Saturday, 9 June 2018

Java Simplified Encryption By JASYPT

Standard
Introduction to Jasypt


Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Take a simple case where we have application with customer's personal data to store in database in encrypted format 

In other case we have properties file with database credential store in encrypted form.
Jasypt library helps to  do  encryption and decryption scenarios in a very simple manner. 

Lets start with simple encryption and decryption using  BasicTextEncryptor class from the Jasypt library:

BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
String criticalData = "secret-data";
basicTextEncryptor.setPasswordCharArray("anythingforchararray".toCharArray())
String encryptedData= basicTextEncryptor.encrypt(criticalData);

To Decrypt
String plaintext = basicTextEncryptor.decrypt(encryptedData );

Simple isnt it !

We can use specialize class  StrongTextEncryptor   to achieve stronger encryption
StrongTextEncryptor strongEncryptor = new StrongTextEncryptor();
strongEncryptor.setPassword(myEncryptionPassword);
String myEncryptedText = strongEncryptor.encrypt(myText);
String myEncryptedText = strongEncryptor.encrypt(myText);
String plainText = strongEncryptor.decrypt(myEncryptedText)
Still Simple !!


we can even define encryption algorithm using Password based encryption classes  provided by jasypt. As the name suggest it requires a password to be supplied.

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword("somepasswrd");             // set password
encryptor.setAlgorithm("PBEWithMD5AndTripleDES");    // optionally set the algorithm
// perform encyrption
String encryptedText = encryptor.encrypt(myText);
//perform decryption
String plainText = encryptor.decrypt(encryptedText);  // myText.equals(plainText)

Jasypt with SpringBoot


With spring-boot you can add maven dependency

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot</artifactId>
    <version>2.0.0</version>
</dependency>

Add @EnableEncryptableProperties Annotations to your application
Add @PropertySource annotation to define properties files with encrypted properties
Inside properties file wrap encrypted value inside ENC()

@SpringBootApplication
@EnableEncryptableProperties
@PropertySource(name="EncryptedProperties", value = "classpath:encrypted.properties")
public class Application {
.....
}

Inside encrypted.properties
secret.key=ENC(hashed-encryptedtext); // 

 Now when you do environment.getProperty("secret.property") or use @Value("${secret.property}") what you get is the decrypted version of secret.property.

@Configuration
public class DBConfig {

@Value("${secret.property}")
String decryptedText;

......
}

Define a custom encryptor

@Bean(name = "customEcnryptor")
public StringEncryptor customEncryptorBean() {

    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    config.setPassword("password");
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
}

Add  in application.properties file 
jasypt.encryptor.bean=customEcnryptor
to tell spring to use customEncryptor for jasypt encryption


That's all about Jasypt introduction. You can read more about jasypt features from  Jasypt home page