How does spring boot encrypt and decrypt sensitive information?
- PHPzforward
- 2023-05-10 14:46:061299browse
We use the latest version of jasypt to encrypt and decrypt sensitive information.
1. Add the following dependencies to the project pom file:
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>2. Create an encryption and decryption public class:
package com.myproject.common.utils;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
public class JasyptUtil {
/*
* textToEncrypt,需要加密的明文
* salt,加密的盐,需要与解密保持一致
* algorithm,加密算法,需要与解密算法保持一致
*/
public static String encrypt(String textToEncrypt, String salt, String algorithm) {
// 1. 创建加解密工具实例
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
// 2. 加解密配置
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(salt);
// 3. 加密算法,需要与解密算法一致
config.setAlgorithm(algorithm);
// 为减少配置文件的书写,以下都是 Jasyp 3.x 版本,配置文件默认配置
config.setKeyObtentionIterations( "1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
// 4. 加密
return encryptor.encrypt(textToEncrypt);
}
/*
* textToDecrypt,需要解密的密文
* salt,解密的盐,需要与加密保持一致
* algorithm,解密算法,需要与加密算法保持一致
*/
public static String decrypt(String textToDecrypt, String salt, String algorithm){
// 1. 创建加解密工具实例
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
// 2. 加解密配置
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(salt);
// 3. 解密算法,必须与加密算法一致
config.setAlgorithm(algorithm);
// 为减少配置文件的书写,以下都是 Jasyp 3.x 版本,配置文件默认配置
config.setKeyObtentionIterations( "1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
// 4. 解密
return encryptor.decrypt(textToDecrypt);
}
}3. Perform sensitive information in the yml file In addition to the above methods, the following methods can also be used for encryption.
Enter the jasypt dependency directory. Here, use the latest version of jasypt, jasypt-1.9.3.jar, and run the cmd command
java -cp jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="mypassword" password=mypassword algorithm=PBEWITHHMACSHA512ANDAES_256 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
The password under OUTPUT in the picture The text is the encrypted ciphertext. Just copy it to the configuration file. When decrypting, use the code in 2. to decrypt.
Among them:
input: plain text password
password: salt to be added, secret key
algorithm: encryption algorithm
Encryption algorithms include the following:
##PBEWITHHMACSHA1ANDAES_1284. If the version of jdk used is java1.8 or java8, then it needs to be upgraded. For jre and jdk, you need to download jce-policy-8.zip. After downloading, unzip it, which contains the upgrade method.PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256
PBEWITHHMACSHA384ANDAES_128
PBEWITHHMACSHA384ANDAES_256
PBEWITHHMACSHA512ANDAES_128
PBEWITHHMACSHA512ANDAES_256
PBEWITHMD5ANDDES
PBEWITHSMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_128
PBEWITHSHA1ANDRC2_40
PBEWITHSHA1ANDRC4_128
PBEWITHSHA1ANDRC4_40
The above is the detailed content of How does spring boot encrypt and decrypt sensitive information?. For more information, please follow other related articles on the PHP Chinese website!