You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by bu...@apache.org on 2013/10/23 11:19:20 UTC

svn commit: r883803 - in /websites/production/camel/content: book-dataformat-appendix.html book-in-one-page.html cache/main.pageCache crypto.html

Author: buildbot
Date: Wed Oct 23 09:19:19 2013
New Revision: 883803

Log:
Production update by buildbot for camel

Modified:
    websites/production/camel/content/book-dataformat-appendix.html
    websites/production/camel/content/book-in-one-page.html
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/crypto.html

Modified: websites/production/camel/content/book-dataformat-appendix.html
==============================================================================
--- websites/production/camel/content/book-dataformat-appendix.html (original)
+++ websites/production/camel/content/book-dataformat-appendix.html Wed Oct 23 09:19:19 2013
@@ -3784,7 +3784,7 @@ from("direct:key-in-header-decrypt").unm
 
 <h3><a shape="rect" name="BookDataFormatAppendix-PGPDataFormatOptions"></a>PGPDataFormat Options</h3>
 <div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case, where the private decryption key is chosen by the key Id given in the e
 ncrypted data. See <span class="error">[example]</span> below. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case; see chapter 'Usaage of Passphrase Accessor'  below. </td></tr></tbody><
 /table>
 </div>
 </div>
 
@@ -3892,10 +3892,32 @@ from("direct:inline-sign")
 
 <h3><a shape="rect" name="BookDataFormatAppendix-UsageofPassphraseAccessor"></a>Usage of Passphrase Accessor</h3>
 
-<p>The </p>
+<p>Since <b>Camel  2.12.2</b>.</p>
 
+<p>A PGP Data Formater can decrypt messages which have been encrypted by different public keys. In this case you must provide the corresponding private keys in the secret keyring and the  passphrases of the private keys in the passphrase accessor.</p>
 
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+Map&lt;String, String&gt; userId2Passphrase = new HashMap&lt;String, String&gt;(2);
+// add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
+userId2Passphrase.put("key1","passphrase1");
+userId2Passphrase.put("key2","passphrase2");
+PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);
+
+PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
+pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// it is not necessary to specify the User Id
+ 
+from("direct:start")
+         ...     
+        .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
+        ...            
+]]></script>
+</div></div>
+
+<p><b>Remark</b><br clear="none">
+The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling.</p>
 
 <h3><a shape="rect" name="BookDataFormatAppendix-Dependencies"></a>Dependencies</h3>
 

Modified: websites/production/camel/content/book-in-one-page.html
==============================================================================
--- websites/production/camel/content/book-in-one-page.html (original)
+++ websites/production/camel/content/book-in-one-page.html Wed Oct 23 09:19:19 2013
@@ -14911,7 +14911,7 @@ from("direct:key-in-header-decrypt").unm
 
 <h3><a shape="rect" name="BookInOnePage-PGPDataFormatOptions"></a>PGPDataFormat Options</h3>
 <div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case, where the private decryption key is chosen by the key Id given in the e
 ncrypted data. See <span class="error">[example]</span> below. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case; see chapter 'Usaage of Passphrase Accessor'  below. </td></tr></tbody><
 /table>
 </div>
 </div>
 
@@ -15019,10 +15019,32 @@ from("direct:inline-sign")
 
 <h3><a shape="rect" name="BookInOnePage-UsageofPassphraseAccessor"></a>Usage of Passphrase Accessor</h3>
 
-<p>The </p>
+<p>Since <b>Camel  2.12.2</b>.</p>
 
+<p>A PGP Data Formater can decrypt messages which have been encrypted by different public keys. In this case you must provide the corresponding private keys in the secret keyring and the  passphrases of the private keys in the passphrase accessor.</p>
 
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+Map&lt;String, String&gt; userId2Passphrase = new HashMap&lt;String, String&gt;(2);
+// add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
+userId2Passphrase.put("key1","passphrase1");
+userId2Passphrase.put("key2","passphrase2");
+PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);
+
+PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
+pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// it is not necessary to specify the User Id
+ 
+from("direct:start")
+         ...     
+        .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
+        ...            
+]]></script>
+</div></div>
+
+<p><b>Remark</b><br clear="none">
+The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling.</p>
 
 <h3><a shape="rect" name="BookInOnePage-Dependencies"></a>Dependencies</h3>
 

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/camel/content/crypto.html
==============================================================================
--- websites/production/camel/content/crypto.html (original)
+++ websites/production/camel/content/crypto.html Wed Oct 23 09:19:19 2013
@@ -315,7 +315,7 @@ from("direct:key-in-header-decrypt").unm
 
 <h3><a shape="rect" name="Crypto-PGPDataFormatOptions"></a>PGPDataFormat Options</h3>
 <div class="confluenceTableSmall"><div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case, where the private decryption key is chosen by the key Id given in the e
 ncrypted data. See <span class="error">[example]</span> below. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Name </th><th colspan="1" rowspan="1" class="confluenceTh"> Type </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The userid of the key in the PGP keyring. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>password</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Password used when opening the private key (not used for encryption). </td></tr><tr><td colspan="1" rowspan="1" c
 lass="confluenceTd"> <tt>keyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>encryptionKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyUserid</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional userid of the key in the PGP keyring to use for signing (during encryption) or signature verification (during decryption) .</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signaturePassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional password used when opening the private key used for signing (during encryption). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyFileName</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>String</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.11.0</b>; optional filename of the keyring to us
 e for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>signatureKeyRing</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>byte[]</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.1</b>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>algorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>SymmetricKeyAlgorithmTags.CAST5</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>; symmetric key encryption algorithm; possible val
 ues are defined in <tt>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</tt>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>hashAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>int</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>HashAlgorithmTags.SHA1</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since camel 2.12.2</b>: signature hash algorithm; possible values are defined in <tt>org.bouncycastle.bcpg.HashAlgorithmTags</tt>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>armored</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="con
 fluenceTd"> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>integrity</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>boolean</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>true</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Adds an integrity check/sign into the encryption file. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>passphraseAccessor</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Since Camel 2.12.2</b>; provides passphrase
 s corresponding to user Ids.  If no passpharase can be found from the option <tt>password</tt> or <tt>signaturePassword</tt> and from the headers <tt>CamelPGPDataFormatKeyPassword</tt> or <tt>CamelPGPDataFormatSignatureKeyPassword</tt> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case; see chapter 'Usaage of Passphrase Accessor'  below. </td></tr></tbody><
 /table>
 </div>
 </div>
 
@@ -423,10 +423,32 @@ from("direct:inline-sign")
 
 <h3><a shape="rect" name="Crypto-UsageofPassphraseAccessor"></a>Usage of Passphrase Accessor</h3>
 
-<p>The </p>
+<p>Since <b>Camel  2.12.2</b>.</p>
 
+<p>A PGP Data Formater can decrypt messages which have been encrypted by different public keys. In this case you must provide the corresponding private keys in the secret keyring and the  passphrases of the private keys in the passphrase accessor.</p>
 
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+Map&lt;String, String&gt; userId2Passphrase = new HashMap&lt;String, String&gt;(2);
+// add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
+userId2Passphrase.put("key1","passphrase1");
+userId2Passphrase.put("key2","passphrase2");
+PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);
+
+PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
+pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
+pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing());
+// it is not necessary to specify the User Id
+ 
+from("direct:start")
+         ...     
+        .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
+        ...            
+]]></script>
+</div></div>
+
+<p><b>Remark</b><br clear="none">
+The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling.</p>
 
 <h3><a shape="rect" name="Crypto-Dependencies"></a>Dependencies</h3>