SpringBoot- Technology - Configuration File Encryption

　　Project profile if the username and password database written in plain text, then it is a very dangerous thing, before saw online that you can encrypt the password, use the time and then decrypt, so today I will try how spring boot in the project is implemented key information encryption and decryption, and recorded.

jasypt

　　Jasypt is a java library which allows the developer to add basic encryption capabilities to his / her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

　　This is the excerpt from a description Jasypt official website, the focus is simple and convenient while spring and well integrated, especially also provides support for spring boot, you can reference implementation of starter: https: //github.com/ulisesbocchio/jasypt-spring-boot

1. Maven relies

   <dependency>
   　　<groupId>com.github.ulisesbocchio</groupId>
   　　<artifactId>jasypt-spring-boot-starter</artifactId>
   　　<version>1.14</version>
   </dependency>

　　　　http://central.maven.org/maven2/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar

1. Encrypted password

   Encryption command is as follows (the red part represents the encrypted password required):

   java -cp F://.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="test123" password=e9fbdb2d3b21 algorithm=PBEWithMD5AndDES

   
   Command echoing follows (the red part is encrypted ciphertext):

   ----ENVIRONMENT-----------------
   Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.121-b13
   ----ARGUMENTS-------------------
   algorithm: PBEWithMD5AndDES input: test123 password: e9fbdb2d3b21 ----OUTPUT---------------------- ArGx5ir2xs+CmXRhMnThpQ==

2. Provided in the ciphertext program

   Is provided in the program requires the ciphertext following format:

   ENC (ciphertext) 
   as: 
   spring.datasource.password = ENC ( ArGx5ir2xs CmXRhMnThpQ == +)

   Acquired in the program is automatically converted to spring.datasource.password clear content (test123).

3. Cipher text password

   JVM configuration parameters (jasypt.encryptor.password) the startup command, injected into ciphertext encrypted password.
   Such as:

   java -Dfile.encoding=UTF8 -Djasypt.encryptor.password=e9fbdb2d3b21 -jar -Xmx512m settlement.jar

   NOTE: In the docker container ciphertext password can be set to an environment variable (eg: JASYPT_PASSWORD), the above command can be modified to:

   java -Dfile.encoding=UTF8 -Djasypt.encryptor.password=${JASYPT_PASSWORD} -jar -Xmx512m settlement.jar

4. Reference Document
   https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/
   https://github.com/ulisesbocchio/jasypt-spring-boot

 

A good memory as bad written!

　　Project profile if the username and password database written in plain text, then it is a very dangerous thing, before saw online that you can encrypt the password, use the time and then decrypt, so today I will try how spring boot in the project is implemented key information encryption and decryption, and recorded.

jasypt

　　Jasypt is a java library which allows the developer to add basic encryption capabilities to his / her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

　　This is the excerpt from a description Jasypt official website, the focus is simple and convenient while spring and well integrated, especially also provides support for spring boot, you can reference implementation of starter: https: //github.com/ulisesbocchio/jasypt-spring-boot

1. Maven relies

   <dependency>
   　　<groupId>com.github.ulisesbocchio</groupId>
   　　<artifactId>jasypt-spring-boot-starter</artifactId>
   　　<version>1.14</version>
   </dependency>

　　　　http://central.maven.org/maven2/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar

1. Encrypted password

   Encryption command is as follows (the red part represents the encrypted password required):

   java -cp F://.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="test123" password=e9fbdb2d3b21 algorithm=PBEWithMD5AndDES

   
   Command echoing follows (the red part is encrypted ciphertext):

   ----ENVIRONMENT-----------------
   Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.121-b13
   ----ARGUMENTS-------------------
   algorithm: PBEWithMD5AndDES input: test123 password: e9fbdb2d3b21 ----OUTPUT---------------------- ArGx5ir2xs+CmXRhMnThpQ==

2. Provided in the ciphertext program

   Is provided in the program requires the ciphertext following format:

   ENC (ciphertext) 
   as: 
   spring.datasource.password = ENC ( ArGx5ir2xs CmXRhMnThpQ == +)

   Acquired in the program is automatically converted to spring.datasource.password clear content (test123).

3. Cipher text password

   JVM configuration parameters (jasypt.encryptor.password) the startup command, injected into ciphertext encrypted password.
   Such as:

   java -Dfile.encoding=UTF8 -Djasypt.encryptor.password=e9fbdb2d3b21 -jar -Xmx512m settlement.jar

   NOTE: In the docker container ciphertext password can be set to an environment variable (eg: JASYPT_PASSWORD), the above command can be modified to:

   java -Dfile.encoding=UTF8 -Djasypt.encryptor.password=${JASYPT_PASSWORD} -jar -Xmx512m settlement.jar

4. Reference Document
   https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/
   https://github.com/ulisesbocchio/jasypt-spring-boot