Crypto (JCE)

Since Camel 2.3

Only producer is supported

With Camel cryptographic endpoints and Java’s Cryptographic extension it is easy to create Digital Signatures for Exchanges. Camel provides a pair of flexible endpoints which get used in concert to create a signature for an exchange in one part of the exchange’s workflow and then verify the signature in a later part of the workflow.

Maven users will need to add the following dependency to their pom.xml for this component:

<dependency>
    <groupId>org.apache.camel</groupId>
    <artifactId>camel-crypto</artifactId>
    <version>x.x.x</version>
    <!-- use the same version as your Camel core version -->
</dependency>

Introduction

Digital signatures make use of Asymmetric Cryptographic techniques to sign messages. From a (very) high level, the algorithms use pairs of complimentary keys with the special property that data encrypted with one key can only be decrypted with the other. One, the private key, is closely guarded and used to 'sign' the message while the other, public key, is shared around to anyone interested in verifying the signed messages. Messages are signed by using the private key to encrypting a digest of the message. This encrypted digest is transmitted along with the message. On the other side the verifier recalculates the message digest and uses the public key to decrypt the digest in the signature. If both digests match the verifier knows only the holder of the private key could have created the signature.

Camel uses the Signature service from the Java Cryptographic Extension to do all the heavy cryptographic lifting required to create exchange signatures. The following are some excellent resources for explaining the mechanics of Cryptography, Message digests and Digital Signatures and how to leverage them with the JCE.

Bruce Schneier’s Applied Cryptography
Beginning Cryptography with Java by David Hook
The ever insightful Wikipedia Digital_signatures

URI format

As mentioned Camel provides a pair of crypto endpoints to create and verify signatures

crypto:sign:name[?options]
crypto:verify:name[?options]

crypto:sign creates the signature and stores it in the Header keyed by the constant org.apache.camel.component.crypto.DigitalSignatureConstants.SIGNATURE, i.e. "CamelDigitalSignature".
crypto:verify will read in the contents of this header and do the verification calculation.

In order to correctly function, the sign and verify process needs a pair of keys to be shared, signing requiring a PrivateKey and verifying a PublicKey (or a Certificate containing one). Using the JCE it is very simple to generate these key pairs but it is usually most secure to use a KeyStore to house and share your keys. The DSL is very flexible about how keys are supplied and provides a number of mechanisms.

Note a crypto:sign endpoint is typically defined in one route and the complimentary crypto:verify in another, though for simplicity in the examples they appear one after the other. It goes without saying that both signing and verifying should be configured identically.

Options

The Crypto (JCE) component supports 21 options, which are listed below.

Name	Description	Default	Type
algorithm (producer)	Sets the JCE name of the Algorithm that should be used for the signer.	SHA256withRSA	String
alias (producer)	Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS		String
certificateName (producer)	Sets the reference name for a PrivateKey that can be found in the registry.		String
keystore (producer)	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.		KeyStore
keystoreName (producer)	Sets the reference name for a Keystore that can be found in the registry.		String
lazyStartProducer (producer)	Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.	false	boolean
privateKey (producer)	Set the PrivateKey that should be used to sign the exchange		PrivateKey
privateKeyName (producer)	Sets the reference name for a PrivateKey that can be found in the registry.		String
provider (producer)	Set the id of the security provider that provides the configured Signature algorithm.		String
publicKeyName (producer)	references that should be resolved when the context changes		String
secureRandomName (producer)	Sets the reference name for a SecureRandom that can be found in the registry.		String
signatureHeaderName (producer)	Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'		String
autowiredEnabled (advanced)	Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc.	true	boolean
bufferSize (advanced)	Set the size of the buffer used to read in the Exchange payload data.	2048	Integer
certificate (advanced)	Set the Certificate that should be used to verify the signature in the exchange based on its payload.		Certificate
clearHeaders (advanced)	Determines if the Signature specific headers be cleared after signing and verification. Defaults to true, and should only be made otherwise at your extreme peril as vital private information such as Keys and passwords may escape if unset.	true	boolean
configuration (advanced)	To use the shared DigitalSignatureConfiguration as configuration		DigitalSignatureConfiguration
keyStoreParameters (advanced)	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges based on the given KeyStoreParameters. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.		KeyStoreParameters
publicKey (advanced)	Set the PublicKey that should be used to verify the signature in the exchange.		PublicKey
secureRandom (advanced)	Set the SecureRandom used to initialize the Signature service		SecureRandom
password (security)	Sets the password used to access an aliased PrivateKey in the KeyStore.		String

Name

Description

Default

Type

algorithm (producer)

Sets the JCE name of the Algorithm that should be used for the signer.

SHA256withRSA

String

alias (producer)

Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS

String

certificateName (producer)

Sets the reference name for a PrivateKey that can be found in the registry.

String

keystore (producer)

Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.

KeyStore

keystoreName (producer)

Sets the reference name for a Keystore that can be found in the registry.

String

lazyStartProducer (producer)

Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.

false

boolean

privateKey (producer)

Set the PrivateKey that should be used to sign the exchange

PrivateKey

privateKeyName (producer)

Sets the reference name for a PrivateKey that can be found in the registry.

String

provider (producer)

Set the id of the security provider that provides the configured Signature algorithm.

String

publicKeyName (producer)

references that should be resolved when the context changes

String

secureRandomName (producer)

Sets the reference name for a SecureRandom that can be found in the registry.

String

signatureHeaderName (producer)

Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'

String

autowiredEnabled (advanced)

Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc.

true

boolean

bufferSize (advanced)

Set the size of the buffer used to read in the Exchange payload data.

2048

Integer

certificate (advanced)

Set the Certificate that should be used to verify the signature in the exchange based on its payload.

Certificate

clearHeaders (advanced)

Determines if the Signature specific headers be cleared after signing and verification. Defaults to true, and should only be made otherwise at your extreme peril as vital private information such as Keys and passwords may escape if unset.

true

boolean

configuration (advanced)

To use the shared DigitalSignatureConfiguration as configuration

DigitalSignatureConfiguration

keyStoreParameters (advanced)

Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges based on the given KeyStoreParameters. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.

KeyStoreParameters

publicKey (advanced)

Set the PublicKey that should be used to verify the signature in the exchange.

PublicKey

secureRandom (advanced)

Set the SecureRandom used to initialize the Signature service

SecureRandom

password (security)

Sets the password used to access an aliased PrivateKey in the KeyStore.

String

The Crypto (JCE) endpoint is configured using URI syntax:

crypto:cryptoOperation:name

with the following path and query parameters:

Path Parameters (2 parameters):

Name	Description	Default	Type
cryptoOperation	Required Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto:sign sets sign as the operation. There are 2 enums and the value can be one of: sign, verify		CryptoOperation
name	Required The logical name of this operation.		String

Name

Description

Default

Type

cryptoOperation

Required Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto:sign sets sign as the operation. There are 2 enums and the value can be one of: sign, verify

CryptoOperation

name

Required The logical name of this operation.

String

Query Parameters (20 parameters):

Name	Description	Default	Type
algorithm (producer)	Sets the JCE name of the Algorithm that should be used for the signer.	SHA256withRSA	String
alias (producer)	Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS		String
certificateName (producer)	Sets the reference name for a PrivateKey that can be found in the registry.		String
keystore (producer)	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.		KeyStore
keystoreName (producer)	Sets the reference name for a Keystore that can be found in the registry.		String
lazyStartProducer (producer)	Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.	false	boolean
privateKey (producer)	Set the PrivateKey that should be used to sign the exchange		PrivateKey
privateKeyName (producer)	Sets the reference name for a PrivateKey that can be found in the registry.		String
provider (producer)	Set the id of the security provider that provides the configured Signature algorithm.		String
publicKeyName (producer)	references that should be resolved when the context changes		String
secureRandomName (producer)	Sets the reference name for a SecureRandom that can be found in the registry.		String
signatureHeaderName (producer)	Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'		String
bufferSize (advanced)	Set the size of the buffer used to read in the Exchange payload data.	2048	Integer
certificate (advanced)	Set the Certificate that should be used to verify the signature in the exchange based on its payload.		Certificate
clearHeaders (advanced)	Determines if the Signature specific headers be cleared after signing and verification. Defaults to true, and should only be made otherwise at your extreme peril as vital private information such as Keys and passwords may escape if unset.	true	boolean
keyStoreParameters (advanced)	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges based on the given KeyStoreParameters. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used.		KeyStoreParameters
publicKey (advanced)	Set the PublicKey that should be used to verify the signature in the exchange.		PublicKey
secureRandom (advanced)	Set the SecureRandom used to initialize the Signature service		SecureRandom
synchronous (advanced)	Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported).	false	boolean
password (security)	Sets the password used to access an aliased PrivateKey in the KeyStore.		String

Name

Description

Default

Type

algorithm (producer)

Sets the JCE name of the Algorithm that should be used for the signer.

SHA256withRSA

String

alias (producer)

String

certificateName (producer)

Sets the reference name for a PrivateKey that can be found in the registry.

String

keystore (producer)

KeyStore

keystoreName (producer)

Sets the reference name for a Keystore that can be found in the registry.

String

lazyStartProducer (producer)

false

boolean

privateKey (producer)

Set the PrivateKey that should be used to sign the exchange

PrivateKey

privateKeyName (producer)

Sets the reference name for a PrivateKey that can be found in the registry.

String

provider (producer)

Set the id of the security provider that provides the configured Signature algorithm.

String

publicKeyName (producer)

references that should be resolved when the context changes

String

secureRandomName (producer)

Sets the reference name for a SecureRandom that can be found in the registry.

String

signatureHeaderName (producer)

Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'

String

bufferSize (advanced)

Set the size of the buffer used to read in the Exchange payload data.

2048

Integer

certificate (advanced)

Set the Certificate that should be used to verify the signature in the exchange based on its payload.

Certificate

clearHeaders (advanced)

true

boolean

keyStoreParameters (advanced)

KeyStoreParameters

publicKey (advanced)

Set the PublicKey that should be used to verify the signature in the exchange.

PublicKey

secureRandom (advanced)

Set the SecureRandom used to initialize the Signature service

SecureRandom

synchronous (advanced)

Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported).

false

boolean

password (security)

Sets the password used to access an aliased PrivateKey in the KeyStore.

String

Using

Raw keys

The most basic way to way to sign and verify an exchange is with a KeyPair as follows.

The same can be achieved with the Spring XML Extensions using references to keys

KeyStores and Aliases.

The JCE provides a very versatile keystore concept for housing pairs of private keys and certificates, keeping them encrypted and password protected. They can be retrieved by applying an alias to the retrieval APIs. There are a number of ways to get keys and Certificates into a keystore, most often this is done with the external 'keytool' application. This is a good example of using keytool to create a KeyStore with a self signed Cert and Private key.

The examples use a Keystore with a key and cert aliased by 'bob'. The password for the keystore and the key is 'letmein'

The following shows how to use a Keystore via the Fluent builders, it also shows how to load and initialize the keystore.

Again in Spring a ref is used to lookup an actual keystore instance.

Changing JCE Provider and Algorithm

Changing the Signature algorithm or the Security provider is a simple matter of specifying their names. You will need to also use Keys that are compatible with the algorithm you choose.

Changing the Signature Message Header

It may be desirable to change the message header used to store the signature. A different header name can be specified in the route definition as follows

Changing the buffersize

In case you need to update the size of the buffer…

Supplying Keys dynamically.

When using a Recipient list or similar EIP the recipient of an exchange can vary dynamically. Using the same key across all recipients may be neither feasible nor desirable. It would be useful to be able to specify signature keys dynamically on a per-exchange basis. The exchange could then be dynamically enriched with the key of its target recipient prior to signing. To facilitate this the signature mechanisms allow for keys to be supplied dynamically via the message headers below

Exchange.SIGNATURE_PRIVATE_KEY, "CamelSignaturePrivateKey"
Exchange.SIGNATURE_PUBLIC_KEY_OR_CERT, "CamelSignaturePublicKeyOrCert"

Even better would be to dynamically supply a keystore alias. Again the alias can be supplied in a message header

Exchange.KEYSTORE_ALIAS, "CamelSignatureKeyStoreAlias"

The header would be set as follows

Exchange unsigned = getMandatoryEndpoint("direct:alias-sign").createExchange();
unsigned.getIn().setBody(payload);
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_ALIAS, "bob");
unsigned.getIn().setHeader(DigitalSignatureConstants.KEYSTORE_PASSWORD, "letmein".toCharArray());
template.send("direct:alias-sign", unsigned);
Exchange signed = getMandatoryEndpoint("direct:alias-sign").createExchange();
signed.getIn().copyFrom(unsigned.getOut());
signed.getIn().setHeader(KEYSTORE_ALIAS, "bob");
template.send("direct:alias-verify", signed);

Spring Boot Auto-Configuration

When using crypto with Spring Boot make sure to use the following Maven dependency to have support for auto configuration:

<dependency>
  <groupId>org.apache.camel.springboot</groupId>
  <artifactId>camel-crypto-starter</artifactId>
  <version>x.x.x</version>
  <!-- use the same version as your Camel core version -->
</dependency>

The component supports 47 options, which are listed below.

Name	Description	Default	Type
camel.component.crypto.algorithm	Sets the JCE name of the Algorithm that should be used for the signer.	SHA256withRSA	String
camel.component.crypto.alias	Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS		String
camel.component.crypto.autowired-enabled	Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc.	true	Boolean
camel.component.crypto.buffer-size	Set the size of the buffer used to read in the Exchange payload data.	2048	Integer
camel.component.crypto.certificate	Set the Certificate that should be used to verify the signature in the exchange based on its payload. The option is a java.security.cert.Certificate type.		Certificate
camel.component.crypto.certificate-name	Sets the reference name for a PrivateKey that can be found in the registry.		String
camel.component.crypto.clear-headers	Determines if the Signature specific headers be cleared after signing and verification. Defaults to true, and should only be made otherwise at your extreme peril as vital private information such as Keys and passwords may escape if unset.	true	Boolean
camel.component.crypto.configuration	To use the shared DigitalSignatureConfiguration as configuration. The option is a org.apache.camel.component.crypto.DigitalSignatureConfiguration type.		DigitalSignatureConfiguration
camel.component.crypto.enabled	Whether to enable auto configuration of the crypto component. This is enabled by default.		Boolean
camel.component.crypto.key-store-parameters	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges based on the given KeyStoreParameters. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used. The option is a org.apache.camel.support.jsse.KeyStoreParameters type.		KeyStoreParameters
camel.component.crypto.keystore	Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used. The option is a java.security.KeyStore type.		KeyStore
camel.component.crypto.keystore-name	Sets the reference name for a Keystore that can be found in the registry.		String
camel.component.crypto.lazy-start-producer	Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.	false	Boolean
camel.component.crypto.password	Sets the password used to access an aliased PrivateKey in the KeyStore.		String
camel.component.crypto.private-key	Set the PrivateKey that should be used to sign the exchange. The option is a java.security.PrivateKey type.		PrivateKey
camel.component.crypto.private-key-name	Sets the reference name for a PrivateKey that can be found in the registry.		String
camel.component.crypto.provider	Set the id of the security provider that provides the configured Signature algorithm.		String
camel.component.crypto.public-key	Set the PublicKey that should be used to verify the signature in the exchange. The option is a java.security.PublicKey type.		PublicKey
camel.component.crypto.public-key-name	references that should be resolved when the context changes		String
camel.component.crypto.secure-random	Set the SecureRandom used to initialize the Signature service. The option is a java.security.SecureRandom type.		SecureRandom
camel.component.crypto.secure-random-name	Sets the reference name for a SecureRandom that can be found in the registry.		String
camel.component.crypto.signature-header-name	Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'		String
camel.dataformat.crypto.algorithm	The JCE algorithm name indicating the cryptographic algorithm that will be used.		String
camel.dataformat.crypto.algorithm-parameter-ref	A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type.		String
camel.dataformat.crypto.buffersize	The size of the buffer used in the signature process.		Integer
camel.dataformat.crypto.crypto-provider	The name of the JCE Security Provider that should be used.		String
camel.dataformat.crypto.enabled	Whether to enable auto configuration of the crypto data format. This is enabled by default.		Boolean
camel.dataformat.crypto.init-vector-ref	Refers to a byte array containing the Initialization Vector that will be used to initialize the Cipher.		String
camel.dataformat.crypto.inline	Flag indicating that the configured IV should be inlined into the encrypted data stream. Is by default false.	false	Boolean
camel.dataformat.crypto.key-ref	Refers to the secret key to lookup from the register to use.		String
camel.dataformat.crypto.mac-algorithm	The JCE algorithm name indicating the Message Authentication algorithm.	HmacSHA1	String
camel.dataformat.crypto.should-append-h-m-a-c	Flag indicating that a Message Authentication Code should be calculated and appended to the encrypted data.	true	Boolean
camel.dataformat.pgp.algorithm	Symmetric key encryption algorithm; possible values are defined in org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting.		Integer
camel.dataformat.pgp.armored	This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc.	false	Boolean
camel.dataformat.pgp.compression-algorithm	Compression algorithm; possible values are defined in org.bouncycastle.bcpg.CompressionAlgorithmTags; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting.		Integer
camel.dataformat.pgp.enabled	Whether to enable auto configuration of the pgp data format. This is enabled by default.		Boolean
camel.dataformat.pgp.hash-algorithm	Signature hash algorithm; possible values are defined in org.bouncycastle.bcpg.HashAlgorithmTags; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.		Integer
camel.dataformat.pgp.integrity	Adds an integrity check/sign into the encryption file. The default value is true.	true	Boolean
camel.dataformat.pgp.key-file-name	Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the file: prefix).		String
camel.dataformat.pgp.key-userid	The user ID of the key in the PGP keyring used during encryption. Can also be only a part of a user ID. For example, if the user ID is Test User then you can use the part Test User or to address the user ID.		String
camel.dataformat.pgp.password	Password used when opening the private key (not used for encryption).		String
camel.dataformat.pgp.provider	Java Cryptography Extension (JCE) provider, default is Bouncy Castle (BC). Alternatively you can use, for example, the IAIK JCE provider; in this case the provider must be registered beforehand and the Bouncy Castle provider must not be registered beforehand. The Sun JCE provider does not work.		String
camel.dataformat.pgp.signature-key-file-name	Filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the file: prefix).		String
camel.dataformat.pgp.signature-key-ring	Keyring used for signing/verifying as byte array. You can not set the signatureKeyFileName and signatureKeyRing at the same time.		String
camel.dataformat.pgp.signature-key-userid	User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is Test User then you can use the part Test User or to address the User ID.		String
camel.dataformat.pgp.signature-password	Password used when opening the private key used for signing (during encryption).		String
camel.dataformat.pgp.signature-verification-option	Controls the behavior for verifying the signature during unmarshaling. There are 4 values possible: optional: The PGP message may or may not contain signatures; if it does contain signatures, then a signature verification is executed. required: The PGP message must contain at least one signature; if this is not the case an exception (PGPException) is thrown. A signature verification is executed. ignore: Contained signatures in the PGP message are ignored; no signature verification is executed. no_signature_allowed: The PGP message must not contain a signature; otherwise an exception (PGPException) is thrown.		String

Name

Description

Default

Type

camel.component.crypto.algorithm

Sets the JCE name of the Algorithm that should be used for the signer.

SHA256withRSA

String

camel.component.crypto.alias

String

camel.component.crypto.autowired-enabled

true

Boolean

camel.component.crypto.buffer-size

Set the size of the buffer used to read in the Exchange payload data.

2048

Integer

camel.component.crypto.certificate

Set the Certificate that should be used to verify the signature in the exchange based on its payload. The option is a java.security.cert.Certificate type.

Certificate

camel.component.crypto.certificate-name

Sets the reference name for a PrivateKey that can be found in the registry.

String

camel.component.crypto.clear-headers

true

Boolean

camel.component.crypto.configuration

To use the shared DigitalSignatureConfiguration as configuration. The option is a org.apache.camel.component.crypto.DigitalSignatureConfiguration type.

DigitalSignatureConfiguration

camel.component.crypto.enabled

Whether to enable auto configuration of the crypto component. This is enabled by default.

Boolean

camel.component.crypto.key-store-parameters

KeyStoreParameters

camel.component.crypto.keystore

KeyStore

camel.component.crypto.keystore-name

Sets the reference name for a Keystore that can be found in the registry.

String

camel.component.crypto.lazy-start-producer

false

Boolean

camel.component.crypto.password

Sets the password used to access an aliased PrivateKey in the KeyStore.

String

camel.component.crypto.private-key

Set the PrivateKey that should be used to sign the exchange. The option is a java.security.PrivateKey type.

PrivateKey

camel.component.crypto.private-key-name

Sets the reference name for a PrivateKey that can be found in the registry.

String

camel.component.crypto.provider

Set the id of the security provider that provides the configured Signature algorithm.

String

camel.component.crypto.public-key

Set the PublicKey that should be used to verify the signature in the exchange. The option is a java.security.PublicKey type.

PublicKey

camel.component.crypto.public-key-name

references that should be resolved when the context changes

String

camel.component.crypto.secure-random

Set the SecureRandom used to initialize the Signature service. The option is a java.security.SecureRandom type.

SecureRandom

camel.component.crypto.secure-random-name

Sets the reference name for a SecureRandom that can be found in the registry.

String

camel.component.crypto.signature-header-name

Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature'

String

camel.dataformat.crypto.algorithm

The JCE algorithm name indicating the cryptographic algorithm that will be used.

String

camel.dataformat.crypto.algorithm-parameter-ref

A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type.

String

camel.dataformat.crypto.buffersize

The size of the buffer used in the signature process.

Integer

camel.dataformat.crypto.crypto-provider

The name of the JCE Security Provider that should be used.

String

camel.dataformat.crypto.enabled

Whether to enable auto configuration of the crypto data format. This is enabled by default.

Boolean

camel.dataformat.crypto.init-vector-ref

Refers to a byte array containing the Initialization Vector that will be used to initialize the Cipher.

String

camel.dataformat.crypto.inline

Flag indicating that the configured IV should be inlined into the encrypted data stream. Is by default false.

false

Boolean

camel.dataformat.crypto.key-ref

Refers to the secret key to lookup from the register to use.

String

camel.dataformat.crypto.mac-algorithm

The JCE algorithm name indicating the Message Authentication algorithm.

HmacSHA1

String

camel.dataformat.crypto.should-append-h-m-a-c

Flag indicating that a Message Authentication Code should be calculated and appended to the encrypted data.

true

Boolean

camel.dataformat.pgp.algorithm

Symmetric key encryption algorithm; possible values are defined in org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting.

Integer

camel.dataformat.pgp.armored

This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc.

false

Boolean

camel.dataformat.pgp.compression-algorithm

Compression algorithm; possible values are defined in org.bouncycastle.bcpg.CompressionAlgorithmTags; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting.

Integer

camel.dataformat.pgp.enabled

Whether to enable auto configuration of the pgp data format. This is enabled by default.

Boolean

camel.dataformat.pgp.hash-algorithm

Signature hash algorithm; possible values are defined in org.bouncycastle.bcpg.HashAlgorithmTags; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.

Integer

camel.dataformat.pgp.integrity

Adds an integrity check/sign into the encryption file. The default value is true.

true

Boolean

camel.dataformat.pgp.key-file-name

Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the file: prefix).

String

camel.dataformat.pgp.key-userid

The user ID of the key in the PGP keyring used during encryption. Can also be only a part of a user ID. For example, if the user ID is Test User then you can use the part Test User or to address the user ID.

String

camel.dataformat.pgp.password

Password used when opening the private key (not used for encryption).

String

camel.dataformat.pgp.provider

Java Cryptography Extension (JCE) provider, default is Bouncy Castle (BC). Alternatively you can use, for example, the IAIK JCE provider; in this case the provider must be registered beforehand and the Bouncy Castle provider must not be registered beforehand. The Sun JCE provider does not work.

String

camel.dataformat.pgp.signature-key-file-name

Filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the file: prefix).

String

camel.dataformat.pgp.signature-key-ring

Keyring used for signing/verifying as byte array. You can not set the signatureKeyFileName and signatureKeyRing at the same time.

String

camel.dataformat.pgp.signature-key-userid

User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is Test User then you can use the part Test User or to address the User ID.

String

camel.dataformat.pgp.signature-password

Password used when opening the private key used for signing (during encryption).

String

camel.dataformat.pgp.signature-verification-option

Controls the behavior for verifying the signature during unmarshaling. There are 4 values possible: optional: The PGP message may or may not contain signatures; if it does contain signatures, then a signature verification is executed. required: The PGP message must contain at least one signature; if this is not the case an exception (PGPException) is thrown. A signature verification is executed. ignore: Contained signatures in the PGP message are ignored; no signature verification is executed. no_signature_allowed: The PGP message must not contain a signature; otherwise an exception (PGPException) is thrown.

String