org.jasypt.exceptions.EncryptionOperationNotPossibleException

前端 未结 5 1681
无人共我
无人共我 2021-02-05 18:26

I am using Jasypt-1.9.0 with Spring 3.1 and Hibernate 4.0.1. I have a requirement in my application to connect to database who

相关标签:
5条回答
  • 2021-02-05 18:56

    The question is most probably out of date, but for future seekers... EncryptionOperationNotPossibleException is a general exception thrown by jasypt to mask other possible exceptions. This exception can occur when:

    • your jdk does not have the JCE unlimited strenght installed (most common case)
    • you had some data in the database that was encrypted before with other password
    • you had some data in database that were not encrypted before and you added encryption to some field
    • jasypt failed to decrypt the encrypted value from db because of some strange corruption of data
    • many many others, you just need to debug to find out the real cause..
    0 讨论(0)
  • 2021-02-05 18:58

    I also experienced similar issue when encrypting property file values. I encrypted values in my local Windows machine and tried to deploy in Linux box but JRE versions were different, therefore encrypted values could not be decrypted. But I encrypted the values in Linux machine and decryption was successful.

    0 讨论(0)
  • 2021-02-05 19:00

    I had a similar issue, but I realize when using the CLI tool and trying to decrypt the password you don't have to include the algorithm property and the password property needs to match the one used in the CLI Tool.

    In their http://www.jasypt.org/encrypting-configuration.html

    their example looks like this, but this doesn't work.

    encryptor.setPassword("jasypt"); // could be got from web, env variable... encryptor.setAlgorithm("PBEWithHMACSHA512AndAES_256"); encryptor.setIvGenerator(new RandomIvGenerator());


    Solution:

    encryptor.setPassword("MYPAS_WORD"); // Like in the CLI Tool encryptor.setAlgorithm("PBEWithHMACSHA512AndAES_256"); //Remove this encryptor.setIvGenerator(new RandomIvGenerator()); //Remove this as well

    It'll work fine.

    In your case you can remove the algorithm property and passwordEvnName needs to match the one used in CLI Tool.

    0 讨论(0)
  • 2021-02-05 19:15
    1. Remove all above XML configuration and add the following bean to your configuration class:

      @Bean public DataSource dataSource() {
      DataSourceBuilder dataSourceBuilder = 
      DataSourceBuilder.create();
      dataSourceBuilder.url(dbUrl);
      dataSourceBuilder.username(username);
      dataSourceBuilder.password(password);
      return dataSourceBuilder.build(); 
      }
      
    2. Add values from properties like

      @Value("${db.driverclassname}")
      private String dbDriverClassName;
      
      @Value("${db.url}")
      private String dbUrl;
      
      @Value("${db.username}")
      private String dbUsername;
      
      @Value("${db.password}")
      private String dbPassword;
      

      And pass these values above the data source.

    3. Configure your encryption key in properties file like#

      db.driverclassname=com.mysql.jdbc.Driver
      db.url=jdbc:mysql://localhost:3306/contactsdb
      db.username=contactsuser
      db.password=ENC(XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx
      +hNPrJyQT888=
      
    4. Don't create your encrypted key using cmd and jaspyt jar I will share the link for creating encryption key with your secret key:

      Jasypt Online Encryption and Decryption

    1. Add jaspyat dependency as per your version.

      If you have to run on a server and if you are facing issues like password encryption not matches or not possible, then add one more bean of jdbc template:

      @Bean
      public JdbcTemplate jdbcTemplate(DataSource 
      dataSourcee)
      {
          return new JdbcTemplate(dataSource);
      }
      

    It works fine and no issues found.

    Create the key using that tool. Because I have tried many times using jaspyt command line but the encryption is wrong and it is not supported. You can cross-check key generated using the above tool with the secret key.

    0 讨论(0)
  • 2021-02-05 19:16

    If you don't specifiy all the params during encryption, Jasypt will use default values. Make sure to use those exact default values during decryption. Otherwise you may have troubles...

    This work for me:

    mvn jasypt:encrypt -Djasypt.encryptor.password='secret' \
        -Djasypt.encryptor.algorithm=PBEWITHHMACSHA512ANDAES_256 \
        -Djasypt.encryptor.iv-generator-classname=org.jasypt.iv.RandomIvGenerator \
        -Djasypt.encryptor.salt-generator-classname=org.jasypt.salt.RandomSaltGenerator \
        -Djasypt.encryptor.key-obtention-iterations=1000  \
        -Djasypt.plugin.path='file:application.yml' 
    
    mvn jasypt:decrypt -Djasypt.encryptor.password='secret' \
        -Djasypt.encryptor.algorithm=PBEWITHHMACSHA512ANDAES_256 \
        -Djasypt.encryptor.iv-generator-classname=org.jasypt.iv.RandomIvGenerator \
        -Djasypt.encryptor.salt-generator-classname=org.jasypt.salt.RandomSaltGenerator \
        -Djasypt.encryptor.key-obtention-iterations=1000  \
        -Djasypt.plugin.path='file:application.yml' 
    
    0 讨论(0)
提交回复
热议问题