MuleSoft Security – Encryption

Security is about protecting your assets. These assets could be anything in company. Please refer to my previous blog about  what-is-security.

Mulesoft provides security suite to protect company assets. This suite of security features provides various methods for applying security to Mule Service-Oriented Architecture (SOA) implementations and Web services. Mulesoft security suits are available in enterprise version of Mulesoft.

In this blog I am showing, how to use Encryption and Decryption from Mulesoft Security suits. Mule can encrypt an entire payload or several fields of data within a message. This encryption prevents unauthorized access of data like password, SSN, credit card… etc. and moves this data between systems securely.

Mule Message Encryption processor changes the payload or Message so that it becomes unreadable by unauthorized entities. Mule Encryption processor encrypts the payload using one of the following three Encryption Strategies

1) JCE Encrypter — encrypts stream, byte[] or string
2) XML Encrypter — encrypts string, encrypts individual fields using xpath expressions.
3) PGP Encrypter — encrypts stream, byte[] or string, applies tighter security (relative to JCE and XML), increases processing load (relative to JCE and XML)

Encryption-Decryption Flow Diagram

Encryption Connector Configuration
In my example I am using Jce Encrypter. I am setting value for key and keypassword

Here is full code of this implementation

<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:encryption="http://www.mulesoft.org/schema/mule/encryption" 
xmlns:http="http://www.mulesoft.org/schema/mule/http" 
xmlns="http://www.mulesoft.org/schema/mule/core" 
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"       
xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.7.0"       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/encryption http://www.mulesoft.org/schema/mule/encryption/current/mule-encryption.xsd">

  <http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8081" basePath="/demo" doc:name="HTTP Listener Configuration"/>
  <encryption:config name="Encryption" doc:name="Encryption">
    <encryption:jce-encrypter-config key="8aVrj8x8IevyeaD=" keyPassword="0Zb+smauaT8v6hRiFGJDnakwlS/YC2u="/>    </encryption:config>

  <flow name="securitydemoprojectFlow">

    <http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP"/>

    <set-payload value="Hello World" doc:name="Set Payload"/>

    <encryption:encrypt config-ref="Encryption" doc:name="Encryption" using="JCE_ENCRYPTER">

      <encryption:jce-encrypter key="8aVrj8x8IevyeaD=" algorithm="AES" encryptionMode="CBC" keyPassword="0Zb+smauaT8v6hRiFGJDnakwlS/YC2u="/>

    </encryption:encrypt>

    <logger message=" Encrypted Message ==#[payload]" level="INFO" doc:name="Logger"/>

    <encryption:decrypt config-ref="Encryption" doc:name="Decryption" using="JCE_ENCRYPTER">

      <encryption:jce-encrypter key="8aVrj8x8IevyeaD=" keyPassword="0Zb+smauaT8v6hRiFGJDnakwlS/YC2u=" algorithm="AES" encryptionMode="CBC"/>

    </encryption:decrypt>
  </flow>
</mule>

Rajnish Kumar

Rajnish Kumar is CTO of Vanrish Technology with Over 25 years experience in different industries and technology. He is very passionate about innovation and latest technology like APIs, IOT (Internet Of Things), Artificial Intelligence (AI) ecosystem and Cybersecurity. He present his idea in different platforms and help customer to their digital transformation journey.

www.linkedin.com/in/kumarrajnish/