...
Maven users will need to add the following dependency to their pom.xml for this component:
...
Introduction
Digital signatures make use of Asymmetric Cryptographic techniques to sign messages. From a (very) high level, the algorithms use pairs of complimentary keys with the special property that data encrypted with one key can only be decrypted with the other. One, the private key, is closely guarded and used to 'sign' the message while the other, public key, is shared around to anyone interested in verifying the signed messages. Messages are signed by using the private key to encrypting a digest of the message. This encrypted digest is transmitted along with the message. On the other side the verifier recalculates the message digest and uses the public key to decrypt the the digest in the signature. If both digests match the verifier knows only the holder of the private key could have created the signature.
...
As mentioned Camel provides a pair of crypto endpoints to create and verify signatures
...
...
crypto:signcreates the signature and stores it in the Header keyed by the constantorg.apache.camel.component.crypto.DigitalSignatureConstants.SIGNATURE, i.e."CamelDigitalSignature".crypto:verifywill read in the contents of this header and do the verification calculation.
...
Note a crypto:sign endpoint is typically defined in one route and the complimentary crypto:verify in another, though for simplicity in the examples they appear one after the other. It goes without saying that both signing and verifying should be configured identically.
Options
...
...
Name | Type | Default | Description |
|---|---|---|---|
|
|
| The name of the JCE Signature algorithm that will be used. |
|
|
| An alias name that will be used to select a key from the keystore. |
|
|
| the size of the buffer used in the signature process. |
|
|
| A Certificate used to verify the signature of the exchange's payload. Either this or a Public Key is required. |
|
|
| A reference to a JCE Keystore that stores keys and certificates used to sign and verify. |
| keyStoreParameters Camel 2.14.1 | KeyStoreParameters | null | A reference to a Camel KeyStoreParameters Object which wraps a Java KeyStore Object |
|
|
| The name of the JCE Security Provider that should be used. |
|
|
| The private key used to sign the exchange's payload. |
|
|
| The public key used to verify the signature of the exchange's payload. |
|
|
| A reference to a |
|
|
| The password to access the private key from the keystore |
|
|
| Remove camel crypto headers from Message after a verify operation (value can be |
Using
1) Raw keys
The most basic way to way to sign and verify an exchange is with a KeyPair as follows.Wiki Markup Wiki Markup
2) KeyStores and Aliases.
...
The following shows how to use a Keystore via the Fluent builders, it also shows how to load and initialize the keystore.Wiki Markup Wiki Markup
3) Changing JCE Provider and Algorithm
Changing the Signature algorithm or the Security provider is a simple matter of specifying their names. You will need to also use Keys that are compatible with the algorithm you choose.Wiki Markup Wiki Markup Wiki Markup Wiki Markup
4) Changing the Signature Message Header
It may be desirable to change the message header used to store the signature. A different header name can be specified in the route definition as followsWiki Markup Wiki Markup
5) Changing the buffersize
In case you need to update the size of the buffer...Wiki Markup Wiki Markup
6) Supplying Keys dynamically.
...
Exchange.SIGNATURE_PRIVATE_KEY,"CamelSignaturePrivateKey"Exchange.SIGNATURE_PUBLIC_KEY_OR_CERT,"CamelSignaturePublicKeyOrCert"
...
Wiki Markup
Exchange.KEYSTORE_ALIAS,"CamelSignatureKeyStoreAlias"
...
Wiki Markup
...
...
Include Page
- Crypto Crypto is also available as a Data Format