Versions Compared

Old Version 67

changes.mady.by.user Franz Forsthofer

Saved on

compared with

New Version 68

changes.mady.by.user Franz Forsthofer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
{snippet:id=key-in-header|lang=java|url=camel/trunk/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java}
or with spring.
Wiki Markup
{snippet:id=header-key|lang=xml|url=camel/trunk/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml}

PGP Message

The PGP Data Formater can create and decrypt/verify PGP Messages of the following PGP packet structure (entries in brackets are optional and ellipses indicate repetition, comma represents  sequential composition, and vertical bar separates alternatives):

    Public Key Encrypted Session Key ..., Symmetrically Encrypted Data | Sym. Encrypted and Integrity Protected Data, (Compressed Data,) (One Pass Signature ...,) Literal Data, (Signature ...,)

Since Camel 2.16.0 the Compressed Data packet is optional, before it was mandatory.

 

PGPDataFormat Options

Name

Type

Default

Description

keyUserid

String

null

The user ID of the key in the PGP keyring used during encryption. See also option keyUserids. Can also be only a part of a user ID. For example, if the user ID is "Test User <test@camel.com>" then you can use the part "Test User" or "<test@camel.com>" to address the user ID.

keyUserids

List<String>

null

Since camel 2.12.2: PGP allows to encrypt the symmetric key by several asymmetric public receiver keys. You can specify here the User IDs or parts of User IDs of several public keys contained in the PGP keyring. If you just have one User ID, then you can also use the option keyUserid. The User ID specified in keyUserid and the User IDs in keyUserids will be merged together and the corresponding public keys will be used for the encryption.

password

String

null

Password used when opening the private key (not used for encryption).

keyFileName

String

null

Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).

encryptionKeyRing

byte[]

null

Since camel 2.12.1: encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time.

signatureKeyUserid

String

null

Since Camel 2.11.0; optional User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is "Test User <test@camel.com>" then you can use the part "Test User" or "<test@camel.com>" to address the User ID.

signatureKeyUserids

List<String>

null

Since Camel 2.12.3: optional list of User IDs of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). You can specify here the User IDs or parts of User IDs of several keys contained in the PGP keyring. If you just have one User ID, then you can also use the option keyUserid. The User ID specified in keyUserid and the User IDs in keyUserids will be merged together and the corresponding keys will be used for the signing or signature verification. If the specified User IDs reference several keys then for each key a signature is added to the PGP result during the encryption-signing process. In the decryption-verifying process the list of User IDs restricts the list of public keys which can be used for signature verification. If the list of User IDs is empty then any public key in the public keyring can be used for the signature verification.

signaturePassword

String

null

Since Camel 2.11.0: optional password used when opening the private key used for signing (during encryption).

signatureKeyFileName

String

null

Since Camel 2.11.0: optional filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).

signatureKeyRing

byte[]

null

Since camel 2.12.1: signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time.

algorithm

int

SymmetricKeyAlgorithmTags.CAST5

Since camel 2.12.2: symmetric key encryption algorithm; possible values are defined in org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting.

compressionAlgorithm

int

CompressionAlgorithmTags.ZIP

Since camel 2.12.2: compression algorithm; possible values are defined in org.bouncycastle.bcpg.CompressionAlgorithmTags; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting.

hashAlgorithm

int

HashAlgorithmTags.SHA1

Since camel 2.12.2: signature hash algorithm; possible values are defined in org.bouncycastle.bcpg.HashAlgorithmTags; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.

armored

boolean

false

This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc.

integrity

boolean

true

Adds an integrity check/sign into the encryption file.

passphraseAccessor

PGPPassphraseAccessor

null

Since Camel 2.12.2: provides passphrases corresponding to user Ids. If no passpharase can be found from the option password or signaturePassword and from the headers CamelPGPDataFormatKeyPassword or CamelPGPDataFormatSignatureKeyPassword then the passphrase is fetched from the passphrase accessor. You provide a bean which implements the interface PGPPassphraseAccessor. A default implementation is given by DefaultPGPPassphraseAccessor. The passphrase accessor is especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys' below.

signatureVerificationOption

String

"optional"

Since Camel 2.13.0: controls the behavior for verifying the signature during unmarshaling. There are three values possible:

  • "optional": The PGP message may or may not contain signatures; if it does contain signatures, then a signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_OPTIONAL.
  • "required": The PGP message must contain at least one signature; if this is not the case an exception (PGPException) is thrown. A signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_REQUIRED.
  • "ignore": Contained signatures in the PGP message are ignored; no signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_IGNORE.
  • "no_signature_allowed": The PGP message must not contain a signature; otherwise an exception (PGPException) is thrown. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.

FileName

String"_CONSOLE"

Since camel 2.15.0: Sets the file name for the literal data packet. Can be overwritten by the  header {@link Exchange#FILE_NAME}.

"_CONSOLE" indicates that the message is considered to be "for your eyes only". This advises that the message data is unusually sensitive, and the receiving program should process it more carefully, perhaps avoiding storing the received data to disk, for example.Only used for marshaling.

withCompressedDataPacketbooleantrueSince Camel 2.16.0: Indicator whether the PGP Message shall be created with or without a Compressed Data packet. If the value is set to false, then no Compressed Data packet is added and the compressionAlgorithm value is ignored. Only used for marshaling.

...