Jasypt

Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

  • High-security, standards-based encryption techniques, both for unidirectional and bidirectional encryption. Encrypt passwords, texts, numbers, binaries…

  • Transparent integration with Hibernate.

  • Suitable for integration into Spring-based applications and also transparently integrable with Spring Security.

  • Integrated capabilities for encrypting the configuration of applications (i.e. datasources).

  • Specific features for high-performance encryption in multi-processor/multi-core systems.

  • Open API for use with any JCE provider.

…and much more

Import

  • maven
<dependency>
    <groupId>org.jasypt</groupId>
    <artifactId>jasypt</artifactId>
    <version>1.9.2</version>
</dependency>

Easy usage: the utils

General digesting

org.jasypt.util.digest.Digester which performs message digesting at a binary level, and which results are equivalent to the ones obtained from a java.security.MessageDigest object, although acting in a thread-safe way and implementing an interface more suitable for use in a bean-centric environment.

  • digesterTest()
@Test
public void digesterTest() {

    final String message = "hello";
    Digester digester = new Digester();
    digester.setAlgorithm("SHA-1");

    byte[] digest = digester.digest(message.getBytes());
    System.out.println(Arrays.toString(digest));

}
  • result
[-86, -12, -58, 29, -36, -59, -24, -94, -38, -66, -34, 15, 59, 72, 44, -39, -82, -87, 67, 77]

Password encryption (digesting)

对于密码的加密,How to encrypt user passwords 这篇文章写得很赞。

一、org.jasypt.util.password.BasicPasswordEncryptor

Can be used to both encrypt passwords when users sign up and check input passwords when users sign in.

  • basicPasswordEncryptorTest()
@Test
public void basicPasswordEncryptorTest() {
    final String userPassword = "123456";
    final String inputPassword = "123456";

    BasicPasswordEncryptor passwordEncryptor = new BasicPasswordEncryptor();
    String encryptedPassword = passwordEncryptor.encryptPassword(userPassword); //实际情况可以直接取得加密后的密码
    if (passwordEncryptor.checkPassword(inputPassword, encryptedPassword)) {
        System.out.println("right");
    } else {
        System.out.println("wrong");
    }
}

result

right

二、org.jasypt.util.password.StrongPasswordEncryptor

Implements much higher password security than PasswordEncryptor (at a higher computational cost).

用法如出一辙,不赘述。

三、org.jasypt.util.password.ConfigurablePasswordEncryptor

Lets the developer decide the algorithm to be used and whether he/she wants the full secure password encryption mechanism to be applied (as explained here) or rather a simple digest to be generated for legacy integration reasons.

ConfigurablePasswordEncryptor passwordEncryptor = new ConfigurablePasswordEncryptor();
passwordEncryptor.setAlgorithm("SHA-1");
passwordEncryptor.setPlainDigest(true);
String encryptedPassword = passwordEncryptor.encryptPassword(userPassword);

//...

Text encryption

对于文本的加密为对称的,可以解密。

一、org.jasypt.util.text.BasicTextEncryptor

普通强度的加密算法。

@Test
public void basicTextEncryptorTest() {
    final String myText = "hello";
    BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
    textEncryptor.setPassword("password");  //这里必须要设置密码
    String myEncryptedText = textEncryptor.encrypt(myText);
    System.out.println(myEncryptedText);
    String plainText = textEncryptor.decrypt(myEncryptedText);
    System.out.println(plainText);
}

二、org.jasypt.util.text.StrongTextEncryptor

高强度加密算法。

@Test
public void strongTextEncryptorTest() {
    final String myText = "hello";
    StrongTextEncryptor textEncryptor = new StrongTextEncryptor();
    textEncryptor.setPassword("password");  //这里必须要设置密码
    String myEncryptedText = textEncryptor.encrypt(myText);
    System.out.println(myEncryptedText);
    String plainText = textEncryptor.decrypt(myEncryptedText);
    System.out.println(plainText);
}

报错如下:

org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine

	at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:1073)
	at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:924)
	at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
	at org.jasypt.util.text.StrongTextEncryptor.encrypt(StrongTextEncryptor.java:107)
	at com.ryo.jdk.test.jdk7.old.encrypt.JasyptTest.strongTextEncryptorTest(JasyptTest.java:61)
	...
	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)

需要安装 Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

此处暂时省略。

Number encryption

  • org.jasypt.util.numeric.BasicIntegerNumberEncryptor

此处对于基础的整形加密支持的是 BigInteger,如有需要,自行创建。

@Test
public void BasicIntegerNumberEncryptorTest() {
    BasicIntegerNumberEncryptor integerEncryptor = new BasicIntegerNumberEncryptor();
    integerEncryptor.setPassword("password");

    BigInteger myNumber = new BigInteger("5");
    BigInteger myEncryptedNumber = integerEncryptor.encrypt(myNumber);
    System.out.println(myEncryptedNumber);

    BigInteger plainNumber = integerEncryptor.decrypt(myEncryptedNumber);
    System.out.println(plainNumber);
}

result

-609425823180685730748437049447397219749299486704
5
  • org.jasypt.util.numeric.BasicDecimalNumberEncryptor

类似。

(对于加密的加强版,暂时跳过。)

Binary encryption

  • org.jasypt.util.binary.BasicBinaryEncryptor
@Test
public void BasicBinaryEncryptorTest() {
    BasicBinaryEncryptor binaryEncryptor = new BasicBinaryEncryptor();
    binaryEncryptor.setPassword("password");
    String myBinary = "hello";
    byte[] myEncryptedBinary = binaryEncryptor.encrypt(myBinary.getBytes());
    System.out.println(Arrays.toString(myEncryptedBinary));

    byte[] plainBinary = binaryEncryptor.decrypt(myEncryptedBinary);
    System.out.println(Arrays.toString(plainBinary));
}

result

[4, -23, -103, 109, -35, -85, 54, 91, 80, 26, 45, 88, 20, 100, -72, -10]
[104, 101, 108, 108, 111]

TBC。。。