5. 6
● Both the speaker and host are organizing this meet up in individual capacity only. We are not representing our companies here.
● This presentation is strictly for learning purpose only. Organizer/Presenter do not hold any responsibility that same solution will
work for your business requirements also.
● This presentation is not meant for any promotional activities.
● This meeting will be recorded and shared.
Safe Harbour Statement
8. What is Cryptography?
Cryptography is the science of writing in secret code so that no other person except
the intended recipient could read
Cryptography is the practice and study of techniques for secure communication in
the presence of third parties. More generally, it is about constructing and analyzing
protocols that overcome the influence of attackers or outside people and which are
related to various aspects in information security such as data confidentiality, data
integrity and authentication.
It is the science of using mathematics to encrypt and decrypt data. Cryptography
enables you to store sensitive information or transmit it across insecure networks
(like the Internet) so that it cannot be read by anyone except the intended recipient.
12. Jce Encryption
The JCE strategy enables you to use the wider range of cryptography
capabilities provided by the Java Cryptography Extension.
You can use cryptography capabilities in two ways:
Password Based Encryption
Key Based Encryption
13. Jce Encrypt Pbe/Decrypt Pbe
By using Given Algorithm and Password Jce Encrypt Pbe and Encrypt the data and
gives the binary output and reverse Mechanism applies in Decryption
14. Jce Encrypt
It as two flavours Symmetric Encryption
Asymmetric Encryption
Symmetric Encryption Uses Secret Key for both Encryption and Decryption Process
Supported KeyStore Formats are:: “JCEKS” “PKCS12” (JKS is not supported)
> It is less secure and decryption time is very less
Asymmetric Encryption uses Public key for Encryption and Private key as Decryption
Supported Formats JKS,JCEKS,PKCS12
> It is More Secure but decryption time is slow compare to symmetric
We can use openssl,keystore Explorer etc.. to generate Jave Cryptography Keys
17. Keystore Explorer
Note: For Symmetric key size of the key is very small and size
changes based on the algorithm
18. Jce Configuration
In the Algorithm section Cipher and Algorithm and mutually Exclusive
Connector By Default identifies public and private key based on password if password
presents it is private key and it picks from keystore using store password as above
19. CheckSum in Crypto
Calculate checksum is use to calculate hash value by using SHA and MD5 Algorithms
Validate checksum is used to validate the hashvalue in target system to check
message Integrity if message is altered it will give Crypto:validation error
20. Crypto in Dataweave
Dataweave Supports Crypto Module it as various supported SHA and
MD5 Algorithms
We need to import “ import * from dw::Crypto“ in Dw Module
21. JCE Sign
Digital Signing Uses Internally digest(or)hashing Algorithm to generate
Digest Value
Message signing, on the other hand, uses the sender’s private key to
encrypt the hash value and send the Signature to target system
22. JCE Signature Validate
In the validation component
We need to pass our actual payload
Which we need to validate to check
Message Integrity and in mule the
Datatype is String
In the Expected tag configuration we
Need to pass Sender Signature
Value
Note: All Mule Crypto Modules
Support Detached Signatures Only
23. PGP Cryptography
Mule can encrypt all or part of a message using Pretty Good Privacy
(PGP). PGP combines data compression and data encryption to
secure messages. The compression reduces the size of the payload to
help reduce the transmission time later on your application.
○ Encryption: Using another party’s public key to encrypt an
outgoing message in a Mule app.
○ Decryption: Using your own private key to decrypt an incoming
message in a Mule app.
24. PGP Encryption/Decryption Flow
PGP combines some of the best features of both conventional and public key
cryptography. PGP is a hybrid cryptosystem
PGP then creates a session key, which is a one-time-only secret key. This key is a
random number generated from the random movements of your mouse and the
keystrokes you type. This session key works with a very secure, fast conventional
encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is
encrypted, the session key is then encrypted to the recipient's public key. This public
key-encrypted session key is transmitted along with the ciphertext to the recipient.
Decryption works in the reverse. The recipient's copy of PGP uses his or her private key
to recover the temporary session key, which PGP then uses to decrypt the
conventionally-encrypted ciphertext.
27. Creation of PGP Key Pair
We can use Kleopatra or GitBash to generate pgp key pair
Once we give our name emailID and Algorithm,Key size and then select Create it will
generate Public Key Private Key and FingerPrint and PassPhrase for you private Key
30. Pgp Encrypt&Sign
This component will do first Signing and
Then will perform Encryption the returned
Message as Signature inside its encrypted
Contents for sigining.it uses Private key for
sign and For encryption it uses Public key
Note: Whenever we send Encrypt&Sign data
For Pgp Decrypt we need to set “Validate if
Signature found = true” in Pgp Decrypt
So that component will able to take Public
Key From Key configuration and Validate the
Signature If validation Success it will give
Decryption Payload
31. Xml Encryption/Decryption
Xml Encryption uses same Java KeyStore Configuration and uses Public key for
Encryption and Private Key for decryption and we can use Element path is an
XPath expression that identifies the element to encrypt or decrypt we can use
symmetric and asymmetric Mechanism as per our need
32. XML Sign
Canonicalization Algorithm defines internal canonical algorithm
mappings
Detached Signatures we need to pass Element Path remaining modes
its optional
37. 38
● All Questions will be Multiple Choice Questions.
● Respond answers in Chat Window.
● First correct answer for every question will be the winner for that question
● One voucher per month - Across All Meetups
● Note for Trivia Winners:
■ Make sure the host has your full name, email address and linkedIn profile before leaving
■ Voucher sent to winners within 10 days
Trivia Rules
38. 39
We have generated the hash value using the MD5 algorithm. How to decrypt the hash value using
the options listed below
A) Using same MD5 Algorithm
B) It is Not Possible to Decrypt Hash Value
C) Using Jce Decrypt
D) None of the Above
Questions 1:
39. 40
Which of the algorithms is not supported to generate the checksum?
A) CRC32
B) MD2
C) SHA_256
D) RC2
Questions 2:
40. 41
Which of the keystore types could support generating a symmetric key?
A) JCEKS
B) JKS
C) PGP
D) None of the above
Questions 3:
42. 43
● Share:
○ Tweet using the hashtag #MuleSoftMeetups #MuleMeetup
○ Invite your network to join: https://meetups.mulesoft.com/patna
● Feedback:
○ Fill out the survey feedback and suggest topics for upcoming events
○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program
● Nominate Yourself as Meetup Speaker:
○ Amazing opportunity to public speaking, broadening skills and expanding network
Knowledge Shared is Knowledge Squared!