Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Password encryption with Spring/Hibernate - Jasypt or something else? [closed]

Tags:

java

password-encryption

hibernate

jpa

jasypt

In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)?

It's understood that I would use a JCA supported algorithm for encrypting the passwords, but I would prefer to not have to implement the wrapper logic if there is an easy way.

I was looking at Jasypt, and was a) wondering if that's a good option and how to do it and b) what else people are using for this. If anyone is using Jasypt or an alternative, details of your experience it would be great.

like image 997
stevedbrown Avatar asked Jul 02 '09 15:07

stevedbrown

People also ask

What encryption does Jasypt use?

Jasypt provides implementations for one type of encryption: Password-Based Encryption (PBE).

What is the best way to encrypt passwords in Java?

Password-Based Encryption using Salt and Base64: The password-based encryption technique uses plain text passwords and salt values to generate a hash value. And the hash value is then encoded as a Base64 string. Salt value contains random data generated using an instance of Random class from java. util package.

Is Jasypt secure?

Jasypt stands for Java Simplified Encryption.It provides basic encryption of plain-text, numbers, binaries to secure confidential data.It is completely thread safe and provides high performance in multi-processor too.

2 Answers

Java has all of the required libraries already provided for you. Simply create a utility method that implements hashing with a salt as described at OWASP.

If you really don't want to own that code and don't mind an extra dependency, it seems that the Shiro library (formerly JSecurity) has an implementation of what is described by OWASP.

It also looks like the JASYPT library you mentioned has a similar utility.

I realize that this answer doesn't mention Spring or Hibernate but I'm not clear how you are hoping to utilize them in this scenario.

like image 65
laz Avatar answered Oct 12 '22 23:10

laz

You can use Jasypt with Hibernate to encrypt or hash your properties on the fly if thats what you're looking for. The actual algorithm for computing digests (hashes) is pretty simple using the JCE if you want to roll your own as well.

like image 36
Kevin Avatar answered Oct 12 '22 23:10

Kevin
Sign in to Comment

Related questions

Java 8: Class JavaLaunchHelper is implemented in both
How to get GWT Super Dev Mode to work with IntelliJ
Meaning of @Flow annotation
DataAccessException vs SQLException
What does super.paintComponent(g) do?
Apache POI getRow() returns null and .createRow fails
Creating RSA Public Key From String
PSQLException: password-based authentication
How can I stop all processes in IntelliJ?
Throw RuntimeException inside Stream with Optional.orElseThrow
Does RecyclerView.ViewHolder always have to be an inner class?
Spring Boot: Wrapping JSON response in dynamic parent objects
Session management with Spring Boot?
Kafka consumer exception and offset commits
java 10 compilaton Null Pointer Exception
GPU based algorithm on AWS Lambda
Convert java.util.Date to String in yyyy-MM-dd format without creating a lot of objects
Why is reading a JDBC ResultSet by position faster than by name and how much faster?
How to fix: Embedded H2 Database "NonTransientError: Unable to read the page at position" error?
static final fields vs TrustFinalNonStaticFields

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!