search

ulisesbocchio / jasypt-spring-boot

Jasypt integration for Spring boot
MIT License
2.88k stars 514 forks source link

Migration to 3.0.3 PBEWITHHMACSHA512ANDAES_256 #231

Closed patpatpat123 closed 4 years ago

patpatpat123 commented 4 years ago

Hello Jasypt team,

I am a happy user of this plugin, cheering for you guys! Recently, I migrated from version 2 to 3.0.3. Looking at the update, I saw: Changed default encryption to PBEWITHHMACSHA512ANDAES_256 (Thanks @rupert-madden-abbott)

This is very cool! And of course, things started to break. 😅 https://github.com/ulisesbocchio/jasypt-spring-boot/issues/189 https://github.com/ulisesbocchio/jasypt-spring-boot/issues/218 I understand I can set the properties jasypt: encryptor: algorithm: PBEWithMD5AndDES iv-generator-classname: org.jasypt.iv.NoIvGenerator

to keep it working. But actually, I would like to migrate to PBEWITHHMACSHA512ANDAES_256! Since the plugin is now version 3, why not to update everything as well.

However, I'm having a hard time finding help on how to encrypt my passwords with PBEWITHHMACSHA512ANDAES_256 in the first place. Maybe I did not look correctly (I only found how to keep using PBEWithMD5AndDES with 3.x.x, but not how to encrypt with PBEWITHHMACSHA512ANDAES_256 ). Are there any resources available using JASYPT, Jasypt spring boot, or the jasypt-maven-plugin to encrypt password directly PBEWITHHMACSHA512ANDAES_256 ?

Thank you for your help

rupert-madden-abbott commented 4 years ago

Hi @patpatpat123,

The included jasypt-maven-plugin uses PBEWITHHMACSHA512ANDAES_256 by default also.

However, it now also has an upgrade goal which will handle the upgrade from the pre version 3 algorithm to the post version 3 algorithm for you:

https://github.com/ulisesbocchio/jasypt-spring-boot#upgrade

Does that help?

patpatpat123 commented 4 years ago

Hello Rupert,

Indeed, thank you for your help. Confirmed jasypt-maven-plugin uses PBEWITHHMACSHA512ANDAES_256 by default for encryption, and jasypt-spring-boot also uses PBEWITHHMACSHA512ANDAES_256 by default for decryption.

I was stuck using https://github.com/jasypt/jasypt now I understand. Thank you again for the cool project, closing, good day.

icyerasor commented 12 months ago

Are there any resources available using JASYPT, Jasypt spring boot, or the jasypt-maven-plugin to encrypt password directly PBEWITHHMACSHA512ANDAES_256 ?

You can always use the CLI. For using PBEWITHHMACSHA512ANDAES_256 you have to also provide ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator though. i.E. in Kotlin:

JasyptPBEStringEncryptionCLI.main(
        arrayOf("input=encryptThis",
                "password=someSecret",
                "algorithm=PBEWITHHMACSHA512ANDAES_256",
                "ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator"))

or directly: java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI algorithm=PBEWITHHMACSHA512ANDAES_256 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator input=encryptThis password=someSecret