Monday, January 12, 2015

Signing and encrypting Apache Camel routes

A recent blog post looked at using the XML Security component and dataformat in Apache Camel to sign and encrypt XML documents. However, what if you wish to secure non-XML data? An alternative is to use the Apache Camel Crypto component and dataformat. The Crypto component provides the ability to sign (and verify) messages (using the JCE). Similarly, the Crypto dataformat allows you to encrypt (and decrypt) messages (again using the JCE). Another alternative is to use the PGPDataFormat, which allows you to use PGP to sign/encrypt Camel messages.

I have created a github project called "camel-crypto" with some samples about how to use these features. It contains the following tests:
The tests follow a similar pattern, where they take some (XML) data, sign/encrypt it, and copy it to a particular directory. Another route then takes the secured data, and verifies/decrypts it, and copies it to another directory. The tests also show how to use the Camel Jasypt component to avoid hard-coding plaintext passwords in the spring configuration files. The tests rely on a SNAPSHOT version of Camel (2.15-SNAPSHOT) at the time of writing this post, due to some fixes that were required (particularly in terms of adding new (Spring) configuration options to the PGPDataFormat).

2 comments:

  1. Hi Colm,

    We have a use case in which we need to encrypt which routing through apache camel and decrypt when we get data from camel. can we do this ?

    ReplyDelete
  2. Yes...so long as you're doing the encryption/decryption as part of the camel route. Take a look at https://github.com/coheigea/testcases/blob/master/apache/camel/camel-crypto/src/test/resources/camel-encryption.xml

    ReplyDelete