You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by bu...@apache.org on 2015/09/24 18:21:04 UTC
svn commit: r966639 [2/4] - in /websites/production/camel/content:
book-dataformat-appendix.html book-in-one-page.html cache/main.pageCache
camel-2160-release.html crypto.html
Modified: websites/production/camel/content/book-in-one-page.html
==============================================================================
--- websites/production/camel/content/book-in-one-page.html (original)
+++ websites/production/camel/content/book-in-one-page.html Thu Sep 24 16:21:02 2015
@@ -3694,11 +3694,11 @@ The tutorial has been designed in two pa
While not actual tutorials you might find working through the source of the various <a shape="rect" href="examples.html">Examples</a> useful.</li></ul>
<h2 id="BookInOnePage-TutorialonSpringRemotingwithJMS">Tutorial on Spring Remoting with JMS</h2><p> </p><div class="confluence-information-macro confluence-information-macro-information"><p class="title">Thanks</p><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This tutorial was kindly donated to Apache Camel by Martin Gilday.</p></div></div><h2 id="BookInOnePage-Preface">Preface</h2><p>This tutorial aims to guide the reader through the stages of creating a project which uses Camel to facilitate the routing of messages from a JMS queue to a <a shape="rect" class="external-link" href="http://www.springramework.org" rel="nofollow">Spring</a> service. The route works in a synchronous fashion returning a response to the client.</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1443097118405 {padding: 0px;}
-div.rbtoc1443097118405 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1443097118405 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1443111495690 {padding: 0px;}
+div.rbtoc1443111495690 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1443111495690 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1443097118405">
+/*]]>*/</style></p><div class="toc-macro rbtoc1443111495690">
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-TutorialonSpringRemotingwithJMS">Tutorial on Spring Remoting with JMS</a></li><li><a shape="rect" href="#BookInOnePage-Preface">Preface</a></li><li><a shape="rect" href="#BookInOnePage-Prerequisites">Prerequisites</a></li><li><a shape="rect" href="#BookInOnePage-Distribution">Distribution</a></li><li><a shape="rect" href="#BookInOnePage-About">About</a></li><li><a shape="rect" href="#BookInOnePage-CreatetheCamelProject">Create the Camel Project</a>
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-UpdatethePOMwithDependencies">Update the POM with Dependencies</a></li></ul>
</li><li><a shape="rect" href="#BookInOnePage-WritingtheServer">Writing the Server</a>
@@ -5803,11 +5803,11 @@ So we completed the last piece in the pi
<p>This example has been removed from <strong>Camel 2.9</strong> onwards. Apache Axis 1.4 is a very old and unsupported framework. We encourage users to use <a shape="rect" href="cxf.html">CXF</a> instead of Axis.</p></div></div>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1443097118753 {padding: 0px;}
-div.rbtoc1443097118753 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1443097118753 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1443111495949 {padding: 0px;}
+div.rbtoc1443111495949 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1443111495949 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1443097118753">
+/*]]>*/</style><div class="toc-macro rbtoc1443111495949">
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-TutorialusingAxis1.4withApacheCamel">Tutorial using Axis 1.4 with Apache Camel</a>
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-Prerequisites">Prerequisites</a></li><li><a shape="rect" href="#BookInOnePage-Distribution">Distribution</a></li><li><a shape="rect" href="#BookInOnePage-Introduction">Introduction</a></li><li><a shape="rect" href="#BookInOnePage-SettinguptheprojecttorunAxis">Setting up the project to run Axis</a>
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-Maven2">Maven 2</a></li><li><a shape="rect" href="#BookInOnePage-wsdl">wsdl</a></li><li><a shape="rect" href="#BookInOnePage-ConfiguringAxis">Configuring Axis</a></li><li><a shape="rect" href="#BookInOnePage-RunningtheExample">Running the Example</a></li></ul>
@@ -11402,7 +11402,7 @@ from("direct:basic-encryption"
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>In Spring the dataformat is configured first and then used in routes</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>In Spring the dataformat is configured first and then used in routes<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[<camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">
<dataFormats>
<crypto id="basic" algorithm="DES" keyRef="desKey" />
@@ -11431,7 +11431,7 @@ from("direct:hmac-algorithm")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>A list of the available algorithms in Java 7 is available via the <a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html" rel="nofollow">Java Cryptography Architecture Standard Algorithm Name Documentation</a>.</p><h3 id="BookInOnePage-SpecifyinganInitializationVector">Specifying an Initialization Vector</h3><p>Some crypto algorithms, particularly block algorithms, require configuration with an initial block of data known as an Initialization Vector. In the JCE this is passed as an AlgorithmParameterSpec when the Cipher is initialized. To use such a vector with the CryptoDataFormat you can configure it with a byte[] containing the required data e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>A list of the available algorithms in Java 7 is available via the <a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html" rel="nofollow">Java Cryptography Architecture Standard Algorithm Name Documentation</a>.<h3 id="BookInOnePage-SpecifyinganInitializationVector">Specifying an Initialization Vector</h3><p>Some crypto algorithms, particularly block algorithms, require configuration with an initial block of data known as an Initialization Vector. In the JCE this is passed as an AlgorithmParameterSpec when the Cipher is initialized. To use such a vector with the CryptoDataFormat you can configure it with a byte[] containing the required data e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
@@ -11445,11 +11445,11 @@ from("direct:init-vector")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring, suppling a reference to a byte[]</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring, suppling a reference to a byte[]<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<crypto id="initvector" algorithm="DES/CBC/PKCS5Padding" keyRef="desKey" initVectorRef="initializationVector" />
]]></script>
-</div></div><p>The same vector is required in both the encryption and decryption phases. As it is not necessary to keep the IV a secret, the DataFormat allows for it to be inlined into the encrypted data and subsequently read out in the decryption phase to initialize the Cipher. To inline the IV set the /oinline flag.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>The same vector is required in both the encryption and decryption phases. As it is not necessary to keep the IV a secret, the DataFormat allows for it to be inlined into the encrypted data and subsequently read out in the decryption phase to initialize the Cipher. To inline the IV set the /oinline flag.<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
@@ -11467,13 +11467,13 @@ from("direct:inline")
.unmarshal(decryptFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<crypto id="inline" algorithm="DES/CBC/PKCS5Padding" keyRef="desKey" initVectorRef="initializationVector"
inline="true" />
<crypto id="inline-decrypt" algorithm="DES/CBC/PKCS5Padding" keyRef="desKey" inline="true" />
]]></script>
-</div></div><p>For more information of the use of Initialization Vectors, consult</p><ul><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Initialization_vector" rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a shape="rect" class="external-link" href="http://www.herongyang.com/Cryptography/" rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation" rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul><h3 id="BookInOnePage-HashedMessageAuthenticationCodes(HMAC)">Hashed Message Authentication Codes (HMAC)</h3><p>To avoid attacks against the encrypted data while it is in transit the CryptoDataFormat can also calculate a Message Authentication Code for the encrypted exchange contents based on a configurable MAC algorithm. The calculated HMAC is appended to the stream after encrypt
ion. It is separated from the stream in the decryption phase. The MAC is recalculated and verified against the transmitted version to insure nothing was tampered with in transit.For more information on Message Authentication Codes see <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>For more information of the use of Initialization Vectors, consult<ul><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Initialization_vector" rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a shape="rect" class="external-link" href="http://www.herongyang.com/Cryptography/" rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation" rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul><h3 id="BookInOnePage-HashedMessageAuthenticationCodes(HMAC)">Hashed Message Authentication Codes (HMAC)</h3><p>To avoid attacks against the encrypted data while it is in transit the CryptoDataFormat can also calculate a Message Authentication Code for the encrypted exchange contents based on a configurable MAC algorithm. The calculated HMAC is appended to the stream after encryption. It
is separated from the stream in the decryption phase. The MAC is recalculated and verified against the transmitted version to insure nothing was tampered with in transit.For more information on Message Authentication Codes see <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -11486,11 +11486,11 @@ from("direct:hmac")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<crypto id="hmac" algorithm="DES" keyRef="desKey" shouldAppendHMAC="true" />
]]></script>
-</div></div><p>By default the HMAC is calculated using the HmacSHA1 mac algorithm though this can be easily changed by supplying a different algorithm name. See <a shape="rect" class="unresolved" href="#">here</a> for how to check what algorithms are available through the configured security providers</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>By default the HMAC is calculated using the HmacSHA1 mac algorithm though this can be easily changed by supplying a different algorithm name. See <a shape="rect" class="unresolved" href="#">here</a> for how to check what algorithms are available through the configured security providers<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -11504,11 +11504,11 @@ from("direct:hmac-algorithm")
.unmarshal(cryptoFormat)
.to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<crypto id="hmac-algorithm" algorithm="DES" keyRef="desKey" macAlgorithm="HmacMD5" shouldAppendHMAC="true" />
]]></script>
-</div></div><h3 id="BookInOnePage-SupplyingKeysDynamically">Supplying Keys Dynamically</h3><p>When using a Recipient list or similar EIP the recipient of an exchange can vary dynamically. Using the same key across all recipients may neither be feasible or desirable. It would be useful to be able to specify keys dynamically on a per exchange basis. The exchange could then be dynamically enriched with the key of its target recipient before being processed by the data format. To facilitate this the DataFormat allow for keys to be supplied dynamically via the message headers below</p><ul><li><code>CryptoDataFormat.KEY</code> <code>"CamelCryptoKey"</code></li></ul><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="BookInOnePage-SupplyingKeysDynamically">Supplying Keys Dynamically</h3><p>When using a Recipient list or similar EIP the recipient of an exchange can vary dynamically. Using the same key across all recipients may neither be feasible or desirable. It would be useful to be able to specify keys dynamically on a per exchange basis. The exchange could then be dynamically enriched with the key of its target recipient before being processed by the data format. To facilitate this the DataFormat allow for keys to be supplied dynamically via the message headers below</p><ul><li><code>CryptoDataFormat.KEY</code> <code>"CamelCryptoKey"</code></li></ul><p></p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
CryptoDataFormat cryptoFormat = new CryptoDataFormat("DES", null);
/**
@@ -11530,11 +11530,11 @@ from("direct:key-in-header-decrypt&
}
}).to("mock:unencrypted");
]]></script>
-</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>or with spring.<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<crypto id="nokey" algorithm="DES" />
]]></script>
-</div></div><h3 id="BookInOnePage-PGPDataFormatOptions">PGPDataFormat Options</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The user ID of the key in the PGP keyring used during encryption. See also option <code>keyUserids</code>. Can also be only a part of a user ID. For example, if the user ID is "Test User <test@camel.com>" then you can use the part "Test User" or "<test@camel.com>"
to address the user ID.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: PGP allows to encrypt the symmetric key by several asymmetric public receiver keys. You can specify here the User IDs or parts of User IDs of several public keys contained in the PGP keyring. If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding public keys will be used for the encryption.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>password</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>
<code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Password used when opening the private key (not used for encryption).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>encryptionKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="conflue
nceTd"><p><strong>Since camel 2.12.1</strong>; encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; optional User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is "Test User <
;test@camel.com>" then you can use the part "Test User" or "<test@camel.com>" to address the User ID.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.3</strong>; optional list of User IDs of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). You can specify here the User IDs or parts of User IDs of several keys contained in the PGP keyring. If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding keys will be used for the signing or signature veri
fication. If the specified User IDs reference several keys then for each key a signature is added to the PGP result during the encryption-signing process. In the decryption-verifying process the list of User IDs restricts the list of public keys which can be used for signature verification. If the list of User IDs is empty then any public key in the public keyring can be used for the signature verification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signaturePassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; optional password used when opening the private key used for signing (during encryption).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyFileName</code></p></td><td colspan="1" rowspan="1" cl
ass="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; optional filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.1</strong>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>algor
ithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>SymmetricKeyAlgorithmTags.CAST5</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>; symmetric key encryption algorithm; possible values are defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>compressionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CompressionAlgorithmTags.ZIP</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>; compression algorithm; possible values are defined in <code>org.bouncycastle.bcpg.C
ompressionAlgorithmTags</code>; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>hashAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>HashAlgorithmTags.SHA1</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: signature hash algorithm; possible values are defined in <code>org.bouncycastle.bcpg.HashAlgorithmTags</code>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>armored</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan=
"1" class="confluenceTd"><p>This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>integrity</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Adds an integrity check/sign into the encryption file.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>passphraseAccessor</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colsp
an="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; provides passphrases corresponding to user Ids. If no passpharase can be found from the option <code>password</code> or <code>signaturePassword</code> and from the headers <code>CamelPGPDataFormatKeyPassword</code> or <code>CamelPGPDataFormatSignatureKeyPassword</code> then the passphrase is fetched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/DefaultPGPPassphraseAccessor.java" rel="nofollow">DefaultPGPPassphraseAccessor</a>. The passphrase accessor i
s especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys' below.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureVerificationOption</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>"optional"</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.13.0</strong>: controls the behavior for verifying the signature during unmarshaling. There are three values possible:</p><ul><li><code>"optional"</code>: The PGP message may or may not contain signatures; if it does contain signatures, then a signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_OPTIONAL.</li><li><code>"required"</code>: The PGP message must contain at least one signature; if this is not the case an exception (PGPExcep
tion) is thrown. A signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_REQUIRED.</li><li><code>"ignore"</code>: Contained signatures in the PGP message are ignored; no signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_IGNORE.</li><li><code>"no_signature_allowed"</code>: The PGP message must not contain a signature; otherwise an exception (PGPException) is thrown. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.</li></ul></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>FileName</code></td><td colspan="1" rowspan="1" class="confluenceTd"><code>String</code></td><td colspan="1" rowspan="1" class="confluenceTd"><code>"_CONSOLE"</code></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.15.0:</strong> Sets the file name for the literal data packet. Can be overwritten by the  header {@lin
k Exchange#FILE_NAME}.</p><p>"<code>_CONSOLE</code>" indicates that the message is considered to be "for your eyes only". This advises that the message data is unusually sensitive, and the receiving program should process it more carefully, perhaps avoiding storing the received data to disk, for example.Only used for marshaling.</p></td></tr></tbody></table></div><h3 id="BookInOnePage-PGPDataFormatMessageHeaders">PGPDataFormat Message Headers</h3><p>You can override the PGPDataFormat options by applying below headers into message dynamically.</p><p> </p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>
<code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the encryption keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: the User IDs of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the private key; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td col
span="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the signature key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan
="1" rowspan="1" class="confluenceTd"><code>CamelPGPDataFormatSignatureKeyUserids</code></td><td colspan="1" rowspan="1" class="confluenceTd"><code>List<String></code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since Camel 2.12.3</strong>; the User IDs of the signature keys in the PGP keyring; will override existing setting directly on the PGPDataFormat.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the signature private key; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><
td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; symmetric key encryption algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureHashAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; signature hash algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatCompressionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; compression algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" c
lass="confluenceTd"><p><code>CamelPGPDataFormatNumberOfEncryptionKeys</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3;  </strong>number of public keys used for encrypting the symmectric key, set by PGPDataFormat during encryptiion process</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfSigningKeys</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3;  </strong>number of private keys used for creating signatures, set by PGPDataFormat during signing process</td></tr></tbody></table></div><h3 id="BookInOnePage-EncryptingwithPGPDataFormat">Encrypting with PGPDataFormat</h3><p>The following sample uses the popular PGP format for encrypting/decrypting files using
the <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">Bouncy Castle Java libraries</a>:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="BookInOnePage-PGPMessage">PGP Message</h3><p>The PGP Data Formater can create and decrypt/verify PGP Messages of the following PGP packet structure (entries in brackets are optional and ellipses indicate repetition, comma represents  sequential composition, and vertical bar separates alternatives):</p><p>    Public Key Encrypted Session Key ..., Symmetrically Encrypted Data | Sym. Encrypted and Integrity Protected Data, (Compressed Data,) (One Pass Signature ...,) Literal Data, (Signature ...,)</p><p><strong>Since Camel 2.16</strong>.<strong>0</strong> the Compressed Data packet is optional, before it was mandatory.</p><p> </p><h3 id="BookInOnePage-PGPDataFormatOptions">PGPDataFormat Options</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p
>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The user ID of the key in the PGP keyring used during encryption. See also option <code>keyUserids</code>. Can also be only a part of a user ID. For example, if the user ID is "Test User <test@camel.com>" then you can use the part "Test User" or "<test@camel.com>" to address the user ID.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class=
"confluenceTd"><p><strong>Since camel 2.12.2</strong>: PGP allows to encrypt the symmetric key by several asymmetric public receiver keys. You can specify here the User IDs or parts of User IDs of several public keys contained in the PGP keyring. If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding public keys will be used for the encryption.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>password</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Password used when opening the private key (not used for encryption).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyFileName</code></p></td
><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>encryptionKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.1</strong>: encryption keyring; you can not set the keyFileName and encryptionKeyRing at the same time.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><
td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; optional User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is "Test User <test@camel.com>" then you can use the part "Test User" or "<test@camel.com>" to address the User ID.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.3</strong>: optional list of User IDs of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). You can specify here the User IDs or parts of User IDs of several keys contained in the PGP keyring. If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding keys will be used for the signing or signature verification. If the specified User IDs reference several keys then for each key a signature is added to the PGP result during the encryption-signing process. In the decryption-verifying process the list of User IDs restricts the list of public keys which can be used for signature verification. If the list of User IDs is empty then
any public key in the public keyring can be used for the signature verification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signaturePassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>: optional password used when opening the private key used for signing (during encryption).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>: optional filename of the keyring to use for signing (during encryption) or for signature verification (during de
cryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix).</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.1</strong>: signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>algorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>SymmetricKeyAlgorithmTags.CAST5</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: symmetric key encryption algorithm; po
ssible values are defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>compressionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CompressionAlgorithmTags.ZIP</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: compression algorithm; possible values are defined in <code>org.bouncycastle.bcpg.CompressionAlgorithmTags</code>; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>hashAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" ro
wspan="1" class="confluenceTd"><p><code>HashAlgorithmTags.SHA1</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: signature hash algorithm; possible values are defined in <code>org.bouncycastle.bcpg.HashAlgorithmTags</code>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>armored</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>integrity</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>boolean</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Adds an integrity check/sign into the encryption file.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>passphraseAccessor</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code><a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>: provides passphrases corresponding to user Ids. If no passpharase can be found from the option <code>password</code> or <code>signaturePassword</code> and from the headers <code>CamelPGPDataFormatKeyPassword</code> or <code>CamelPGPDataFormatSignatu
reKeyPassword</code> then the passphrase is fetched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/DefaultPGPPassphraseAccessor.java" rel="nofollow">DefaultPGPPassphraseAccessor</a>. The passphrase accessor is especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys' below.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>signatureVerificationOption</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>Stri
ng</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>"optional"</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.13.0</strong>: controls the behavior for verifying the signature during unmarshaling. There are three values possible:</p><ul><li><code>"optional"</code>: The PGP message may or may not contain signatures; if it does contain signatures, then a signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_OPTIONAL.</li><li><code>"required"</code>: The PGP message must contain at least one signature; if this is not the case an exception (PGPException) is thrown. A signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_REQUIRED.</li><li><code>"ignore"</code>: Contained signatures in the PGP message are ignored; no signature verification is executed. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_I
GNORE.</li><li><code>"no_signature_allowed"</code>: The PGP message must not contain a signature; otherwise an exception (PGPException) is thrown. Use the constant PGPKeyAccessDataFormat.SIGNATURE_VERIFICATION_OPTION_NO_SIGNATURE_ALLOWED.</li></ul></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>FileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><code>String</code></td><td colspan="1" rowspan="1" class="confluenceTd"><code>"_CONSOLE"</code></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.15.0</strong>: Sets the file name for the literal data packet. Can be overwritten by the  header {@link Exchange#FILE_NAME}.</p><p>"<code>_CONSOLE</code>" indicates that the message is considered to be "for your eyes only". This advises that the message data is unusually sensitive, and the receiving program should process it more carefully, perhaps avoiding storing the received data to disk, for example.Only used for mar
shaling.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>withCompressedDataPacket</code></td><td colspan="1" rowspan="1" class="confluenceTd">boolean</td><td colspan="1" rowspan="1" class="confluenceTd"><code>true</code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since Camel 2.16.0</strong>: Indicator whether the PGP Message shall be created with or without a Compressed Data packet. If the value is set to false, then no Compressed Data packet is added and the compressionAlgorithm value is ignored. Only used for marshaling.</td></tr></tbody></table></div><h3 id="BookInOnePage-PGPDataFormatMessageHeaders">PGPDataFormat Message Headers</h3><p>You can override the PGPDataFormat options by applying below headers into message dynamically.</p><p> </p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th>
<th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the encryption keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>
String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List<String></code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: the User IDs of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the private key; will override existing setting directly on
the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyRing</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p><
/td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the signature key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>CamelPGPDataFormatSignatureKeyUserids</code></td><td colspan="1" rowspan="1" class="confluenceTd"><code>List<String></code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since Camel 2.12.3</strong>; the User IDs of the signature keys in the PGP keyring; will override existing setting directly on the PGPDataFormat.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the signature private key; will override existing setting d
irectly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; symmetric key encryption algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureHashAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; signature hash algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatCompressionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int
</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; compression algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfEncryptionKeys</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3;  </strong>number of public keys used for encrypting the symmectric key, set by PGPDataFormat during encryptiion process</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatNumberOfSigningKeys</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><code>Integer</code></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since</strong> <strong>Camel 2.12.3;  </strong>number of private keys used for creating signatures, set by PGPDat
aFormat during signing process</td></tr></tbody></table></div><h3 id="BookInOnePage-EncryptingwithPGPDataFormat">Encrypting with PGPDataFormat</h3><p>The following sample uses the popular PGP format for encrypting/decrypting files using the <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">Bouncy Castle Java libraries</a>:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
// Public Key FileName
String keyFileName = getKeyFileName();
@@ -11548,7 +11548,7 @@ String keyPassword = getKeyPassword();
from("direct:inline").marshal().pgp(keyFileName, keyUserid).to("mock:encrypted").unmarshal()
.pgp(keyFileNameSec, null, keyPassword).to("mock:unencrypted");
]]></script>
-</div></div><p>The following sample performs signing + encryption, and then signature verification + decryption. It uses the same keyring for both signing and encryption, but you can obviously use different keys:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>The following sample performs signing + encryption, and then signature verification + decryption. It uses the same keyring for both signing and encryption, but you can obviously use different keys:<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
PGPDataFormat pgpSignAndEncrypt = new PGPDataFormat();
pgpSignAndEncrypt.setKeyFileName(keyFileName);
@@ -11572,7 +11572,7 @@ pgpVerifyAndDecrypt.setSignatureKeyUseri
from("direct:inline-sign").marshal(pgpSignAndEncrypt).to("mock:encrypted").unmarshal(pgpVerifyAndDecrypt)
.to("mock:unencrypted");
]]></script>
-</div></div><p>Or using Spring:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div>Or using Spring:<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
<dataFormats>
<!-- will load the file from classpath by default, but you can prefix with file: to load from file system -->
@@ -17563,11 +17563,11 @@ template.send("direct:alias-verify&
]]></script>
</div></div><p></p><h3 id="BookInOnePage-SeeAlso.28">See Also</h3>
<ul><li><a shape="rect" href="configuring-camel.html">Configuring Camel</a></li><li><a shape="rect" href="component.html">Component</a></li><li><a shape="rect" href="endpoint.html">Endpoint</a></li><li><a shape="rect" href="getting-started.html">Getting Started</a></li></ul><ul><li><a shape="rect" href="crypto.html">Crypto</a> Crypto is also available as a <a shape="rect" href="data-format.html">Data Format</a></li></ul> <h2 id="BookInOnePage-CXFComponent">CXF Component</h2><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>When using CXF as a consumer, the <a shape="rect" href="cxf-bean-component.html">CXF Bean Component</a> allows you to factor out how message payloads are received from their processing as a RESTful or SOAP web service. This has the potential of using a multitude of transports to consume web
services. The bean component's configuration is also simpler and provides the fastest method to implement web services using Camel and CXF.</p></div></div><div class="confluence-information-macro confluence-information-macro-tip"><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>When using CXF in streaming modes (see DataFormat option), then also read about <a shape="rect" href="stream-caching.html">Stream caching</a>.</p></div></div><p>The <strong>cxf:</strong> component provides integration with <a shape="rect" href="http://cxf.apache.org">Apache CXF</a> for connecting to JAX-WS services hosted in CXF.</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1443097150715 {padding: 0px;}
-div.rbtoc1443097150715 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1443097150715 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1443111543385 {padding: 0px;}
+div.rbtoc1443111543385 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1443111543385 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1443097150715">
+/*]]>*/</style></p><div class="toc-macro rbtoc1443111543385">
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-CXFComponent">CXF Component</a>
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-URIformat">URI format</a></li><li><a shape="rect" href="#BookInOnePage-Options">Options</a>
<ul class="toc-indentation"><li><a shape="rect" href="#BookInOnePage-Thedescriptionsofthedataformats">The descriptions of the dataformats</a>
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.