This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to implement encryption and decryption in apigee edge cloud?

Posted on 09-07-2020 12:56 PM
sravanig231
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello Team,

How to implement encryption and decryption using python script in apigee edge cloud and I tried with some sample code but iam getting errors about installing module.

Please suggest how to install python modules in apigee edge cloud.

Thank you

EDIT

Hello Dino,

I referred this link https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-RsaCrypto to create an APi Proxy and its working.

We updated above proxy using our public key and private key to encrypt and decrypt. the data but it is not working. Could you please help on this.

is this jar is suitable for all types(like sha 256...)of rsa encryption and decryption?

Solved Solved
0 6 2,241
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hi sravani

"malformed sequence in RSA private key"

Indicates that the private key you are using, is malformed.

Compare it to the formats of the keys I included in the demonstration. Something is off. By comparing you may be able to see what is different.

The "bouncycastle" is just a library. The important thing is the message it is giving you. That message indicates the private key is not correctly formatted. Your private key should look something like this: 

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDXk9k01JrhGQf1
4B4nymHntaG9SYA2kEQOo/RK4fM2XcebFsSJQ8GgE1AC1GlWU5YzS34WW0w5GMZe
...
hHYu+QiRZnABbpD9C1+Akh4dG97Woyfd5igBsT1Ovs9PDCN0rO4I2nJHrNLJSPte
OtpRWoF2/LERvp6RNeXthgs=
-----END PRIVATE KEY-----

I do not suggest that you post your private key here. It's a secret, it's intended to be a secret. The security of the encryption depends on it remaining a secret. But... if you could post the STRUCTURE of your private key, that might help us.

But maybe better is to just insure that your private key looks exactly like the demo key.

also: just a side question, how did you create your own private key? What did you do, to generate that private key? Where did you get it?

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

what are you really trying to accomplish? Which encryption algorithm and scheme? Why do you include "solving it with python" as a requirement?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

We updated above proxy using our public key and private key to encrypt and decrypt. the data but it is not working. Could you please help on this.

Yes, I can try to help. But as I'm sure you can understand, "it's not working" is not enough information to allow me to help you. You'll need to be more specific.

is this jar is suitable for all types(like sha 256...)of rsa encryption and decryption?

No. I don't know what "sha256" encryption is. There is a way to produce a signature via RSA-SHA256. But that is not encryption. I am not aware that SHA256 alone can be used to produce RSA-based encryption. But maybe you are talking about OAEP padding?

Unfortunately I was not very clear with the way I originally wrote the README; I apologize for that. That callout performs RSA encryption with either PKCS1.5 padding or OAEP padding. The latter implies "OAEP with SHA-256 and MGF1 padding." I will update the README now to be more explicit about that.

As I said, I can try to help, but you'll need to be clearer about what you want to accomplish (See my question from 4 days ago). You are asking questions about using python, or using a Java-based callout, but you haven't explained to us what you are trying to do.

Are you certain you want encryption? Do you think maybe you want RSA signatures? What exactly are you signing or encrypting? what happens to the output payload after signing or encrypting? What system is consuming the signed or encrypted payload? What is the purpose of the signing or encryption - non repudiation? secrecy? Time-stamping? Something else?

Maybe if you provide some additional context, I might be able to bring some light to the conversation.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sravanig231
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

error-trace.pngencrypt.png

Hello Dino,

Iam using PKCS Padding and Here my requirement is RSA decryption and I have to sent that decrypted data to backend.

For that Iam using your RSA crpto proxy and Iam replacing in AM-Demo variables public key and private key which I have but in this encryption is working fine. While doing decryption Iam getting bouncy castle error. Has mentioned in Readme.md I uploaded bouncycastle.jar in api proxy. Can you please guide me how to refer and utilize bouncy jar in flow.

Error:

org.bouncycastle.openssl.PEMException: malformed sequence in RSA private key at org.bouncycastle.openssl.PEMParser$KeyPairParser.parseObject(Unknown Source) at org.bouncycastle.openssl.PEMParser.readObject(Unknown Source) at com.google.apigee.util.KeyUtil.decodePrivateKey(KeyUtil.java:70) at com.google.apigee.edgecallouts.RsaCryptoCallout.getPrivateKey(RsaCryptoCallout.java:190) at com.google.apigee.edgecallouts.RsaCryptoCallout.execute(RsaCryptoCallout.java:407) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:235) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:302) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:300) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:300) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:169) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:157) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:82) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:48) at com.apigee.threadpool.CallableWrapperForMDCPreservation.call(CallableWrapperForMDCPreservation.java:26) at com.apigee.threadpool.ThreadPoolManager$QueueAwareCallableTask.call(ThreadPoolManager.java:546) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.bouncycastle.openssl.PEMException: malformed sequence in RSA private key at org.bouncycastle.openssl.PEMParser$RSAKeyPairParser.parse(Unknown Source)

Thank you,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sravanig231
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@Dino

At present we are able to do encryption and decryption for specific field from my JSON request payload.

I have requirement to encrypt and decrypt the multiple json values from my request payload(payload content has around 50 key- value pairs).

Example:

Request:

{

"key1": "value1",

"key2":"value2,

.........

}

Response:

{

"key1": "******",

"key2":"*******,

.........

}

Is it possible by using this https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-RsaCrypto ?

Thank you,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sravanig231
Reply posted on --/--/---- --:-- AM

Answered in the new question.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hi sravani

"malformed sequence in RSA private key"

Indicates that the private key you are using, is malformed.

Compare it to the formats of the keys I included in the demonstration. Something is off. By comparing you may be able to see what is different.

The "bouncycastle" is just a library. The important thing is the message it is giving you. That message indicates the private key is not correctly formatted. Your private key should look something like this: 

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDXk9k01JrhGQf1
4B4nymHntaG9SYA2kEQOo/RK4fM2XcebFsSJQ8GgE1AC1GlWU5YzS34WW0w5GMZe
...
hHYu+QiRZnABbpD9C1+Akh4dG97Woyfd5igBsT1Ovs9PDCN0rO4I2nJHrNLJSPte
OtpRWoF2/LERvp6RNeXthgs=
-----END PRIVATE KEY-----

I do not suggest that you post your private key here. It's a secret, it's intended to be a secret. The security of the encryption depends on it remaining a secret. But... if you could post the STRUCTURE of your private key, that might help us.

But maybe better is to just insure that your private key looks exactly like the demo key.

also: just a side question, how did you create your own private key? What did you do, to generate that private key? Where did you get it?

Jump to Solution
0 Likes