In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)?
It's understood that I would use a JCA supported algorithm for encrypting the passwords, but I would prefer to not have to implement the wrapper logic if there is an easy way.
I was looking at Jasypt, and was a) wondering if that's a good option and how to do it and b) what else people are using for this. If anyone is using Jasypt or an alternative, details of your experience it would be great.
Jasypt provides implementations for one type of encryption: Password-Based Encryption (PBE).
Password-Based Encryption using Salt and Base64: The password-based encryption technique uses plain text passwords and salt values to generate a hash value. And the hash value is then encoded as a Base64 string. Salt value contains random data generated using an instance of Random class from java. util package.
Jasypt stands for Java Simplified Encryption.It provides basic encryption of plain-text, numbers, binaries to secure confidential data.It is completely thread safe and provides high performance in multi-processor too.
Java has all of the required libraries already provided for you. Simply create a utility method that implements hashing with a salt as described at OWASP.
If you really don't want to own that code and don't mind an extra dependency, it seems that the Shiro library (formerly JSecurity) has an implementation of what is described by OWASP.
It also looks like the JASYPT library you mentioned has a similar utility.
I realize that this answer doesn't mention Spring or Hibernate but I'm not clear how you are hoping to utilize them in this scenario.
You can use Jasypt with Hibernate to encrypt or hash your properties on the fly if thats what you're looking for. The actual algorithm for computing digests (hashes) is pretty simple using the JCE if you want to roll your own as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With