camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r896857 [1/3] - in /websites/production/camel/content: book-dataformat-appendix.html book-in-one-page.html cache/main.pageCache crypto.html
Date Sat, 08 Feb 2014 08:19:43 GMT
Author: buildbot
Date: Sat Feb  8 08:19:43 2014
New Revision: 896857

Log:
Production update by buildbot for camel

Modified:
    websites/production/camel/content/book-dataformat-appendix.html
    websites/production/camel/content/book-in-one-page.html
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/crypto.html

Modified: websites/production/camel/content/book-dataformat-appendix.html
==============================================================================
--- websites/production/camel/content/book-dataformat-appendix.html (original)
+++ websites/production/camel/content/book-dataformat-appendix.html Sat Feb  8 08:19:43 2014
@@ -3425,21 +3425,9 @@ from("jms://queue:customerServiceQu
 </dependency>
 ]]></script>
 </div></div>
-<h2 id="BookDataFormatAppendix-Crypto">Crypto</h2>
-<p><strong>Available as of Camel 2.3</strong><br clear="none">
-<strong>PGP Available as of Camel 2.9</strong></p>
-
-<p>The Crypto <a shape="rect" href="data-format.html">Data Format</a> integrates the Java Cryptographic Extension into Camel, allowing simple and flexible encryption and decryption of messages using Camel's familiar marshall and unmarshal formatting mechanism. It assumes marshalling to mean encryption to cyphertext and unmarshalling to mean decryption back to the original plaintext. This data format implements only symmetric (shared-key) encryption and decyption.</p>
-
-<h3 id="BookDataFormatAppendix-Options.6">Options</h3>
-<div class="confluenceTableSmall">
+<h2 id="BookDataFormatAppendix-Crypto">Crypto</h2><p><strong>Available as of Camel 2.3</strong><br clear="none"> <strong>PGP Available as of Camel 2.9</strong></p><p>The Crypto <a shape="rect" href="data-format.html">Data Format</a> integrates the Java Cryptographic Extension into Camel, allowing simple and flexible encryption and decryption of messages using Camel's familiar marshall and unmarshal formatting mechanism. It assumes marshalling to mean encryption to cyphertext and unmarshalling to mean decryption back to the original plaintext. This data format implements only symmetric (shared-key) encryption and decyption.</p><h3 id="BookDataFormatAppendix-Options.6">Options</h3><div class="confluenceTableSmall">
 <table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> Name </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Type </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Default </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>algorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>DES/CBC/PKCS5Padding</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> The JCE algorithm name indicating the cryptographic algorithm that will be used. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>algorithmParameterSpec</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>java.security.spec.AlgorithmParameterSpec</code> </p></td><td colspan="1" rowspan="1" class="con
 fluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>A JCE AlgorithmParameterSpec used to initialize the Cipher. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>bufferSize</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>Integer</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>2048</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> the size of the buffer used in the signature process. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>cryptoProvider</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> The name of the JCE Security Provider that should be used. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>initializa
 tionVector</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> A byte array containing the Initialization Vector that will be used to initialize the Cipher. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>inline</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>false</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Flag indicating that the configured IV should be inlined into the encrypted data stream. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>macAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</co
 de> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> The JCE algorithm name indicating the Message Authentication algorithm. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>shouldAppendHMAC</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Flag indicating that a Message Authentication Code should be calculated and appended to the encrypted data.</p></td></tr></tbody></table>
-</div>
-
-<h3 id="BookDataFormatAppendix-BasicUsage">Basic Usage</h3>
-<p>At its most basic all that is required to encrypt/decrypt an exchange is a shared secret key. If one or more instances of the Crypto data format are configured with this key the format can be used to encrypt the payload in one route (or part of one) and decrypted in another. For example, using the Java DSL as follows:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div><h3 id="BookDataFormatAppendix-BasicUsage">Basic Usage</h3><p>At its most basic all that is required to encrypt/decrypt an exchange is a shared secret key. If one or more instances of the Crypto data format are configured with this key the format can be used to encrypt the payload in one route (or part of one) and decrypted in another. For example, using the Java DSL as follows:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 
@@ -3451,13 +3439,8 @@ from(&quot;direct:basic-encryption&quot;
     .unmarshal(cryptoFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>In Spring the dataformat is configured first and then used in routes </p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;camelContext id=&quot;camel&quot; xmlns=&quot;http://camel.apache.org/schema/spring&quot;&gt;
+</div></div><p>In Spring the dataformat is configured first and then used in routes</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;camelContext id=&quot;camel&quot; xmlns=&quot;http://camel.apache.org/schema/spring&quot;&gt;
   &lt;dataFormats&gt;
     &lt;crypto id=&quot;basic&quot; algorithm=&quot;DES&quot; keyRef=&quot;desKey&quot; /&gt;
   &lt;/dataFormats&gt;
@@ -3471,13 +3454,7 @@ from(&quot;direct:basic-encryption&quot;
   &lt;/route&gt;
 &lt;/camelContext&gt;
 ]]></script>
-</div></div>
-
-<h3 id="BookDataFormatAppendix-SpecifyingtheEncryptionAlgorithm">Specifying the Encryption Algorithm</h3>
-
-<p>Changing the algorithm is a matter of supplying the JCE algorithm name. If you change the algorithm you will need to use a compatible key.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="BookDataFormatAppendix-SpecifyingtheEncryptionAlgorithm">Specifying the Encryption Algorithm</h3><p>Changing the algorithm is a matter of supplying the JCE algorithm name. If you change the algorithm you will need to use a compatible key.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 
@@ -3491,15 +3468,7 @@ from(&quot;direct:hmac-algorithm&quot;)
     .unmarshal(cryptoFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>A list of the available algorithms in Java 7 is available via the <a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html" rel="nofollow">Java Cryptography Architecture Standard Algorithm Name Documentation</a>.</p>
-
-<h3 id="BookDataFormatAppendix-SpecifyinganInitializationVector">Specifying an Initialization Vector</h3>
-
-<p>Some crypto algorithms, particularly block algorithms, require configuration with an initial block of data known as an Initialization Vector. In the JCE this is passed as an AlgorithmParameterSpec when the Cipher is initialized. To use such a vector with the CryptoDataFormat you can configure it with a byte[] containing the required data e.g.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>A list of the available algorithms in Java 7 is available via the <a shape="rect" class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html" rel="nofollow">Java Cryptography Architecture Standard Algorithm Name Documentation</a>.</p><h3 id="BookDataFormatAppendix-SpecifyinganInitializationVector">Specifying an Initialization Vector</h3><p>Some crypto algorithms, particularly block algorithms, require configuration with an initial block of data known as an Initialization Vector. In the JCE this is passed as an AlgorithmParameterSpec when the Cipher is initialized. To use such a vector with the CryptoDataFormat you can configure it with a byte[] containing the required data e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
@@ -3513,19 +3482,11 @@ from(&quot;direct:init-vector&quot;)
     .unmarshal(cryptoFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>or with spring, suppling a reference to a byte[]</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or with spring, suppling a reference to a byte[]</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;crypto id=&quot;initvector&quot; algorithm=&quot;DES/CBC/PKCS5Padding&quot; keyRef=&quot;desKey&quot; initVectorRef=&quot;initializationVector&quot; /&gt;
 ]]></script>
-</div></div>
-
-<p>The same vector is required in both the encryption and decryption phases. As it is not necessary to keep the IV a secret, the DataFormat allows for it to be inlined into the encrypted data and subsequently read out in the decryption phase to initialize the Cipher. To inline the IV set the /oinline flag.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>The same vector is required in both the encryption and decryption phases. As it is not necessary to keep the IV a secret, the DataFormat allows for it to be inlined into the encrypted data and subsequently read out in the decryption phase to initialize the Cipher. To inline the IV set the /oinline flag.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 byte[] initializationVector = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
@@ -3543,28 +3504,13 @@ from(&quot;direct:inline&quot;)
     .unmarshal(decryptFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>or with spring.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;crypto id=&quot;inline&quot; algorithm=&quot;DES/CBC/PKCS5Padding&quot; keyRef=&quot;desKey&quot; initVectorRef=&quot;initializationVector&quot;
   inline=&quot;true&quot; /&gt;
 &lt;crypto id=&quot;inline-decrypt&quot; algorithm=&quot;DES/CBC/PKCS5Padding&quot; keyRef=&quot;desKey&quot; inline=&quot;true&quot; /&gt;
 ]]></script>
-</div></div>
-
-<p>For more information of the use of Initialization Vectors, consult</p>
-
-<ul><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Initialization_vector" rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a shape="rect" class="external-link" href="http://www.herongyang.com/Cryptography/" rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation" rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul>
-
-
-<h3 id="BookDataFormatAppendix-HashedMessageAuthenticationCodes(HMAC)">Hashed Message Authentication Codes (HMAC)</h3>
-
-<p>To avoid attacks against the encrypted data while it is in transit the CryptoDataFormat can also calculate a Message Authentication Code for the encrypted exchange contents based on a configurable MAC algorithm. The calculated HMAC is appended to the stream after encryption. It is separated from the stream in the decryption phase. The MAC is recalculated and verified against the transmitted version to insure nothing was tampered with in transit.For more information on Message Authentication Codes see <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>For more information of the use of Initialization Vectors, consult</p><ul><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Initialization_vector" rel="nofollow">http://en.wikipedia.org/wiki/Initialization_vector</a></li><li><a shape="rect" class="external-link" href="http://www.herongyang.com/Cryptography/" rel="nofollow">http://www.herongyang.com/Cryptography/</a></li><li><a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation" rel="nofollow">http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation</a></li></ul><h3 id="BookDataFormatAppendix-HashedMessageAuthenticationCodes(HMAC)">Hashed Message Authentication Codes (HMAC)</h3><p>To avoid attacks against the encrypted data while it is in transit the CryptoDataFormat can also calculate a Message Authentication Code for the encrypted exchange contents based on a configurable MAC algorithm. The calculated HMAC is appended to the stream afte
 r encryption. It is separated from the stream in the decryption phase. The MAC is recalculated and verified against the transmitted version to insure nothing was tampered with in transit.For more information on Message Authentication Codes see <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">http://en.wikipedia.org/wiki/HMAC</a></p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 
@@ -3577,19 +3523,11 @@ from(&quot;direct:hmac&quot;)
     .unmarshal(cryptoFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>or with spring.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;crypto id=&quot;hmac&quot; algorithm=&quot;DES&quot; keyRef=&quot;desKey&quot; shouldAppendHMAC=&quot;true&quot; /&gt;
 ]]></script>
-</div></div>
-
-<p>By default the HMAC is calculated using the HmacSHA1 mac algorithm though this can be easily changed by supplying a different algorithm name. See <a shape="rect" class="unresolved" href="#">here</a> for how to check what algorithms are available through the configured security providers</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>By default the HMAC is calculated using the HmacSHA1 mac algorithm though this can be easily changed by supplying a different algorithm name. See <a shape="rect" class="unresolved" href="#">here</a> for how to check what algorithms are available through the configured security providers</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 KeyGenerator generator = KeyGenerator.getInstance(&quot;DES&quot;);
 
@@ -3603,24 +3541,11 @@ from(&quot;direct:hmac-algorithm&quot;)
     .unmarshal(cryptoFormat)
     .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>or with spring.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;crypto id=&quot;hmac-algorithm&quot; algorithm=&quot;DES&quot; keyRef=&quot;desKey&quot; macAlgorithm=&quot;HmacMD5&quot; shouldAppendHMAC=&quot;true&quot; /&gt;
 ]]></script>
-</div></div>
-
-<h3 id="BookDataFormatAppendix-SupplyingKeysDynamically">Supplying Keys Dynamically</h3>
-
-<p>When using a Recipient list or similar EIP the recipient of an exchange can vary dynamically. Using the same key across all recipients may neither be feasible or desirable. It would be useful to be able to specify keys dynamically on a per exchange basis. The exchange could then be dynamically enriched with the key of its target recipient before being processed by the data format. To facilitate this the DataFormat allow for keys to be supplied dynamically via the message headers below </p>
-
-<ul><li><code>CryptoDataFormat.KEY</code> <code>"CamelCryptoKey"</code></li></ul>
-
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h3 id="BookDataFormatAppendix-SupplyingKeysDynamically">Supplying Keys Dynamically</h3><p>When using a Recipient list or similar EIP the recipient of an exchange can vary dynamically. Using the same key across all recipients may neither be feasible or desirable. It would be useful to be able to specify keys dynamically on a per exchange basis. The exchange could then be dynamically enriched with the key of its target recipient before being processed by the data format. To facilitate this the DataFormat allow for keys to be supplied dynamically via the message headers below</p><ul><li><code>CryptoDataFormat.KEY</code> <code>"CamelCryptoKey"</code></li></ul><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 CryptoDataFormat cryptoFormat = new CryptoDataFormat(&quot;DES&quot;, null);
 /**
@@ -3642,34 +3567,14 @@ from(&quot;direct:key-in-header-decrypt&
     }
 }).to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>or with spring.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or with spring.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;crypto id=&quot;nokey&quot; algorithm=&quot;DES&quot; /&gt;
 ]]></script>
-</div></div>
-
-<h3 id="BookDataFormatAppendix-PGPDataFormatOptions">PGPDataFormat Options</h3>
-<div class="confluenceTableSmall">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> Name </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Type </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Default </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>keyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> The user ID of the key in the PGP keyring used during encryption. See also option <code>keyUserids</code>. Can also be only a part of a user ID. For example, if the user ID is "Test User &lt;test@camel.com&gt;" then you can use the part "Test User" or "&lt;test@camel.com&gt;" to address the user ID. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
 <p> <code>keyUserids</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>List&lt;String&gt;</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>: PGP allows to encrypt the symmetric key by several asymmetric public receiver keys. You can specify here the User IDs or parts of User IDs of several public keys contained in the PGP keyring.  If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding public keys will be used for the encryption. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>password</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd">
 <p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Password used when opening the private key (not used for encryption). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>keyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>encryptionKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.1</strong>; encryption 
 keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional userid of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). Can also be only a part of a user ID. For example, if the user ID is "Test User &lt;test@camel.com&gt;" then you can use the part "Test User" or "&lt;test@camel.com&gt;" to address the user ID. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signaturePassword</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="
 confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional password used when opening the private key used for signing (during encryption). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd">
 <p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.1</strong>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>algorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>SymmetricKeyAlgorithmTags.CAST5</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>; symmetric key encryption algorithm; possible values are defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <
 code>compressionAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CompressionAlgorithmTags.ZIP</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>; compression algorithm; possible values are defined in <code>org.bouncycastle.bcpg.CompressionAlgorithmTags</code>; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>hashAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>HashAlgorithmTags.SHA1</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>: signature hash algorithm; possible values are defined in <code>org.bouncycastle.bcpg.HashAlgori
 thmTags</code>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>armored</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>false</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>integrity</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>true</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Adds an integrity check/sign into the encryption file. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code
 >passphraseAccessor</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.2</strong>; provides passphrases corresponding to user Ids.  If no passpharase can be found from the option <code>password</code> or <code>signaturePassword</code> and from the headers <code>CamelPGPDataFormatKeyPassword</code> or <code>CamelPGPDataFormatSignatureKeyPassword</code> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/m
 ain/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The passphrase accessor is especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys'  below. </p></td></tr></tbody></table>
-
-</div>
-
-<h3 id="BookDataFormatAppendix-PGPDataFormatMessageHeaders">PGPDataFormat Message Headers</h3>
-<p>You can override the PGPDataFormat options by applying below headers into message dynamically.</p>
+</div></div><h3 id="BookDataFormatAppendix-PGPDataFormatOptions">PGPDataFormat Options</h3><div class="confluenceTableSmall">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> Name </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Type </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Default </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>keyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> The user ID of the key in the PGP keyring used during encryption. See also option <code>keyUserids</code>. Can also be only a part of a user ID. For example, if the user ID is "Test User &lt;test@camel.com&gt;" then you can use the part "Test User" or "&lt;test@camel.com&gt;" to address the user ID. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
 <p> <code>keyUserids</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>List&lt;String&gt;</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>: PGP allows to encrypt the symmetric key by several asymmetric public receiver keys. You can specify here the User IDs or parts of User IDs of several public keys contained in the PGP keyring.  If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding public keys will be used for the encryption. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>password</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd">
 <p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Password used when opening the private key (not used for encryption). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>keyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Filename of the keyring; must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>encryptionKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.1</strong>; encryption 
 keyring; you can not set the keyFileName and encryptionKeyRing at the same time. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional User ID of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). During the signature verification process the specified User ID restricts the public keys from the public keyring which can be used for the verification. If no User ID is specified for the signature verficiation then any public key in the public keyring can be used for the verification. Can also be only a part of a user ID. For example, if the user ID is "Test User &lt;test@camel.com&gt;" then you can use the part "Te
 st User" or "&lt;test@camel.com&gt;" to address the User ID. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyUserids</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>List&lt;String&gt;</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.3</strong>; optional list of User IDs of the key in the PGP keyring used for signing (during encryption) or signature verification (during decryption). You can specify here the User IDs or parts of User IDs of several keys contained in the PGP keyring.  If you just have one User ID, then you can also use the option <code>keyUserid</code>. The User ID specified in <code>keyUserid</code> and the User IDs in <code>keyUserids</code> will be merged together and the corresponding keys will be used for the signing or signature verification. If the specified User IDs refer
 ence several keys then for each key a signature is added to the PGP result during the encryption-signing process. In the decryption-verifying process the list of User IDs restricts the list of public keys which can be used for signature verification. If the list of User IDs is empty then any public key in the public keyring can be used for the signature verification.  </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signaturePassword</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional password used when opening the private key used for signing (during encryption). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>
 String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; optional filename of the keyring to use for signing (during encryption) or for signature verification (during decryption); must be accessible as a classpath resource (but you can specify a location in the file system by using the "file:" prefix). </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>signatureKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.1</strong>; signature keyring; you can not set the signatureKeyFileName and signatureKeyRing at the same time. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>algorithm</code> </
 p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>SymmetricKeyAlgorithmTags.CAST5</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>; symmetric key encryption algorithm; possible values are defined in <code>org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags</code>; for example 2 (= TRIPLE DES), 3 (= CAST5), 4 (= BLOWFISH), 6 (= DES), 7 (= AES_128). Only relevant for encrypting. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>compressionAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CompressionAlgorithmTags.ZIP</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>; compression algorithm; possible values are defined in <code>org.bouncycastle.bcpg.C
 ompressionAlgorithmTags</code>; for example 0 (= UNCOMPRESSED), 1 (= ZIP), 2 (= ZLIB), 3 (= BZIP2). Only relevant for encrypting. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>hashAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>HashAlgorithmTags.SHA1</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>: signature hash algorithm; possible values are defined in <code>org.bouncycastle.bcpg.HashAlgorithmTags</code>; for example 2 (= SHA1), 8 (= SHA256), 9 (= SHA384), 10 (= SHA512), 11 (=SHA224). Only relevant for signing. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>armored</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>false</code> </p></td><td colsp
 an="1" rowspan="1" class="confluenceTd"><p> This option will cause PGP to base64 encode the encrypted text, making it available for copy/paste, etc. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>integrity</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>boolean</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>true</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> Adds an integrity check/sign into the encryption file. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>passphraseAccessor</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>null</code> 
 </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.2</strong>; provides passphrases corresponding to user Ids.  If no passpharase can be found from the option <code>password</code> or <code>signaturePassword</code> and from the headers <code>CamelPGPDataFormatKeyPassword</code> or <code>CamelPGPDataFormatSignatureKeyPassword</code> then the passphrase is feteched from the passphrase accessor. You provide a bean which implements the interface <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessor.java" rel="nofollow">PGPPassphraseAccessor</a>. A default implementation is given by <a shape="rect" class="external-link" href="https://github.com/apache/camel/blob/master/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/PGPPassphraseAccessorDefault.java" rel="nofollow">PGPPassphraseAccessorDefault</a>.  The
  passphrase accessor is especially useful in the decrypt case; see chapter 'PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys'  below. </p></td></tr></tbody></table>
 
-<div class="confluenceTableSmall"></div>
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> Name </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Type </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatKeyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; filename of the keyring; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatEncryptionKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.1</strong>; the encryption keyring; will override existing se
 tting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatKeyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; the User ID of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatKeyUserids</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>  <code>List&lt;String&gt;</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since camel 2.12.2</strong>: the User IDs of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatKeyPassword</code> </p></td><td colspan="1" rowspan="1
 " class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; password used when opening the private key; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatSignatureKeyFileName</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; filename of the signature keyring; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatSignatureKeyRing</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>byte[]</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.1</strong>; the signature keyring; will override existin
 g setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatSignatureKeyUserid</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; the userid of the signature key in the PGP keyring; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatSignatureKeyPassword</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>String</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.11.0</strong>; password used when opening the signature private key; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatEncryptionAlgorithm</code
 > </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.2</strong>; symmetric key encryption algorithm; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatSignatureHashAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.2</strong>; signature hash algorithm; will override existing setting directly on the PGPDataFormat. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>CamelPGPDataFormatCompressionAlgorithm</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>int</code> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>Since Camel 2.12.2</strong>; compression algorithm; will
  override existing setting directly on the PGPDataFormat. </p></td></tr></tbody></table></div>
-
-
-<h3 id="BookDataFormatAppendix-EncryptingwithPGPDataFormat">Encrypting with PGPDataFormat</h3>
-
-<p>The following sample uses the popular PGP format for encrypting/decrypting files using the <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">Bouncy Castle Java libraries</a>:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div><h3 id="BookDataFormatAppendix-PGPDataFormatMessageHeaders">PGPDataFormat Message Headers</h3><p>You can override the PGPDataFormat options by applying below headers into message dynamically.</p><div class="confluenceTableSmall"></div><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionKeyRing</code></p
 ></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the encryption keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyUserids</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>List&lt;String&gt;</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since camel 2.12.2</strong>: the User IDs of the key in the PGP keyring; 
 will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the private key; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyFileName</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; filename of the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyRing</code></p></td><td colspan="1" rows
 pan="1" class="confluenceTd"><p><code>byte[]</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.1</strong>; the signature keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyUserid</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; the User ID of the signature key in the PGP keyring; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">CamelPGPDataFormatSignatureKeyUserids</td><td colspan="1" rowspan="1" class="confluenceTd">List&lt;String&gt;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Since Camel 2.12.3</strong>; the User IDs of the signature keys in the PGP keyring; will override existing setting 
 directly on the PGPDataFormat.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureKeyPassword</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>String</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.11.0</strong>; password used when opening the signature private key; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatEncryptionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; symmetric key encryption algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatSignatureHashAlgorithm</code></p></td><td colspan="1" rowspan="1" class
 ="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; signature hash algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>CamelPGPDataFormatCompressionAlgorithm</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>int</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>Since Camel 2.12.2</strong>; compression algorithm; will override existing setting directly on the PGPDataFormat.</p></td></tr></tbody></table></div><h3 id="BookDataFormatAppendix-EncryptingwithPGPDataFormat">Encrypting with PGPDataFormat</h3><p>The following sample uses the popular PGP format for encrypting/decrypting files using the <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">Bouncy Castle Java libraries</a>:</p><div class="code panel pdl" style="bor
 der-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 // Public Key FileName
 String keyFileName = getKeyFileName();
@@ -3686,11 +3591,7 @@ from(&quot;direct:inline&quot;)
         .unmarshal().pgp(keyFileNameSec, keyUserid, keyPassword)
         .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>The following sample performs signing + encryption, and then signature verification + decryption. It uses the same keyring for both signing and encryption, but you can obviously use different keys:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>The following sample performs signing + encryption, and then signature verification + decryption. It uses the same keyring for both signing and encryption, but you can obviously use different keys:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 PGPDataFormat pgpSignAndEncrypt = new PGPDataFormat();
 pgpSignAndEncrypt.setKeyFileName(keyFileName);
@@ -3712,11 +3613,7 @@ from(&quot;direct:inline-sign&quot;)
         .unmarshal(pgpVerifyAndDecrypt)
         .to(&quot;mock:unencrypted&quot;);
 ]]></script>
-</div></div>
-
-<p>Or using Spring:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>Or using Spring:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;dataFormats&gt;
   &lt;!-- will load the file from classpath by default, but you can prefix with file: to load from file system --&gt;
@@ -3734,39 +3631,16 @@ from(&quot;direct:inline-sign&quot;)
   &lt;to uri=&quot;mock:unencrypted&quot;/&gt;
 &lt;/route&gt;
 ]]></script>
-</div></div>
-
-<h4 id="BookDataFormatAppendix-Toworkwiththepreviousexampleyouneedthefollowing">To work with the previous example you need the following</h4>
-<ul><li>A public keyring file which contains the public keys used to encrypt the data</li><li>A private keyring file which contains the keys used to decrypt the data</li><li>The keyring password</li></ul>
-
-
-<h4 id="BookDataFormatAppendix-Managingyourkeyring">Managing your keyring</h4>
-<p>To manage the keyring, I use the command line tools, I find this to be the simplest approach in managing the keys. There are also Java libraries available from <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">http://www.bouncycastle.org/java.html</a> if you would prefer to do it that way.</p>
-
-<ol><li>Install the command line utilities on linux
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><h4 id="BookDataFormatAppendix-Toworkwiththepreviousexampleyouneedthefollowing">To work with the previous example you need the following</h4><ul><li>A public keyring file which contains the public keys used to encrypt the data</li><li>A private keyring file which contains the keys used to decrypt the data</li><li>The keyring password</li></ul><h4 id="BookDataFormatAppendix-Managingyourkeyring">Managing your keyring</h4><p>To manage the keyring, I use the command line tools, I find this to be the simplest approach in managing the keys. There are also Java libraries available from <a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">http://www.bouncycastle.org/java.html</a> if you would prefer to do it that way.</p><ol><li><p>Install the command line utilities on linux</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[apt-get install gnupg]]></script>
-</div></div></li><li>Create your keyring, entering a secure password
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li><li><p>Create your keyring, entering a secure password</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[gpg --gen-key]]></script>
-</div></div></li><li>If you need to import someone elses public key so that you can encrypt a file for them.
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li><li><p>If you need to import someone elses public key so that you can encrypt a file for them.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[gpg --import &lt;filename.key]]></script>
-</div></div></li><li>The following files should now exist and can be used to run the example
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li><li><p>The following files should now exist and can be used to run the example</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ls -l ~/.gnupg/pubring.gpg ~/.gnupg/secring.gpg]]></script>
-</div></div></li></ol>
-
-
-<h3 id="BookDataFormatAppendix-PGPDecrypting/VerifyingofMessagesEncrypted/SignedbyDifferentPrivate/PublicKeys">PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys</h3>
-
-<p>Since <strong>Camel  2.12.2</strong>.</p>
-
-<p>A PGP Data Formater can decrypt/verify messages which have been encrypted by different public keys or signed by different private keys. Just, provide the corresponding private keys in the secret keyring, the corresponding public keys in the public keyring, and the  passphrases in the passphrase accessor.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-Map&lt;String, String&gt; userId2Passphrase = new HashMap&lt;String, String&gt;(2);
+</div></div></li></ol><h3 id="BookDataFormatAppendix-PGPDecrypting/VerifyingofMessagesEncrypted/SignedbyDifferentPrivate/PublicKeys">PGP Decrypting/Verifying of Messages Encrypted/Signed by Different Private/Public Keys</h3><p>Since <strong>Camel 2.12.2</strong>.</p><p>A PGP Data Formater can decrypt/verify messages which have been encrypted by different public keys or signed by different private keys. Just, provide the corresponding private keys in the secret keyring, the corresponding public keys in the public keyring, and the passphrases in the passphrase accessor.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[Map&lt;String, String&gt; userId2Passphrase = new HashMap&lt;String, String&gt;(2);
 // add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
 userId2Passphrase.put(&quot;UserIdOfKey1&quot;,&quot;passphrase1&quot;); // you must specify the exact User ID!
 userId2Passphrase.put(&quot;UserIdOfKey2&quot;,&quot;passphrase2&quot;);
@@ -3785,29 +3659,15 @@ from(&quot;direct:start&quot;)
         .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
         ...            
 ]]></script>
-</div></div>
-
-<ul><li>The functionality is especially useful to support the key exchange. If you want to exchange the private key for decrypting you can accept for a period of time messages which are either encrypted with the old or new corresponding public key. Or if the sender wants to exchange his signer private key, you can accept for a period of time, the old or new signer key.</li><li>Technical background: The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling.</li></ul>
-
-
-<h3 id="BookDataFormatAppendix-Dependencies.15">Dependencies</h3>
-
-<p>To use the <a shape="rect" href="crypto.html">Crypto</a> dataformat in your camel routes you need to add the following dependency to your pom.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;dependency&gt;
+</div></div><ul><li>The functionality is especially useful to support the key exchange. If you want to exchange the private key for decrypting you can accept for a period of time messages which are either encrypted with the old or new corresponding public key. Or if the sender wants to exchange his signer private key, you can accept for a period of time, the old or new signer key.</li><li>Technical background: The PGP encrypted data contains a Key ID of the public key which was used to encrypt the data. This Key ID can be used to locate the private key in the secret keyring to decrypt the data. The same mechanism is also used to locate the public key for verifying a signature. Therefore you no longer must specify User IDs for the unmarshaling.</li></ul><h3 id="BookDataFormatAppendix-Dependencies.15">Dependencies</h3><p>To use the <a shape="rect" href="crypto.html">Crypto</a> dataformat in your camel routes you need to add the following dependency to your pom.</p><div class="code pan
 el pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;dependency&gt;
   &lt;groupId&gt;org.apache.camel&lt;/groupId&gt;
   &lt;artifactId&gt;camel-crypto&lt;/artifactId&gt;
   &lt;version&gt;x.x.x&lt;/version&gt;
   &lt;!-- use the same version as your Camel core version --&gt;
 &lt;/dependency&gt;
 ]]></script>
-</div></div>
-
-
-<h3 id="BookDataFormatAppendix-SeeAlso">See Also</h3>
-<ul><li><a shape="rect" href="data-format.html">Data Format</a></li><li><a shape="rect" href="crypto-digital-signatures.html">Crypto (Digital Signatures)</a></li><li><a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">http://www.bouncycastle.org/java.html</a></li></ul>
+</div></div><h3 id="BookDataFormatAppendix-SeeAlso">See Also</h3><ul><li><a shape="rect" href="data-format.html">Data Format</a></li><li><a shape="rect" href="crypto-digital-signatures.html">Crypto (Digital Signatures)</a></li><li><a shape="rect" class="external-link" href="http://www.bouncycastle.org/java.html" rel="nofollow">http://www.bouncycastle.org/java.html</a></li></ul>
 <h2 id="BookDataFormatAppendix-SyslogDataFormat">Syslog DataFormat</h2>
 <p><strong>Available as of Camel 2.6</strong></p>
 



Mime
View raw message