Skip to main content

Mule SFTP and PGP Encryption


Many companies use standard protocols such as FTP and SFTP to transfer files to external partner and receive files from external partners. Using FTP and SFTP provides simple to use and low cost platform for file exchange. In some business scenarios, companies may have to exchange sensitive information such as employee’s personal information, expense reports, payment information etc.

Mule has the ability to encrypt a message payload, or part of a payload, using Pretty Good Privacy (PGP). PGP combines data compression and data encryption to secure messages. The compression reduces message transmission time between origin and destination.

There are two scenarios that this document addresses:
  • Using another party’s public key to encrypt a messages in a Mule application
  • Using one’s own set of private and public keys so as to accept, and decrypt messages in a Mule application.

What is Pretty Good Privacy (PGP)?

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann created it in 1991.

MuleSoft SFTP Connector:

The SFTP Connector implements a secure file transport channel so that Mule application can exchange files with external resources. We can implement the SFTP endpoint as an inbound endpoint with a one-way exchange pattern, or as an outbound endpoint configured for either a one-way or request-response exchange pattern.

Implementation:

Using MuleSoft Anypoint Studio, it is very easy to configure SFTP connection so that Mule application can exchange files. Mule also provides encryption and decryption capabilities.

In this example, we are going to look at how to configure SFTP connector and use data encryption/decryption capabilities. In this example, we will build Mule Application to:
  1. Read data file from SFTP location
  2. Encrypt file data
  3. Write encrypted file contents to SFTP location
  4. Read encrypted data file from SFTP location
  5. Decrypt file data
  6. Write decrypted file contents to SFTP location
I already have public and private key pair to use for this application. Refer following links for more details regarding PGP:
Lets begin creating simple Mule Application to address these requirements.

Create Mule Application:

First step is to create new Mule Application using the wizard in Anypoint platform.


Configure PGP:

Once the project is created, we will now configure PGP. In order to configure, go to “Global Elements” section and create sprint beans.




You must have both public and private keys. You will have to configure following properties:
  • secretKeyRingFileName : Provide private key file path.
  • publicKeyRingFileName : Provide public key file path.
  • secretAliasId : This is tricky. Initially provide value as “1” to this property. We will come back to this in few minutes.
  • secretPassphrase : Provide the passphrase which you have used while generating public/private key pair.
  • pgpCredentialAccessor : Provide the accessor name which is used to browse receiver’s public key ring.
Create PgpCredentialAccessor class, which is a simple class that will provide the credentials the receiver used to generate the key.


Finally, the configuration will look something like this.

Create read-flow:

Now, we will build our first Mule flow to read a file from SFTP location. SFTP_IN connector will read file from the external location. After receiving the file, the flow uses Mule’s encrypt-transformer to encrypt the file data and place the encrypted file in different location. SFTP_ENCRYPTED connector is configured to place encrypted files to external location. Our flow will look something like this:





Create write-flow:

Now, we will build another Mule flow to write a file to SFTP location. SFTP_ENCRYPTED connector will read encrypted file from the external location. After receiving the file, the flow uses Mule’s decrypt-transformer to decrypt the file data and place the decrypted file in different location. SFTP_OUT connector is configured to place decrypted files to external location. Our flow will look something like this:





Determine secretAliasKey:

We will try to run out Mule Application. You will notice that the application fails when you run. Remember we configured secretAliasKey value as “1” in step 2? This is the time to correct the value of secretAliasKey.

Note that, Mule has logged possible key values in console logs. In most cases, second key value from the logs will work but it is recommended to try both the values.


Update PGP configuration with appropriate key value:

Now, lets update out PGP configuration with correct secretAliasKey value. Updated configuration will look something like this:



Now, we will try to run application again. This time you will see that the application started without any issues.


You can now place the file in “/IN/” directory. Our read-flow will pick the file from “/IN/” folder, encrypt file data and place encrypted file in “/ENCRYPTED/” folder.

Next, write-flow will pick encrypted file from “/ENCRYPTED/” directory, decrypt file data and place decrypted file in “/OUT/” directory.

Things to Remember:

  • If you are running JDK 1.4+ that comes with the Sun JCE by default, you must install the Unlimited Strength Jurisdiction Policy files (click here for Java 7 and click here for Java 8).

References:


P.S. Click here to access my other posts.

Comments

Post a Comment

Popular posts from this blog

Postman - Set Timeout / Think Time / Pause / Delay

Those who are involved in API or web service development should be knowing about Postman , it is one of the most popular tools to build API requests and test them. Collection Runner is one of the feature of Postman . You can create one or more requests and group them in Collection, and as name suggests, you can run the entire collection i.e. series or requests. What if you need to add "Think Time" or "Delay" or "Pause" between two requests? It is surely possible, here are some options: Using Collection Runner GUI This option will be applicable to all the requests in the collection In the Collection Runner window, enter value for Delay in milliseconds Using Command Line This option will be applicable to all the requests in the collection Newman is a comman line collection runner for Postman Command To Execute: newman run <collection-file-source> --delay-request [number] Click here to get the details about Newman Newman installation

How to Extract Values from Response Header in JMeter?

JMeter is a powerful tool for API testing. Let's say you are are writing test cases for one of your RESTful service; and you want to extract and validate the value returned as part of response header. It is little bit tricky to extract the value from Response Header in JMeter , but it is possible. For example, your RESTful service returns "ETag" in response header. When you look at the raw response data, the value is displayed something like this: ETag: 2666d92fa9ebf10250acdb235546f045 To exact value of this reaponse header in JMeter: Right click on your HTTP request, then add Post Processor element - Regular Expression Extractor Select Radio button - Main sample only Select Radio burron - Response Headers Type some name in Reference Name section - for example, eTagVariable Type this expression in Reference Expression section - ETag:\s+(.+) IMPORTANT: This expression will select pick the ETag response header parameter and select everything after colon bla

Setup OpenLDAP on MAC

macOS (Mac OS X or OS X) is the current series of Unix-based graphical operating systems developed and marketed by Apple Inc . designed to run on Apple's Macintosh computers ("Macs"). Within the market of desktop, laptop and home computers, and by web usage, it is the second most widely used desktop OS after Microsoft Windows . Recently, while working on one of my projects, there was a requiremnt to integrate our system with LDAP i.e. Lightweight Directory Access Protocol ( LDAP ). So, I wanted to try out some samples by installing OpenLDAP on my MAC. Initially, it looked streightforward but later I realized that there are multiple steps involved to get OpenLDAP up and running in my Mac. So, I thought of documenting various steps so that others can refer them. What do you need to begin? MAC Obviously you need MAC because these steps will work only for MAC (Sorry Windows users) Homebrew This is a package manager for macOS. Click here and follow the instructio

MuleSoft - Static IP Addresses and Multiple Workers

Did you just realize that your Mule Application requires horizontal scalling ? Well, thats easy - just go to CloudHub Runtime Manager, select your application and change the "Workers" count from 1 to either 2, 3 or 4. If numbers are grayed out, then you might have to adjust the "Worker Size", or purchase additional capacity from MuleSoft. So, what is the issue then? At the time of the blog post, based on Mule documentation, if you are using only 1 worker and if you want to apply static IP, then you can simply navigate to "Static IPs" section in Runtime Manager and allocate the static IP address. The issue is when you want to apply Static IP addresses for more than 1 workers for various reasons including IP whitelisting. Based on Mule documentation you cannot apply static IPs if you are using more than 1 worker. From Mule Documentation: "Static IPs are not supported for private IP addresses inside a CloudHub VPC and it is only supported for app

Sublime Text 3 - Pertty Format JSON

You must be looking for some easy options to pretty format JSON data. Well, there are many websites which provides this capability and you can pretty format JSON data in browser. I use Sublime Text 3 text editor, and I was trying to see if I can pretty format JSON within the text editor itself. You can follow these simple steps: Open Sublime Text 3 text editor If you are using MAC OS Press Command + Shift + P Then select "Install Package" Search for "Pretty JSON" Install If you are using Windows OS Press CTRL + Shift + P Then select "Install Package" Search for "Pretty JSON" Install Once the installation is complete, select JSON string If you are using MAC OS Press Command + Control + J If you are using Windows OS Press CTRL + ALT + J Thats it! Now you don't have to copy your JSON string from Sublime Text 3, paste in your browser, format it, then copy formatted JSON from browser and paste it back in your Sublime

Access GitHub Repositories with SourceTree and 2FA (2 Factor Authentication)

Many developers and organizations use GitHub as code repository. Similarly, many prefer to commit code in GitHub repositories using various commands. I personally think that using any kind of user interface for committing code and performing various GIT operations is much more simpler and productive. SourceTree is one such Atlassian product. SourceTree is a free Git client and provides beautiful GUI that offers a visual representation for various Git repositories. For added security, you can enable 2FA (i.e. 2 Factor Authentication) for your GitHub account. Configuring GitHub with SourceTree is very very simple. Here are the steps on MAC OS (steps on Windows OS are similar): If you have not enabled 2FA: Open SourceTree and go to Preferences Select Accounts Click on Add button to add account On the pop-up window, select Host as "GitHub" Select Auth Type as "Basic" Type your GitHub username (not email) Type your password Select Protocol as HTTPS

MuleSoft LDAP Connector With Example

As we all know, the L ightweight D irectory A ccess Protocol ( LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. This has a major benefit that allows a central place to update and change user passwords. With MuleSoft’s LDAP Connector , we can access and maintain directory information services over an IP network by connecting to any LDAP server. LDAP Connector is developed by MuleSoft's developer community and it is categorized as Community Connectors. Latest LDAP Connector documentation is available here . Unfortunately, the information and examples of this connector are limited and scattered all over the web. Today, I am trying to cover as many details as p

MuleSoft - JSON Schema Validation with Dynamic Schema Location

While working on a Mule Application project, if you a planning to validate JSON payload against some JSON schema , and more importantly if you want to pass schema location dynamically, then this post will be benificial for you. Mule provides JSON Schema Validator as out of the box feature. From mule documentation , evaluates JSON payloads at runtime and verifies that they match a referenced JSON schema. You can match against schemas that exist in a local file or in an external URI. If the validation fails, an exception is raised with feedback about what went wrong and a reference to the original invalid payload. Above code works but here is the catch, in my scenario, the schema location was dynamic. Let's say the schema location is present in the database. Once the schema location value is retrieved from database, it is stored in a flow variable. For simplicity, I am creating a flow variable with hard-coded value. In actual application, the flow variable value will be the va

Run JMeter Tests with Maven

In this article, I will be focusing on configuring JMeter with Maven but lets first understand some basics of JMeter and Maven. The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance. These days, performance testing is very very important especially when the applications are targeting large number of users. There are many tools available in market, some are paid, some are free. Apache JMeter is one such free and open source software. Though JMeter's was initially developed for load testing web applications, it is now far more advanced. The biggest advantage of the JMeter is that it can do many things like performance and functional testing for web services, databases, FTPs or Web Servers, LDAP, JMS, trigger emails/notifications. Most of these features are implemented with plugins. JMeter is powerful, easy to install and use and FREE! It is a Java desktop application with simple us