This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch CAMEL-22031 in repository https://gitbox.apache.org/repos/asf/camel.git
commit eddcffa33350a88b5d5168bfc182fafad6eb99a8 Author: Andrea Cosentino <[email protected]> AuthorDate: Tue Apr 29 16:21:59 2025 +0200 CAMEL-22031 - Camel-PQC: Document usage of secret key extraction from encapsulation Signed-off-by: Andrea Cosentino <[email protected]> --- .../camel-pqc/src/main/docs/pqc-component.adoc | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/components/camel-pqc/src/main/docs/pqc-component.adoc b/components/camel-pqc/src/main/docs/pqc-component.adoc index d8dd0821033..452b87ce892 100644 --- a/components/camel-pqc/src/main/docs/pqc-component.adoc +++ b/components/camel-pqc/src/main/docs/pqc-component.adoc @@ -324,4 +324,36 @@ With this approach the component will use the class `org.apache.camel.component. The Spec used for the KeyPair will be, in this case, `ML-KEM-512`. +== Extract Secret Key from Encapsulation for downstream usage + +Once you have the encapsulation you're able to decapsulate the secret key by using private key. + +All of this could be done to use the secret key coming from the encapsulation in the downstream route. + +As example you could use the secret key to dynamically instruct the CryptoDataFormat to use it, like in the following route. + +[source,java] +-------------------------------------------------------------------------------- + CryptoDataFormat cryptoFormat = new CryptoDataFormat("AES", null); + return new RouteBuilder() { + @Override + public void configure() { + from("direct:encapsulate").to("pqc:keyenc?operation=generateSecretKeyEncapsulation&symmetricKeyAlgorithm=AES") + .to("mock:encapsulate") + .to("pqc:keyenc?operation=extractSecretKeyEncapsulation&symmetricKeyAlgorithm=AES") + .to("pqc:keyenc?operation=extractSecretKeyFromEncapsulation&symmetricKeyAlgorithm=AES") + .setHeader(CryptoDataFormat.KEY, body()) + .setBody(constant("Hello")) + .marshal(cryptoFormat) + .log("Encrypted ${body}") + .to("mock:encrypted") + .unmarshal(cryptoFormat) + .log("Unencrypted ${body}") + .to("mock:unencrypted"); + ; + } +-------------------------------------------------------------------------------- + +This could be used to generate a secret key, protect it through Encapsulation and KEM approach and re-use it once extracted. + include::spring-boot:partial$starter.adoc[]
