashAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.12.2</strong>; signature hash algorithm; will override existing setting
directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatCompressionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.12.2</strong>; compression algorithm; will override existing setting directly
on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluen
ceTd"><p><code>CamelPGPDataFormatNumberOfEncryptionKeys</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3; 
</strong>number of public keys used for encrypting the symmectric key, set by
PGPDataFormat during encryptiion process</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfSigningKeys</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3; 
</strong>number of private keys used for creating signatures, set by
PGPDataFormat during signing process</td></tr></tbody></table></div><h3
id="Crypto-EncryptingwithPGPDataFormat">Encrypting with
PGPDataFormat</h3><p>The following sample uses the popular PGP format for
encrypting/decrypting files using the <a shape="rect"
class="external-link" href="http://www.bouncycastle.org/java.html";
rel="nofollow">Bouncy Castle Java libraries</a>:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="Crypto-PGPMessage">PGP Message</h3><p>The PGP Data
Formater can create and decrypt/verify PGP Messages of the following PGP packet
structure (entries in brackets are optional and ellipses indicate repetition,
comma represents  sequential composition, and vertical bar separates
alternatives):</p><p>    Public Key Encrypted Session Key ...,
Symmetrically Encrypted Data | Sym. Encrypted and Integrity Protected Data,
(Compressed Data,) (One Pass Signature ...,) Literal Data, (Signature
...,)</p><p><strong>Since Camel 2.16</strong>.<strong>0</strong> the Compressed
Data packet is optional, before it was mandatory.</p><p> </p><h3
id="Crypto-PGPDataFormatOptions">PGPDataFormat Options</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></
th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyUserid</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The user ID of the key in the
PGP keyring used during encryption. See also option <code>keyUserids</code>.
Can also be only a part of a user ID. For example, if the user ID is "Test User
<t...@camel.com>" then you can use the part "Test User" or
"<t...@camel.com>" to address the user ID.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>keyUserids</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"
><p><strong>Since camel 2.12.2</strong>: PGP allows to encrypt the symmetric
>key by several asymmetric public receiver keys. You can specify here the User
>IDs or parts of User IDs of several public keys contained in the PGP keyring.
>If you just have one User ID, then you can also use the option
><code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and
>the User IDs in <code>keyUserids</code> will be merged together and the
>corresponding public keys will be used for the
>encryption.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p><code>password</code></p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
>colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
>colspan="1" rowspan="1" class="confluenceTd"><p>Password used when opening
>the private key (not used for encryption).</p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd"><p><code>keyFileName</code></p></td><td
>colspan="
1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Filename of the keyring; must
be accessible as a classpath resource (but you can specify a location in the
file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>encryptionKeyRing</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.1</strong>: encryption keyring; you can not set the keyFileName and
encryptionKeyRing at the same time.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>signatureKeyUserid</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>;
optional User ID of the key in the PGP keyring used for signing (during
encryption) or signature verification (during decryption). During the signature
verification process the specified User ID restricts the public keys from the
public keyring which can be used for the verification. If no User ID is
specified for the signature verficiation then any public key in the public
keyring can be used for the verification. Can also be only a part of a user ID.
For example, if the user ID is "Test User <t...@camel.com>" then you can
use the part "Test User" or "<t...@camel.com>" to address the User
ID.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyUserids</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1"
rowspan="1" cl
ass="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.12.3</strong>: optional list of
User IDs of the key in the PGP keyring used for signing (during encryption) or
signature verification (during decryption). You can specify here the User IDs
or parts of User IDs of several keys contained in the PGP keyring. If you just
have one User ID, then you can also use the option <code>keyUserid</code>. The
User ID specified in <code>keyUserid</code> and the User IDs in
<code>keyUserids</code> will be merged together and the corresponding keys will
be used for the signing or signature verification. If the specified User IDs
reference several keys then for each key a signature is added to the PGP result
during the encryption-signing process. In the decryption-verifying process the
list of User IDs restricts the list of public keys which can be used for
signature verification. If the list of User IDs is empty then any public ke
y in the public keyring can be used for the signature
verification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signaturePassword</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>:
optional password used when opening the private key used for signing (during
encryption).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureKeyFileName</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.11.0</strong>: optional filename of the keyring to use for signing (during
encryption) or for signature verification (during decryption); mus
t be accessible as a classpath resource (but you can specify a location in the
file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>signatureKeyRing</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.1</strong>: signature keyring; you can not set the signatureKeyFileName
and signatureKeyRing at the same time.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>algorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>SymmetricKeyAlgorithmTags.CAST5</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>: symmetric key encryption algorithm; possible values
are defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>;
for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (=
AES_128). Only relevant for encrypting.</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>compressionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>CompressionAlgorithmTags.ZIP</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>: compression algorithm; possible values are defined in
<code>org.bouncycastle.bcpg.CompressionAlgorithmTags</code>; for example 0 (=
UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for
encrypting.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>hashAlgorithm</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1"
rowspan="1" clas
s="confluenceTd"><p><code>HashAlgorithmTags.SHA1</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
2.12.2</strong>: signature hash algorithm; possible values are defined in
<code>org.bouncycastle.bcpg.HashAlgorithmTags</code>; for example 2 (= SHA1), 8
(= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for
signing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>armored</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This option will cause PGP to
base64 encode the encrypted text, making it available for copy/paste,
etc.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>integrity</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td
colspan="1" rowspan="1" c
lass="confluenceTd"><p><code>true</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Adds an integrity check/sign into the encryption
file.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>passphraseAccessor</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a></code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>:
provides passphrases corresponding to user Ids. If no passpharase can be found
from the option <code>password</code> or <code>signaturePassword</code> and
from the headers <code>CamelPGPDataFormatKeyPassword</code> or
<code>CamelPGPDataFormatSignatureKeyPassword<
/code> then the passphrase is fetched from the passphrase accessor. You
provide a bean which implements the interface <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java";
rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by
<a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/DefaultPGPPassphraseAccessor.java";
rel="nofollow">DefaultPGPPassphraseAccessor</a>. The passphrase accessor is
especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of
Messages Encrypted/Signed by Different Private/Public Keys'
below.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>signatureVerificationOption</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p><
/td><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>"optional"</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.13.0</strong>:
controls the behavior for verifying the signature during unmarshaling. There
are three values possible:</p><ul><li><code>"optional"</code>: The PGP message
may or may not contain signatures; if it does contain signatures, then a
signature verification is executed. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_OPTIONAL.</li><li><code>"required"</code>:
The PGP message must contain at least one signature; if this is not the case
an exception (PGPException) is thrown. A signature verification is executed.
Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_REQUIRED.</li><li><code>"ignore"</code>:
Contained signatures in the PGP message are ignored; no signature verification
is executed. Use the constant
PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_IGNORE.</li><li
><code>"no_signature_allowed"</code>: The PGP message must not contain a
>signature; otherwise an exception (PGPException) is thrown. Use the constant
>PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.</li></ul></td></tr><tr><td
> colspan="1" rowspan="1"
>class="confluenceTd"><p><code>FileName</code></p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><code>String</code></td><td colspan="1"
>rowspan="1" class="confluenceTd"><code>"_CONSOLE"</code></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p><strong>Since camel 2.15.0</strong>: Sets
>the file name for the literal data packet. Can be overwritten by the 
>header {@link Exchange#FILE_NAME}.</p><p>"<code>_CONSOLE</code>" indicates
>that the message is considered to be "for your eyes only". This advises that
>the message data is unusually sensitive, and the receiving program should
>process it more carefully, perhaps avoiding storing the received data to
>disk, for example.Only used for marshaling.</p></
td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><code>withCompressedDataPacket</code></td><td colspan="1"
rowspan="1" class="confluenceTd">boolean</td><td colspan="1" rowspan="1"
class="confluenceTd"><code>true</code></td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since Camel 2.16.0</strong>: Indicator whether the
PGP Message shall be created with or without a Compressed Data packet. If the
value is set to false, then no Compressed Data packet is added and the
compressionAlgorithm value is ignored. Only used for
marshaling.</td></tr></tbody></table></div><h3
id="Crypto-PGPDataFormatMessageHeaders">PGPDataFormat Message
Headers</h3><p>You can override the PGPDataFormat options by applying below
headers into message dynamically.</p><p> </p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowsp
an="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyFileName</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.11.0</strong>; filename of the keyring; will override existing setting
directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionKeyRing</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the encryption
keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserid</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td
><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
>2.11.0</strong>; the User ID of the key in the PGP keyring; will override
>existing setting directly on the PGPDataFormat.</p></td></tr><tr><td
>colspan="1" rowspan="1"
>class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserids</code></p></td><td
>colspan="1" rowspan="1"
>class="confluenceTd"><p><code>List<String></code></p></td><td
>colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel
>2.12.2</strong>: the User IDs of the key in the PGP keyring; will override
>existing setting directly on the PGPDataFormat.</p></td></tr><tr><td
>colspan="1" rowspan="1"
>class="confluenceTd"><p><code>CamelPGPDataFormatKeyPassword</code></p></td><td
> colspan="1" rowspan="1"
>class="confluenceTd"><p><code>String</code></p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>;
>password used when opening the private key; will override existing setting
>directly on the PGPDataFormat.</
p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyFileName</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the
signature keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyRing</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the signature
keyring; will override existing setting directly on the
PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyUserid</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" r
owspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the
User ID of the signature key in the PGP keyring; will override existing setting
directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><code>CamelPGPDataFormatSignatureKeyUserids</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><code>List<String></code></td><td colspan="1"
rowspan="1" class="confluenceTd"><strong>Since Camel 2.12.3</strong>; the User
IDs of the signature keys in the PGP keyring; will override existing setting
directly on the PGPDataFormat.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyPassword</code></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when
opening the signature private key; will override existing setting directly on
the PGPDat
aFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.12.2</strong>; symmetric key encryption algorithm; will override existing
setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatSignatureHashAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.12.2</strong>; signature hash algorithm; will override existing setting
directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatCompressionAlgorithm</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td c
olspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel
2.12.2</strong>; compression algorithm; will override existing setting directly
on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfEncryptionKeys</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3; 
</strong>number of public keys used for encrypting the symmectric key, set by
PGPDataFormat during encryptiion process</td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfSigningKeys</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td
colspan="1" rowspan="1"
class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3; 
</strong>number of private keys used for creating signatures, set by
PGPDataFormat during signin
g process</td></tr></tbody></table></div><h3
id="Crypto-EncryptingwithPGPDataFormat">Encrypting with
PGPDataFormat</h3><p>The following sample uses the popular PGP format for
encrypting/decrypting files using the <a shape="rect" class="external-link"
href="http://www.bouncycastle.org/java.html"; rel="nofollow">Bouncy Castle Java
libraries</a>:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
// Public Key FileName
String keyFileName = getKeyFileName();
@@ -244,7 +244,7 @@ String keyPassword = getKeyPassword();
from("direct:inline").marshal().pgp(keyFileName,
keyUserid).to("mock:encrypted").unmarshal()
.pgp(keyFileNameSec, null,
keyPassword).to("mock:unencrypted");
]]></script>
-</div></div><p>The following sample performs signing + encryption, and then
signature verification + decryption. It uses the same keyring for both signing
and encryption, but you can obviously use different keys:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>The following sample performs signing + encryption, and then
signature verification + decryption. It uses the same keyring for both signing
and encryption, but you can obviously use different keys:<div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[
PGPDataFormat pgpSignAndEncrypt = new PGPDataFormat();
pgpSignAndEncrypt.setKeyFileName(keyFileName);
@@ -268,7 +268,7 @@ pgpVerifyAndDecrypt.setSignatureKeyUseri
from("direct:inline-sign").marshal(pgpSignAndEncrypt).to("mock:encrypted").unmarshal(pgpVerifyAndDecrypt)
.to("mock:unencrypted");
]]></script>
-</div></div><p>Or using Spring:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>Or using Spring:<div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><