Java Simplified Encryption By JASYPT

Introduction to Jasypt

Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Take a simple case where we have application with customer's personal data to store in database in encrypted format 

In other case we have properties file with database credential store in encrypted form.

Jasypt library helps to  do  encryption and decryption scenarios in a very simple manner. 

Lets start with simple encryption and decryption using  BasicTextEncryptor class from the Jasypt library:

BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
String criticalData = "secret-data";
basicTextEncryptor.setPasswordCharArray("anythingforchararray".toCharArray())
String encryptedData= basicTextEncryptor.encrypt(criticalData);

To Decrypt

String plaintext = basicTextEncryptor.decrypt(encryptedData );

Simple isnt it !

We can use specialize class  StrongTextEncryptor   to achieve stronger encryption

StrongTextEncryptor strongEncryptor = new StrongTextEncryptor();
strongEncryptor.setPassword(myEncryptionPassword);
String myEncryptedText = strongEncryptor.encrypt(myText);
String myEncryptedText = strongEncryptor.encrypt(myText);
String plainText = strongEncryptor.decrypt(myEncryptedText)

Still Simple !!

we can even define encryption algorithm using Password based encryption classes  provided by jasypt. As the name suggest it requires a password to be supplied.

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword("somepasswrd");             // set password
encryptor.setAlgorithm("PBEWithMD5AndTripleDES");    // optionally set the algorithm

// perform encyrption
String encryptedText = encryptor.encrypt(myText);

//perform decryption
String plainText = encryptor.decrypt(encryptedText);  // myText.equals(plainText)

Jasypt with SpringBoot

With spring-boot you can add maven dependency

<dependency>

    <groupId>com.github.ulisesbocchio</groupId>

    <artifactId>jasypt-spring-boot</artifactId>

    <version>2.0.0</version>

</dependency>

Add @EnableEncryptableProperties Annotations to your application

Add @PropertySource annotation to define properties files with encrypted properties

Inside properties file wrap encrypted value inside ENC()

@SpringBootApplication
@EnableEncryptableProperties
@PropertySource(name="EncryptedProperties", value = "classpath:encrypted.properties")
public class Application {
.....
}

Inside encrypted.properties

secret.key=ENC(hashed-encryptedtext); // 

 Now when you do environment.getProperty("secret.property") or use @Value("${secret.property}") what you get is the decrypted version of secret.property.

@Configuration
public class DBConfig {

@Value("${secret.property}")
String decryptedText;

......
}

Define a custom encryptor

@Bean(name = "customEcnryptor")
public StringEncryptor customEncryptorBean() {

    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    config.setPassword("password");
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
}

Add  in application.properties file 

jasypt.encryptor.bean=customEcnryptor

to tell spring to use customEncryptor for jasypt encryption

That's all about Jasypt introduction. You can read more about jasypt features from  Jasypt home page