Unable to decrypt error using jasypt with spring boot

Question

I am using spring boot:2.2.2.RELEASE when i tried to add jasypt functionality to hide my password i got the following error

Unable to decrypt: ENC(MyEncryptedPass). Decryption of Properties failed, make sure encryption/decryption passwords match

i used the command line to encrypt the password and decrypt it and it works fine so i am sure my encryption and decryption passwords are exact but i get this error when i try to launch my spring application. So any help (•–•)

Answer 1

As from version 3.0.0 of jasypt-spring-boot, the default encryption/decryption algorithm has changed to PBEWITHHMACSHA512ANDAES_256

The change can be found here: https://github.com/ulisesbocchio/jasypt-spring-boot#update-11242019-version-300-release-includes

To decrypt previously encrypted values, add these two values in your properties:

jasypt.encryptor.algorithm=PBEWithMD5AndDES
jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator

Answer 2

I was also facing the same issue. Initially, I was encrypting using jasypt CLI and putting the same value in the property file. But by default property of com.github.ulisesbocchio jar is different from CLI. Try to use the below code for encryption.

private static StringEncryptor stringEncryptor() {
    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    config.setPassword(password);
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
}

private static String encrypt(String text) {
    StringEncryptor textEncryptor = stringEncryptor();
    String encryptedText = textEncryptor.encrypt(text);
    return encryptedText;
}

private static String decrypt(String text) {
    StringEncryptor textEncryptor = stringEncryptor();
    String decryptedText = textEncryptor.decrypt(text);
    return decryptedText;
}

public static void main(String[] args) {
    System.out.println(encrypt("StackOverFlow"));
}