issues trying to use ALGO PBEWITHHMACSHA512ANDAES_256

ulisesbocchio / jasypt-spring-boot

Jasypt integration for Spring boot

MIT License

2.88k stars 514 forks source link

issues trying to use ALGO PBEWITHHMACSHA512ANDAES_256 #88

Closed pinux-studio closed 6 years ago

pinux-studio commented 6 years ago

Your project is really awesome and I like the document you have done. However, I fail to find the way to use customised algo such as PBEWITHHMACSHA512ANDAES_256 in my project.

My setup looks like:

I use @SpringBootApplication and jasypt sprint boot starter dependency
I Configure the application property file to use jasypt.encryptor.algorithm=PBEWITHHMACSHA512ANDAES_256
I use jasypt to encrypt my password using this algo
I use @value directly to annotate the encrypted field ENC(filed) in property file
I start my application using mvn -Djasypt.encryptor.password=xxx spring-boot:run

then I get the error

Caused by: com.ulisesbocchio.jasyptspringboot.exception.DecryptionException: Decryption of Properties failed, make sure encryption/decryption passwords match

ulisesbocchio commented 6 years ago

Jasypt simply doesn't work with that algorithm the way its internal encryptor is setting cipher params:

                /*
                 * Perform decryption using the Cipher
                 */
                final PBEParameterSpec parameterSpec = 
                    new PBEParameterSpec(salt, this.keyObtentionIterations);

                synchronized (this.decryptCipher) {
                    this.decryptCipher.init(
                            Cipher.DECRYPT_MODE, this.key, parameterSpec);
                    decryptedMessage = 
                        this.decryptCipher.doFinal(encryptedMessageKernel);
                }

ulisesbocchio commented 6 years ago

Yo can use SimplePBEByteEncryptor in conjunction with SimplePBEStringEncryptor that I just added to master. That encryptor actually supports the algorithm you wanted to use. You can use it like this:

@Bean("jasyptStringEncryptor")
public StringEncryptor stringEncryptor() {
    SimplePBEByteEncryptor encryptor = new SimplePBEByteEncryptor();
    encryptor.setPassword("some password loco");
    encryptor.setSaltGenerator(new RandomSaltGenerator());
    encryptor.setIterations(1000);
    encryptor.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
    SimplePBEStringEncryptor stringEncryptor = new SimplePBEStringEncryptor(encryptor);
    return stringEncryptor;
}

Bear in mind though, this encryptors are not yet part of jasypt-spring-boot so you'd have to copy the classes into your project.

sweta567 commented 1 year ago

I have to encrypt DB password using SHA2 PBEWITHHMACSHA512ANDAES_256 algorithm, but unable to decrypt it in Spring 4 application with JPA. On decryption, its throwing EncryptionOperationNotPossibleException.