Jasypt

One more little library that I’ve come to love: jasypt. It’s a simplified veneer over the top of the gargantuan java security apparatus. All I wanted to do was encrypt a String before putting it in a Cookie.

  BasicTextEncryptor encryptor = new BasicTextEncryptor();
  encryptor.setPassword(key);
  String cipherText = encryptor.encrypt(clearText);

It nicely base64 encodes the result, which is ideal for Cookie stuffing.

The reverse operation is just as simple.

  BasicTextEncryptor encryptor = new BasicTextEncryptor();
  encryptor.setPassword(key);
  String recoveredText = encryptor.decrypt(cipherText);

2 Comments to Jasypt

  1. Well, that’s a challenge. 🙂

    For my purposes, I used a key stored in the web.xml. This was suitable for my purposes — obfuscating cookies.

    If you want to do it properly and only store the key in memory, there is a solution. Check out Web PBE Configuration. That sets up a Filter which prompts for a password if the webapp is unconfigured.

    If it’s not a webapp you’re writing, you could just prompt for a password on app startup.

  2. Tom says:

    Hi

    encryptor.setPassword(key); <—your key is encrypted also, and retrieve it from external?

    how do you do it?

    Thanks.