Jasypt
一、介绍
Jasypt 是一个 Java 库,用于给项目添加基本的加密功能。可以和Spring,Hibernate, Spring Security, wicket等第三方框架的集成。
官网:http://www.jasypt.org/
二、加密解密
1.代码方式
创建项目JasyptTest
文档:https://github.com/ulisesbocchio/jasypt-spring-boot
导入依赖:
<!-- jasypt依赖 -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
配置文件:
server:
port: 8081
spring:
application:
name: JasyptTest
datasource:
username: root
password: 1234
url: jdbc:mysql://localhost:3306/jdbc?useSSL=false&serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=UTF8
driver-class-name: com.mysql.cj.jdbc.Driver
jasypt:
encryptor:
password: qingsongxyz # 秘钥
测试:
@SpringBootTest
class JasyptTestApplicationTests {
@Autowired
private StringEncryptor stringEncryptor;
@Test
public void encode(){
String encrypt = stringEncryptor.encrypt("1234");
System.out.println("\n" + encrypt + "\n");
}
@Test
public void decode(){
String encrypt = stringEncryptor.decrypt("C0fRuT5oDNDMkSz89DqFH8oDdvZYv5Jp2imqUcTi6DYrD2xkez5WX76f3QKReZbG");
System.out.println("\n" + encrypt + "\n");
}
}
2.命令行方式
问题:https://github.com/jasypt/jasypt/issues/8
新版本jasypt加密算法从PBEWithMD5AndDES
变成PBEWITHHMACSHA512ANDAES_256
,需要额外传递一个参数
ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
加密:
java -cp D:\MavenRepo\org\jasypt\jasypt\1.9.3\jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=1234 password=qingsongxyz algorithm=PBEWITHHMACSHA512ANDAES_256 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
jasypt.jar包需要改为电脑上的存放位置
input:需要加密的明文
password:秘钥(和配置文件一致)
解密:
java -cp D:\MavenRepo\org\jasypt\jasypt\1.9.3\jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI input=3YbtO5Np9YAhgRAGY4lGIOU8+WFjxDe9uu1TdghZrU/t8Am4aGyOrOTakE6EA31O password=qingsongxyz algorithm=PBEWITHHMACSHA512ANDAES_256 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
input:需要解密的密文
三、配置文件加密
通过任意一种加密方式对配置文件中的是数据进行加密,变成ENC(密文)
形式:
配置文件:
server:
port: 8081
spring:
application:
name: JasyptTest
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
username: ENC(Suood1ufJ3xd+ILxG3bnT1wLNM3pckWTKiZQJ5Ui5EZ5CXZK5mKBb17ll2NwauBq)
password: ENC(iVzPSzxjv6Xu5uglHfr7WsxFbBNnkawuOtSKYfN32xVsXgVgnTBpwiPOeaP8dQeO)
url: ENC(wZRl6wtUUUaLfq34tuJY7ymzbTlLcme2MwZIdGuBUKR4g7I4f+eTjTTfcrFvdPSeXuXfFcZThERgaeqSXDgTF/qsIVlsPLh1//V+kbg23gCst0BBuur2FUh2d1Q2+MgDJOcnNXmqVzH1JaWAVRalDMnuQ0/1HnoqerbAFsr5bkByKe9HPj8yp9c5KzfDpISU)
jasypt:
encryptor:
password: qingsong # 秘钥
控制器:
@RestController
public class TestController {
@Value("${spring.datasource.username}")
private String username;
@Value("${spring.datasource.password}")
private String password;
@GetMapping("/info")
public String info(){
return "username:" + username + ", password:" + password;
}
}
启动测试:
秘钥直接写在配置文件中不太安全,可以配置成虚拟机选项:
删除配置文件中的秘钥配置
或者配置为环境变量:
配置文件中秘钥改为:
jasypt:
encryptor:
password: ${JASYPT_ENCRYPTOR_PASSWORD} # 秘钥
四、jar包问题
打jar包需要在Maven中配置秘钥才能成功
导入插件:
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
jar包运行时也需要指定秘钥:
java -jar JasyptTest-0.0.1-SNAPSHOT.jar --jasypt.encryptor.password=qingsongxyz
或者
java -Djasypt.encryptor.password=qingsongxyz -jar JasyptTest-0.0.1-SNAPSHOT.jar