Intro to Jasypt – Jasypt简介

最后修改: 2017年 3月 7日

中文/混合/英文(键盘快捷键:t)

1. Overview

1.概述

In this article, we’ll be looking at the Jasypt (Java Simplified Encryption) library.

在这篇文章中,我们将研究Jasypt(Java简化加密)库。

Jasypt is a Java library which allows developers to add basic encryption capabilities to projects with minimum effort, and without the need of having an in-depth knowledge about implementation details of encryption protocols.

Jasypt是一个Java库,它允许开发人员以最小的努力为项目添加基本的加密功能,而且不需要对加密协议的实施细节有深入的了解。

2. Using Simple Encryption

2.使用简单的加密技术

Consider we’re building a web application in which user submits an account private data. We need to store that data in the database, but it would be insecure to store plain text.

考虑到我们正在建立一个网络应用程序,用户在其中提交了一个账户的私人数据。我们需要将这些数据存储在数据库中,但存储纯文本是不安全的。

One way to deal with it is to store an encrypted data in the database, and when retrieving that data for a particular user decrypt it.

一种处理方法是在数据库中存储加密的数据,当为某一特定用户检索该数据时,再将其解密。

To perform encryption and decryption using a very simple algorithm, we can use a BasicTextEncryptor class from the Jasypt library:

为了使用非常简单的算法进行加密和解密,我们可以使用Jasypt库中的BasicTextEncryptor类。

BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
String privateData = "secret-data";
textEncryptor.setPasswordCharArray("some-random-data".toCharArray());

Then we can use an encrypt() method to encrypt the plain text:

然后我们可以使用encrypt()方法来加密纯文本。

String myEncryptedText = textEncryptor.encrypt(privateData);
assertNotSame(privateData, myEncryptedText);

If we want to store a private data for given user in the database, we can store a myEncryptedText without violating any security restrictions. Should we want to decrypt data back to a plain text, we can use a decrypt() method:

如果我们想在数据库中为给定的用户存储一个私人数据,我们可以存储一个myEncryptedText 而不违反任何安全限制。如果我们想将数据解密为纯文本,我们可以使用decrypt() 方法。

String plainText = textEncryptor.decrypt(myEncryptedText);
 
assertEquals(plainText, privateData);

We see that decrypted data is equal to plain text data that was previously encrypted.

我们看到,解密的数据等同于之前加密的纯文本数据。

3. One-way Encryption

3.单向加密

The previous example is not an ideal way to perform authentication, that is when we want to store a user password. Ideally, we want to encrypt the password without a way to decrypt it. When the user tries to log into our service, we encrypt his password and compare it with the encrypted password that is stored in the database. That way we do not need to operate on plain text password.

前面的例子不是一个理想的执行认证的方法,那就是当我们想存储用户密码的时候。理想情况下,我们希望对密码进行加密,而没有办法解密。当用户试图登录我们的服务时,我们对他的密码进行加密,并与存储在数据库中的加密密码进行比较。这样,我们就不需要对纯文本密码进行操作。

We can use a BasicPasswordEncryptor class to perform the one-way encryption:

我们可以使用一个BasicPasswordEncryptor类来执行单向加密。

String password = "secret-pass";
BasicPasswordEncryptor passwordEncryptor = new BasicPasswordEncryptor();
String encryptedPassword = passwordEncryptor.encryptPassword(password);

Then, we can compare an already encrypted password with a password of a user that perform login process without a need to decrypt password that is already stored in the database:

然后,我们可以将一个已经加密的密码与一个执行登录过程的用户的密码进行比较,而不需要解密已经存储在数据库中的密码。

boolean result = passwordEncryptor.checkPassword("secret-pass", encryptedPassword);

assertTrue(result);

4. Configuring Algorithm for Encryption

4.配置加密的算法

We can use a stronger encryption algorithm but we need to remember to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for our JVM (installation instructions are included in the download).

我们可以使用更强大的加密算法,但我们需要记住为我们的JVM安装Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files(下载中包含安装说明)。

In Jasypt we can use strong encryption by using a StandardPBEStringEncryptor class and customize it using a setAlgorithm() method:

在Jasypt中,我们可以通过使用StandardPBEStringEncryptor 类来使用强加密,并通过setAlgorithm() 方法来定制它。

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String privateData = "secret-data";
encryptor.setPassword("some-random-passwprd");
encryptor.setAlgorithm("PBEWithMD5AndTripleDES");

Let’s set the encryption algorithm to be PBEWithMD5AndTripleDES.

让我们把加密算法设置为PBEWithMD5AndTripleDES。

Next, the process of encryption and decryption looks the same as the previous one using a BasicTextEncryptor class:

接下来,使用BasicTextEncryptor类,加密和解密的过程看起来与之前的过程相同。

String encryptedText = encryptor.encrypt(privateData);
assertNotSame(privateData, encryptedText);

String plainText = encryptor.decrypt(encryptedText);
assertEquals(plainText, privateData);

5. Using Multi-Threaded Decryption

5.使用多线程解密

When we’re operating on the multi-core machine we want to handle processing of decryption in parallel. To achieve a good performance we can use a PooledPBEStringEncryptor and the setPoolSize() API to create a pool of digesters. Each of them can be used by the different thread in parallel:

当我们在多核机器上操作时,我们要并行地处理解密的处理。为了实现良好的性能,我们可以使用PooledPBEStringEncryptorsetPoolSize() API来创建一个消化器池。它们中的每一个都可以被不同的线程并行使用。

PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setPoolSize(4);
encryptor.setPassword("some-random-data");
encryptor.setAlgorithm("PBEWithMD5AndTripleDES");

It’s good practice to set pool size to be equal to the number of cores of the machine. The code for encryption and decryption is the same as previous ones.

良好的做法是将池的大小设置为等于机器的核心数量。加密和解密的代码与之前的相同。

6. Usage in Other Frameworks

6.在其他框架中的使用

A quick final note is that the Jasypt library can be integrated with a lot of other libraries, including of course the Spring Framework.

最后要说明的是,Jasypt库可以与很多其他库集成,当然包括Spring框架。

We only need to create a configuration to add encryption support into our Spring application. And if we want to store sensitive data into the database and we are using Hibernate as the data access framework, we can also integrate Jasypt with it.

我们只需要创建一个配置,将加密支持添加到我们的Spring应用程序中。如果我们想将敏感数据存储到数据库中,并且使用Hibernate作为数据访问框架,我们也可以将Jasypt与之集成。

Instructions about these integrations, as well as with some other frameworks, can be found in the Guides section on the Jasypt’s home page.

关于这些集成以及与其他一些框架的集成的说明,可以在Jasypt的主页上的Guides部分找到。

7. Conclusion

7.结论

In this article, we were looking at the Jasypt library that helps us create more secure applications by using an already well know and tested cryptography algorithms. It is covered with the simple API that is easy to use.

在这篇文章中,我们关注的是Jasypt库,它通过使用已经熟知并经过测试的密码学算法,帮助我们创建更安全的应用程序。它涵盖了简单的API,易于使用。

The implementation of all these examples and code snippets can be found in the GitHub project – this is a Maven project, so it should be easy to import and run as it is.

所有这些例子和代码片段的实现都可以在GitHub项目中找到–这是一个Maven项目,所以应该很容易导入并按原样运行。