Records : 424
Scenario : In the Spring Boot microservice, use jasypt-spring-boot to encrypt and decrypt the configuration information in the yml configuration file.
版本:JDK 1.8,Spring Boot 2.6.3,jasypt-1.9.3,jasypt-spring-boot-2.1.2, jasypt-spring-boot-3.0.5。
Open source address : https://github.com/ulisesbocchio/jasypt-spring-boot
1. Use jasypt-spring-boot-3.0.5 version in Spring Boot microservice
1.1 Introduce dependent packages in pom.xml
(1) Dependent packages
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>(2) Analysis
The bottom layer of jasypt-spring-boot-3.0.5 uses jasypt-1.9.3. After introducing jasypt-spring-boot, related dependencies will be imported automatically.
1.2 Add jasypt configuration in application.yml
(1) configuration
Add jasypt configuration in application.yml, mainly to specify the encryption key.
jasypt:
encryptor:
password: U3buwRJdQ2023(2) Analysis
jasypt-spring-boot will take the specified key to decrypt the configuration information that needs to be decrypted.
1.3 Configure encrypted information in yml
The value of the example hub.example.password is encrypted.
hub:
example:
password: ENC(C7KjxXpxXC/a/q1R8yCB+xkRIiHnDrDsmB8mEg3AWTvDNCf3nKiV09oZwHIS3SY9Sw1p3JfY3Ed7aWFEnVZ0rg==)1.4 Configure the encrypted information storage format in yml
The information encrypted using jasypt-spring-boot is wrapped with ENC() in the yml file .
1.5 Start the microservice
Microservice logs:
String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing Default String Encryptor
Encryptor config not found for property jasypt.encryptor.algorithm, using default value: PBEWITHHMACSHA512ANDAES_256
Encryptor config not found for property jasypt.encryptor.key-obtention-iterations, using default value: 1000
Encryptor config not found for property jasypt.encryptor.pool-size, using default value: 1
Encryptor config not found for property jasypt.encryptor.provider-name, using default value: null
Encryptor config not found for property jasypt.encryptor.provider-class-name, using default value: null
Encryptor config not found for property jasypt.encryptor.salt-generator-classname, using default value: org.jasypt.salt.RandomSaltGenerator
Encryptor config not found for property jasypt.encryptor.iv-generator-classname, using default value: org.jasypt.iv.RandomIvGenerator
Encryptor config not found for property jasypt.encryptor.string-output-type, using default value: base64From the log it can be seen that:
jasypt.encryptor.algorithm:PBEWITHHMACSHA512ANDAES_256。
jasypt.encryptor.salt-generator-classname: org.jasypt.salt.RandomSaltGenerator。
jasypt.encryptor.iv-generator-classname: org.jasypt.iv.RandomIvGenerator。
jasypt.encryptor.string-output-type: base64。
1.6 Test
code:
@RestController
@RequestMapping("/hub/example/city")
@Slf4j
public class CityController {
@Value("${hub.example.password}")
private String cusPassword;
@GetMapping("/load01")
public Object load01() {
log.info("测试开始...");
log.info("从yml文件中获取hub.example.password=" + cusPassword);
log.info("测试结束...");
return "执行成功";
}
}Parse:
The attribute value of @Value("${hub.example.password}") obtained using the annotation is the decrypted content.
2. Use jasypt-spring-boot-2.1.2 version in Spring Boot microservice
2.1 Introduce dependent packages in pom.xml
(1) Dependent packages
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.2</version>
</dependency>(2) Analysis
The bottom layer of jasypt-spring-boot-2.1.2 uses jasypt-1.9.3. After introducing jasypt-spring-boot, related dependencies will be imported automatically.
2.2 Add jasypt configuration in application.yml
(1) configuration
Add jasypt configuration in application.yml, mainly to specify the encryption key.
jasypt:
encryptor:
password: U3buwRJdQ2023(2) Analysis
jasypt-spring-boot will take the specified key to decrypt the configuration information that needs to be decrypted.
2.3 Configure encrypted information in yml
The value of the example hub.example.password is encrypted.
hub:
example:
password: ENC(/BxyrksOnj3U/HCwkRVySHRZs2s4eZveCVncPoCzHMI=)2.4 Configure the encrypted information storage format in yml
The information encrypted using jasypt-spring-boot is wrapped with ENC() in the yml file .
2.5 Start the microservice
Microservice logs:
String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing Default String Encryptor
Encryptor config not found for property jasypt.encryptor.algorithm, using default value: PBEWithMD5AndDES
Encryptor config not found for property jasypt.encryptor.key-obtention-iterations, using default value: 1000
Encryptor config not found for property jasypt.encryptor.pool-size, using default value: 1
Encryptor config not found for property jasypt.encryptor.provider-name, using default value: null
Encryptor config not found for property jasypt.encryptor.provider-class-name, using default value: null
Encryptor config not found for property jasypt.encryptor.salt-generator-classname, using default value: org.jasypt.salt.RandomSaltGenerator
Encryptor config not found for property jasypt.encryptor.iv-generator-classname, using default value: org.jasypt.iv.NoIvGenerator
Encryptor config not found for property jasypt.encryptor.string-output-type, using default value: base64From the log it can be seen that:
jasypt.encryptor.algorithm:PBEWithMD5AndDES。
jasypt.encryptor.salt-generator-classname: org.jasypt.salt.RandomSaltGenerator。
jasypt.encryptor.iv-generator-classname: org.jasypt.iv.NoIvGenerator。
jasypt.encryptor.string-output-type: base64。
2.6 Test
code:
@RestController
@RequestMapping("/hub/example/city")
@Slf4j
public class CityController {
@Value("${hub.example.password}")
private String cusPassword;
@GetMapping("/load01")
public Object load01() {
log.info("测试开始...");
log.info("从yml文件中获取hub.example.password=" + cusPassword);
log.info("测试结束...");
return "执行成功";
}
}Parse:
The attribute value of @Value("${hub.example.password}") obtained using the annotation is the decrypted content.
3. Generate encryption configuration
When configuring encryption properties in the yml file, you need to generate encryption configuration information first, and use ECN() to wrap it into the yml configuration.
public class JasyptDemo {
public static void main(String[] args) {
f1_BasicTextEncryptor();
f2_AES256TextEncryptor();
}
/**
* 加密工具类: org.jasypt.util.text.BasicTextEncryptor
* 加密算法: PBEWithMD5AndDES
*/
public static void f1_BasicTextEncryptor() {
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
System.out.println("当前加密方式: 加密类: BasicTextEncryptor, 加密算法: PBEWithMD5AndDES ");
// 1.设置秘钥
String salt = "U3buwRJdQ2023";
textEncryptor.setPassword(salt);
// 2.加密
// 2.1加密内容
String pd = "Hangzhou20230427";
System.out.println("加密前: " + pd);
// 2.2加密操作
String pdAfterEncrypt = textEncryptor.encrypt(pd);
System.out.println("加密后: " + pdAfterEncrypt);
// 3.解密操作
String pdAfterDecrypt = textEncryptor.decrypt(pdAfterEncrypt);
System.out.println("解密后: " + pdAfterDecrypt);
}
/**
* 加密工具类: org.jasypt.util.text.AES256TextEncryptor
* 加密算法: PBEWithHMACSHA512AndAES_256
*/
public static void f2_AES256TextEncryptor() {
AES256TextEncryptor textEncryptor = new AES256TextEncryptor();
System.out.println("当前加密方式: 加密类: AES256TextEncryptor, 加密算法: PBEWithHMACSHA512AndAES_256 ");
// 1.设置秘钥
String salt = "U3buwRJdQ2023";
textEncryptor.setPassword(salt);
// 2.加密
// 2.1加密内容
String pd = "Hangzhou20230427";
System.out.println("加密前: " + pd);
// 2.2加密操作
String pdAfterEncrypt = textEncryptor.encrypt(pd);
System.out.println("加密后: " + pdAfterEncrypt);
// 3.解密操作
String pdAfterDecrypt = textEncryptor.decrypt(pdAfterEncrypt);
System.out.println("解密后: " + pdAfterDecrypt);
}
}4. Comparison of versions 2.1.2 and 3.0.5 of jasypt-spring-boot
4.1 Similarities
The bottom layer uses jasypt-1.9.3.
4.2 Differences
The algorithm used by default is different.
jasypt-spring-boot-2.1.2 default encryption algorithm: PBEWithMD5AndDES.
jasypt-spring-boot-3.0.5 default encryption algorithm: PBEWithHMACSHA512AndAES_256.
Therefore, when switching from jasypt-spring-boot-2.1.2 to jasypt-spring-boot-3.0.5, appropriate modifications need to be made. For example, regenerate encrypted configuration information. Or specify an algorithm.
5. Precautions for switching the version of jasypt-spring-boot from 2.1.2 to 3.0.5
When switching from jasypt-spring-boot-2.1.2 to jasypt-spring-boot-3.0.5, if you do not modify the encrypted information generated by version 2.1.2, you need to specify the algorithm information in yml.
Error:
Unable to decrypt property: ... Decryption of Properties failed, make sure encryption/decryption passwords match
reason:
jasypt-spring-boot-2.1.2 and jasypt-spring-boot-3.0.5 use different encryption and decryption algorithms by default, so when using jasypt-spring-boot-2.1.2, the generated encrypted information should be switched to jasypt -spring-boot-3.0.5 cannot be decrypted.
solve:
When using jasypt-spring-boot-3.0.5, specify the algorithm in the yml file instead of using the default algorithm.
jasypt:
encryptor:
password: U3buwRJdQ2023
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGeneratorAbove, thanks.
April 27, 2023