ulisesbocchio
commented
3 years ago I think it’s the second. You have to use the exact same class with the exact same configuration to encrypt/decrypt. I can see that BasicTextEncryptor only sets the algorithm on the StandardPBEStringEncryptor so if you want to configure that for your application for it to work with the library you’d have to make sure to set the proper config. This library has different defaults than the default config of the StandardPBEStringEncryptor, in particular it uses a secure random iv generator that adds more complexity to the encrypted result. The iv is then stored with the result on the first 16 bytes of the string. I’m assuming the padding error is because the text encryptor doesn’t use it. So when you try to decrypt with the default config there’s a mismatch
Sorry again for for disturbing~ here is my problem:
First the used dependency and version: com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.3
Problem description: when I try to encrypt a sensitive string with the class “org.jasypt.util.text.BasicTextEncryptor”,I set the password and then perform the encryption. But the result that generated in last step doesn't work and cause the exception as the following list: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
here is the code aims at generating the target encryption that maybe help:
BasicTextEncryptor encryptor1 = new BasicTextEncryptor(); encryptor1.setPassword("com.xlys.jasypt"); String encrypt1 = encryptor1.encrypt("123456!@#$%"); System.out.println("encrypt1 = " + encrypt1);and this is content in application.ymljasypt: encryptor: algorithm: PBEWITHMD5ANDDES password: com.xlys.jasyptI have traced the source code and find it that when I change the encrypting class from BasicTextEncryptor mentioned above to org.jasypt.encryption.pbe.StandardPBEStringEncryptor, it works fine!
StandardPBEStringEncryptor stringEncryptor = new StandardPBEStringEncryptor(); stringEncryptor.setAlgorithm("PBEWITHMD5ANDDES"); stringEncryptor.setPassword("com.xlys.jasypt");I just wonder if the class BasicTextEncryptor can not be used when encrypt a simple string. Or am I used the BasicTextEncryptor class in a wrong way? Your reply will be appreciated!