Categories
Uncategorized

Jasypt

One more little library that I’ve come to love: jasypt. It’s a simplified veneer over the top of the gargantuan java security apparatus. All I wanted to do was encrypt a String before putting it in a Cookie.

  BasicTextEncryptor encryptor = new BasicTextEncryptor();
  encryptor.setPassword(key);
  String cipherText = encryptor.encrypt(clearText);

It nicely base64 encodes the result, which is ideal for Cookie stuffing.

The reverse operation is just as simple.

  BasicTextEncryptor encryptor = new BasicTextEncryptor();
  encryptor.setPassword(key);
  String recoveredText = encryptor.decrypt(cipherText);

2 replies on “Jasypt”

Hi

encryptor.setPassword(key); <—your key is encrypted also, and retrieve it from external?

how do you do it?

Thanks.

Well, that’s a challenge. šŸ™‚

For my purposes, I used a key stored in the web.xml. This was suitable for my purposes ā€” obfuscating cookies.

If you want to do it properly and only store the key in memory, there is a solution. Check out Web PBE Configuration. That sets up a Filter which prompts for a password if the webapp is unconfigured.

If it’s not a webapp you’re writing, you could just prompt for a password on app startup.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s