Encrypting columns in a database using Jasypt

Created by Ken Stevens. Last edited by Steve Shaw, 1 ago.

For your project we needed to encrypt a number of columns in the database for security purposes and tried out a tool called Jasypt and were able to meet we encryption requirements in under a day. Here is the changes we made to get it to work. Increase size of columns to being is encrypted in database. (3x was wasn't large enough, 10x was large enough). Change the type of non-varchar columns to varchar. Add the following dependency to your Pom.xml

<dependency>
  <groupId>org.jasypt</groupId>
  <artifactid>jasypt</artifactid >
  <version>1.3.1</version>
</dependency>

In model classes that has encrypted properties, define a new hibernate @Type as follows. In this example, I am encrypting a String property and a Date property. Note: Embedded model classes (i.e those with the Hibernate @Embedded annotation), the new @Type only needs to be D Efined in the enclosing class.

@TypeDef (
            name= "encrypted_string",
            typeclass = Org.jasypt.hibernate.type.EncryptedStringType.class,
            Parameters = {
                @Parameter (name= "Encryptorregisteredname", value= "Hibernatestringencryptor"),
            }
        ),
        @TypeDef (
                name= "encrypted_date_as_string",
                typeclass = Org.jasypt.hibernate.type.EncryptedDateAsStringType.class,
                parameters = {
                    @Parameter (name= ") Encryptorregisteredname ", value=" Hibernatestringencryptor "),
                }
            )

        }

Above Each getter of the "in the model class" needs to be encrypted, add annotations as follows.

@Type (type= "encrypted_string") public
    string Getfoo () {
        return foo;
    }
    @Type (type= "encrypted_date_as_string") public   
    date getfoodate () {
        return foodate;
    }

Tell Jasypt what to instantiate a hibernatestringencryptor bean via Spring. Add the following to your Spring configuration file (applicationcontext.xml).

<bean id= "Hibernatestringencryptor"
    class= "Org.jasypt.hibernate.encryptor.HibernatePBEStringEncryptor" >
    <property name= "Registeredname" >
        <value>hibernateStringEncryptor</value>
    </property>
    <property name= "password" >
        <value>yourPasswordGoesHere</value>
    </property>
  </bean>

The tested this is we created a record and then read the record back through straight JDBC to confirm that unencry pted columns matched and encrypted columns did not match. Note that on our project I ran into a problem in that at test time, Jasypt is not able to find Hibernatestringencryptor b Ecause the Hibernatestringencryptor Bean had never been instantiated (in the application server, all the beans is Automat Ically instantiated when the app server starts up). To get around this problem, we added the following line to our test startup method to instantiate one of these beans befor E Running the tests so, the Hibernatestringencryptor got registered with Jasypt.

GetFactory (). Getbean ("Hibernatestringencryptor");

Note that the encryption used in this example is merely "strong" encryption. If you want to the use of an even stronger encryption and then you would the change

<property name= "Password" >
        <value>yourPasswordGoesHere</value>
    </property>

to the following

<property name= "algorithm" >
        <value>PBEWithMD5AndTripleDES</value>
    </property>
    <property name= "password" >
        <value>yourPasswordGoesHere</value>
    </property>
    <property name= "keyobtentioniterations" >
        <value>1000</value>
    </property>

.

However if you do this, then you'll need to the change your Local_policy.jar and Us_export_policy.jar files in your C:\Progr Am Files\java\jdk1.5.x_xx\jre\lib\security folder with the "Unlimited Strength Java (TM) cryptography Extension Policy Fil Es "versions of these files. You can obtain these from Sun by clicking on the "Download" button beside "Java Cryptography Extension (JCE)" in the "othe R Downloads "section of the This Page.

Source:http://i-proving.ca/space/ken+stevens/blog/2007-09-07_2