Introduction to Jasypt
Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
In other case we have properties file with database credential store in encrypted form.
Jasypt library helps to do encryption and decryption scenarios in a very simple manner.
Lets start with simple encryption and decryption using BasicTextEncryptor class from the Jasypt library:
BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
String criticalData = "secret-data";
basicTextEncryptor.setPasswordCharArray("anythingforchararray".toCharArray())
String encryptedData= basicTextEncryptor.encrypt(criticalData);
To Decrypt
String plaintext = basicTextEncryptor.decrypt(encryptedData );
Simple isnt it !
We can use specialize class StrongTextEncryptor to achieve stronger encryption
StrongTextEncryptor strongEncryptor = new StrongTextEncryptor();
strongEncryptor.setPassword(myEncryptionPassword);
String myEncryptedText = strongEncryptor.encrypt(myText);
String myEncryptedText = strongEncryptor.encrypt(myText);
String plainText = strongEncryptor.decrypt(myEncryptedText)
Still Simple !!
we can even define encryption algorithm using Password based encryption classes provided by jasypt. As the name suggest it requires a password to be supplied.
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword("somepasswrd"); // set password
encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); // optionally set the algorithm
// perform encyrption
String encryptedText = encryptor.encrypt(myText);
//perform decryption
String plainText = encryptor.decrypt(encryptedText); // myText.equals(plainText)
Jasypt with SpringBoot
With spring-boot you can add maven dependency
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot</artifactId>
<version>2.0.0</version>
</dependency>
Add @EnableEncryptableProperties Annotations to your application
Add @PropertySource annotation to define properties files with encrypted properties
Inside properties file wrap encrypted value inside ENC()
@SpringBootApplication
@EnableEncryptableProperties
@PropertySource(name="EncryptedProperties", value = "classpath:encrypted.properties")
public class Application {
.....
}
Inside encrypted.properties
secret.key=ENC(hashed-encryptedtext); //
Now when you do environment.getProperty("secret.property") or use @Value("${secret.property}") what you get is the decrypted version of secret.property.
@Configuration
public class DBConfig {
@Value("${secret.property}")
String decryptedText;
......
}
Define a custom encryptor
@Bean(name = "customEcnryptor")
public StringEncryptor customEncryptorBean() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("password");
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
Add in application.properties file
jasypt.encryptor.bean=customEcnryptor
to tell spring to use customEncryptor for jasypt encryption