[译]Mule ESB + PGP:相当不错的隐私

原文地址：https://www.codeproject.com/Articles/1101810/Mule-ESB-plus-PGP-Pretty-Good-Privacy

原文作者：RajeshKumar D

译文由本站 robot-v1.0 翻译

前言

Configuring PGP Encryption and Decryption part of MULE ESB 配置MULE ESB的PGP加密和解密部分

介绍(Introduction)

ule子ESB(Mule ESB)是在Java平台上开发的集成框架.它允许应用程序轻松连接,并允许您在本地或云中进行部署.它还允许您与内部和外部的不同应用程序进行通信;这些应用程序可以是企业内或Internet上的任何应用程序,从应用程序服务器到独立应用程序.(is an integration framework developed on the Java platform. It allows applications to connect easily and allows you to deploy on-premises or in the cloud. It also allows you to communicate with different applications, internal and external ; these applications can be anything from application servers to standalone applications within your enterprise or across the internet.)

PGP(相当不错的隐私)(PGP (Pretty Good Privacy))

PGP(PGP)是一种用于加密和解密数据,为数据通信提供隐私和身份验证的机制.(is a mechanism used to encrypt and decrypt data, providing privacy and authentication for data communication.)

PGP是混合密码系统.(PGP is hybrid cryptosystem.) 加密:(Encryption:)

• PGP首先压缩数据(PGP first compresses the data)

• 然后创建会话密钥,并使用该密钥将对数据进行加密(It then creates the session key and uses this key data will be encrypted)

• 生成的会话密钥将用于加密收件人密钥的公钥,并将其与密文一起发送给收件人.(The generated session keys will be used to encrypt the public key of recipient’s key and it will be transmitted with ciphertext to the recipient.) 解密:(Decryption:)

• 接收者使用私钥从副本中恢复临时会话密钥.(The receiver uses a private key to recover the temporary session key from the copy.)

• PGP负责解密常规加密的密文.(PGP is responsible for decrypting the conventionally-encrypted ciphertext.) 作为Mule ESB的一部分,我们可以使用PGP技术加密消息有效负载或部分有效负载.(As part of Mule ESB, we can encrypt the message payload or part of a payload using the PGP technique.) 使用公钥(Use a public key)分发给将使用它加密并向您发送消息的人.(to distribute to those who will use it to encrypt and send messages to you.) 使用私钥(Use a private key)解密您收到的使用公钥加密的消息.(to decrypt the messages you receive which were encrypted using the public key.)

背景(Background)

对MULE和PGP的基本了解(Basic understanding of MULE and PGP)

使用代码(Using the code)

组态(Configuration)

要加密或解密消息,我们需要在Mule Flow中配置一些重要元素.此扩展增加了端点通信上的PGP安全性.使用PGP,您可以通过签名和加密来实现端到端的安全通信.(To encrypt or decrypt the message we need to configure some important elements in Mule Flow. This extension adds PGP security on endpoint communication. With PGP you can achieve end-to-end security communication with signed and encrypted.) 安全经理(Security Manager):安全管理器仅负责持有密钥环和要使用的加密策略.这允许使用同一密钥对所有消息进行加密,或者便于使用不同的密钥环.(: Security Manager is solely responsible for holding key rings and the encryption strategy to be used. This allows for the encryption of all messages using the same key or to facilitate the use of different key rings.) 关键经理:(Key Manager:)负责读取钥匙圈.(which is responsible for reading the key rings.) 凭证存取器(Credential accessor):该bean将找到用于加密/解密正在处理的消息的密钥环和密钥管理器.(: This bean will  find the key ring and key manager to be used to encrypt/decrypt the message being processed.)

//
// <pgp:security-manager>
    <pgp:security-provider name="pgpSecurityProvider" keyManager-ref="pgpKeyManager"/>
        <pgp:keybased-encryption-strategy
        name="pgpEncryptionStrategy"
        keyManager-ref="pgpKeyManager"
        credentialsAccessor-ref="credentialAccessor"/>
</pgp:security-manager>
<spring:beans>
    <spring:bean id="pgpKeyManager" class="org.mule.module.pgp.PGPKeyRingImpl" init-method="initialise">                  
        <spring:property name="publicKeyRingFileName" value="pubring.gpg"/>
        <spring:property name="secretKeyRingFileName" value="secring.gpg"/>
        <spring:property name="secretAliasId" value="${pgp.secretAliasId}"/>
            <spring:property name="secretPassphrase" value="${pgp.secretPassphrase}"/>
    </spring:bean>
        <spring:bean id="credentialAccessor" class="com.pgp.AppCredentialAccessor">
            <spring:property name="credentials" value="${pgp.principal}"/>
        </spring:bean>  
</spring:beans>
//Java :
public class AppCredentialAccessor implements CredentialsAccessor {
    private String credentials = "pgp test (pgp) <pgptest@mulesoft.com>";
    public AppCredentialAccessor() {
    }
    public AppCredentialAccessor(String string) {
        this.credentials = string;
    }
    public String getCredentials() {
        return credentials;
    }
    public void setCredentials(String credentials) {
        this.credentials = credentials;
    }
    public Object getCredentials(MuleEvent event) {
        returnthis.credentials;
    }
    public void setCredentials(MuleEvent event, Object credentials) {
        // dummy
    }
}

安全提供者:(Security-Provider:)PGP相关功能的安全提供程序(Security provider for PGP related functionality) 基于密钥的加密策略:(keybased-encryption-strategy:)使用基于密钥的PGP加密策略.(The key-based PGP encryption strategy to use.) keyManager-ref:(keyManager-ref:)引用要使用的密钥管理器.(Reference to the key manager to use.) certificateAccessor-ref:(credentialsAccessor-ref:)引用要使用的凭据访问器.(Reference to the credentials accessor to use.) 在这里," pgpKeyManager" bean负责读取密钥(发布,加密).(Here the ‘pgpKeyManager’ bean is responsible for reading the keys (pubring, secring).) 凭证访问者:(Credential Accessor:)凭据访问器是确定您的密钥ID的类.例如,以下类(在示例中使用)始终返回相同的固定字符串,因此将使用相同的密钥ID对所有消息进行加密/解密.(Credential accessor is a class which determines your key id. For instance the following class (used in the example) always returns the same fixed string, thus all the messages will be encrypted/decrypted using the same key id.) 加密的子流:(Mule Flow for Encryption:)

<flow name="EncryptFilesFlow"><br />
    <file:inbound-endpoint connector-ref="InputFile"<br />
        path="<<Input Folder  location>>" moveToDirectory="<<TempLocation>>"<br />
        moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />

<encrypt-transformer name="pgpEncrypt" strategy-ref="pgpEncryptionStrategy" />

    <file:outbound-endpoint connector-ref="output"<br />
        path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" /><br />
</flow>

解密的子流:(Mule Flow for Decryption:) <flow name="DecryptFilesFlow ">

    <file:inbound-endpoint connector-ref="InputFile"<br />
        path="<<InputFileLocation>>" moveToDirectory="<<InputFileLocationforBackup>>" "<br />
        moveToPattern="#[header:originalFilename].backup" transformer-refs="file2Bytes" />

    <decrypt-transformer name="pgpDecrypt"<br />
        strategy-ref="pgpEncryptionStrategy" />

    <file:outbound-endpoint connector-ref="output"<br />
        path="<<OutPutLocation>>" outputPattern="#[function:datestamp]-#[header:originalFilename]" />

</flow>

兴趣点(Points of Interest)

数据转换变得简单,不再需要编码,它的合理配置使数据在转换时非常安全(Data transformation made easy and no more coding, its just configuration and makes data is very secure while transformation of data)

历史(History)

不断更新您在此处所做的任何更改或改进.(Keep a running update of any changes or improvements you’ve made here.)

许可

本文以及所有相关的源代码和文件均已获得The Code Project Open License (CPOL)的许可。