一、前言
1、jasypt使用手冊
ulisesbocchio/jasypt-spring-boot: Jasypt integration for Spring boot (github.com)
2、springboot使用,只需要引入maven依賴
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
二、使用鹽(jasypt中爲password,案例中使用"password")
1、加密
public static void main(String[] args) {
StandardPBEStringEncryptor encryptor2 = new StandardPBEStringEncryptor();
encryptor2.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
encryptor2.setIvGenerator(new RandomIvGenerator());
encryptor2.setPassword("password");
System.out.println(encryptor2.encrypt("123456"));
}
說明:如果要減少項目中jasypt的配置,就讓其儘量使用默認值,加密的時候對應修改。
jasypt-spring-boot | StandardPBEStringEncryptor | |
---|---|---|
algorithm | 默認:PBEWITHHMACSHA512ANDAES_256 | 默認:PBEWithMD5AndDES |
password | 手動 | 手動 |
salt-generator-classname | 默認:Random | 默認:Random |
iv-generator-classname | 默認:Random | 默認:No |
2、設置環境變量(注意開發工具需要重啓才能生效)
JASYPT_ENCRYPTOR_PASSWORD=password
3、設置配置項目application.yml
redis:
password=ENC(MXHeyxpAmfL+cAqzR1a+nkV2Vub3wEcQmJ3t6D2Pxzs/V6MJ4xBqqD1IUMNIpTKW)
jasypt:
encryptor:
password: ${JASYPT_ENCRYPTOR_PASSWORD:}
二、使用密鑰文件
2.1、使用密鑰文件,生成公鑰私鑰。
#public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AMI7Z0SdxGqsm4JxkYt
TPgMbHSs3h04NUI+5nx9DJVVtUn4VNN/97BEvXMTXdePmTcm8K7+Ji/RyXTL4nS2
rie07d3TBDxk42Iup5H2aw2ZQYCCTzWqk7IwC9avLbUYmu6JzmSXvZgeUkjlih5j
jFW/vEUHqsy8e/6gCMd48LSfZ6LnvLZ0PXI7l7Xus5MqwOwTbz9Supysn8XWYq3F
vyo9bCc0p9c+wifj4uDRhMOVqcvH4mGBXaQIAtPpZ8IUHZRqr/CfNaeVAbChi7g7
d0D1ujrgCxpsyYhylvUTQ/XFgMJt/v6kD4TGK6dBnsLJSHDSrsND1H+rcBqgpWR9
ZwIDAQAB
-----END PUBLIC KEY-----
#private_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDgAwjtnRJ3Eaqy
bgnGRi1M+AxsdKzeHTg1Qj7mfH0MlVW1SfhU03/3sES9cxNd14+ZNybwrv4mL9HJ
dMvidLauJ7Tt3dMEPGTjYi6nkfZrDZlBgIJPNaqTsjAL1q8ttRia7onOZJe9mB5S
SOWKHmOMVb+8RQeqzLx7/qAIx3jwtJ9noue8tnQ9cjuXte6zkyrA7BNvP1K6nKyf
xdZircW/Kj1sJzSn1z7CJ+Pi4NGEw5Wpy8fiYYFdpAgC0+lnwhQdlGqv8J81p5UB
sKGLuDt3QPW6OuALGmzJiHKW9RND9cWAwm3+/qQPhMYrp0GewslIcNKuw0PUf6tw
GqClZH1nAgMBAAECggEBAKazW3eHxe/5o694l6mHG7sFdClZgjMgR23KyIg4583v
a4Knczec1MP71outESJqgaAhHMdLUjIUr+ddFUSGWlOrlMbWpmumjeVwcQueYWQ1
EHFgMpjDdRbIKV0F/ALlm1PgY4jF7u3WP+o3+SkZiDcssKxoKlZ+WV1klK8z0do9
CvuhQybFDMxXWbI1c/gffS+rE68NiAY+M6K9RdlhEJFmQku1XXqSInyCnAA4HpEm
9DUkZoTptCzuLUIAZjywAHwhxQBjEBYuzWA+FcDKFbHW2naSg8N+CE7dZngrIvp3
AKEVD9LALDJgH9UfMWr/3sYivnlL/h3J6G3pOaB3BAECgYEA+voOef89zOgqAsgX
epJt5xsi8OWgNi/HJC6PLD/bIp+xlfKGme/ajLDniOSNV5JAzWSWWAm7oDiaZYev
0CS055QwUUQi12plw7xLxKH6XfItlszvXp8KrmlQF/b+HUgf4V6GZ+iajCH/bQX2
VNWKRVG0nUBM6OiHduTkCA91wGcCgYEA5H7REABCmbL3wKkoZlj1B0Qbx9T7bXFt
WVI1GOZTuVsWKUE2JVPYo5Y/gJ1n0V7AGyHxIGN5yqTB8OxNs7eSA0Rv52VmSUB/
OV3GFlrceca6mJC8t40UX9r3oBAGcJWf5JL/dF9lWSk+aREJIONKqwx9d8pvYyyu
QR8lYZ5ROwECgYA4HEe4RrROZ2ldDdcR9ELV9F8vdGcJNk1TbYVc4zne180gNQSa
zeESq0pYdKCU/4G1adOjAyoLfBwortlDs7EuRRc4U/9mIcd2p1ZZM82By28d09uA
UBZXP/xEH1hYu5NFE5kBCiPjSIaOnVKhTMyJCudScNnBCJugnTPOCYbN6QKBgQDE
o56ndpHaU/qDAxCRg9za8/I0d0YpWYQRan3nf9Bto8XemxBN72pw3cyoks3VkQUi
VIN+rB0UF9YP0EzObRxrU2o6aTktsSPL6reeZXN4GV5cDbNbAz6Vf4u7ZA8mtJ11
yEuviqldofDj2pVQiEqqCYWwobZaUwljYbp52BVwAQKBgQDoea/Y91c0TrU2Zfd0
J87vBxA82o8RhZR+1LPZxwkEnbbfewTlnESUVCo6NkKnNHjYo/UDAkhuNypNF+r7
cGq5FFOgHJ1fD1RgrUDZgbRLyQveG5vNKQAzSb7AbosE1Jsi9BJNB9bqXnnlwW+M
qwDLI2Fs3iJse7xcOlbO1q+O0A==
-----END PRIVATE KEY-----
2.2、加密密碼
public static void main(String[] args) {
SimpleAsymmetricConfig config = new SimpleAsymmetricConfig();
config.setKeyFormat(AsymmetricCryptography.KeyFormat.PEM);
config.setPublicKey("-----BEGIN PUBLIC KEY-----\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AMI7Z0SdxGqsm4JxkYt\n" +
"TPgMbHSs3h04NUI+5nx9DJVVtUn4VNN/97BEvXMTXdePmTcm8K7+Ji/RyXTL4nS2\n" +
"rie07d3TBDxk42Iup5H2aw2ZQYCCTzWqk7IwC9avLbUYmu6JzmSXvZgeUkjlih5j\n" +
"jFW/vEUHqsy8e/6gCMd48LSfZ6LnvLZ0PXI7l7Xus5MqwOwTbz9Supysn8XWYq3F\n" +
"vyo9bCc0p9c+wifj4uDRhMOVqcvH4mGBXaQIAtPpZ8IUHZRqr/CfNaeVAbChi7g7\n" +
"d0D1ujrgCxpsyYhylvUTQ/XFgMJt/v6kD4TGK6dBnsLJSHDSrsND1H+rcBqgpWR9\n" +
"ZwIDAQAB\n" +
"-----END PUBLIC KEY-----");
StringEncryptor encryptor = new SimpleAsymmetricStringEncryptor(config);
String message = "1234567890";
String encrypted = encryptor.encrypt(message);
System.out.println(encrypted);
}
2.3、設置配置項目application.yml
redis:
password: zx2EBiIp85Is2701IJrfFGxhtM8wDgilfQkDdi7k3o+voT22n6KwaE3sQH+SKkKOgzIXScM9MVOYtFEOUoDSuWKL8ysP1fHaZag8GcS9ZH9BcJTb2IRFhE5qWbvCrNBS57lXfSHMflVKnNYeYn4wA1pEnOsdJt+YynCP7K4AHie+GHwaYzoqxuLFFVczYw7UqhqdxDeRun7gKHibA9/sbr7EATFgTHsaV3pv0Sfk3hLJw+/KewAdVmNW4YwRC/MsH9Igt7S2K+Ua9Kt6XgvL2C4HCFd9pLeeC0FCzyAt0kzVJy4Lwr2QmOVkpGnhEFK+N4knM3UxCsLqTOivmO3M6g==
jasypt:
encryptor:
private-key-format: PEM
private-key-location: classpath:private_key.pem
2.4、將private_key.pem放到項目resources下。