Springboot配置加密jasypt

一、前言

1、jasypt使用手冊

ulisesbocchio/jasypt-spring-boot: Jasypt integration for Spring boot (github.com)

2、springboot使用，只需要引入maven依賴

<dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>3.0.5</version>
</dependency>

二、使用鹽(jasypt中爲password，案例中使用"password")

1、加密

    public static void main(String[] args) {
        StandardPBEStringEncryptor encryptor2 = new StandardPBEStringEncryptor();
        encryptor2.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
        encryptor2.setIvGenerator(new RandomIvGenerator());
        encryptor2.setPassword("password");
        System.out.println(encryptor2.encrypt("123456"));
    }

說明：如果要減少項目中jasypt的配置，就讓其儘量使用默認值，加密的時候對應修改。

	jasypt-spring-boot	StandardPBEStringEncryptor
algorithm	默認：PBEWITHHMACSHA512ANDAES_256	默認：PBEWithMD5AndDES
password	手動	手動
salt-generator-classname	默認：Random	默認：Random
iv-generator-classname	默認：Random	默認：No

2、設置環境變量（注意開發工具需要重啓才能生效）

JASYPT_ENCRYPTOR_PASSWORD=password

 3、設置配置項目application.yml

redis:
  password=ENC(MXHeyxpAmfL+cAqzR1a+nkV2Vub3wEcQmJ3t6D2Pxzs/V6MJ4xBqqD1IUMNIpTKW)
jasypt:
    encryptor:
        password: ${JASYPT_ENCRYPTOR_PASSWORD:}

二、使用密鑰文件

2.1、使用密鑰文件，生成公鑰私鑰。

#public_key.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AMI7Z0SdxGqsm4JxkYt
TPgMbHSs3h04NUI+5nx9DJVVtUn4VNN/97BEvXMTXdePmTcm8K7+Ji/RyXTL4nS2
rie07d3TBDxk42Iup5H2aw2ZQYCCTzWqk7IwC9avLbUYmu6JzmSXvZgeUkjlih5j
jFW/vEUHqsy8e/6gCMd48LSfZ6LnvLZ0PXI7l7Xus5MqwOwTbz9Supysn8XWYq3F
vyo9bCc0p9c+wifj4uDRhMOVqcvH4mGBXaQIAtPpZ8IUHZRqr/CfNaeVAbChi7g7
d0D1ujrgCxpsyYhylvUTQ/XFgMJt/v6kD4TGK6dBnsLJSHDSrsND1H+rcBqgpWR9
ZwIDAQAB
-----END PUBLIC KEY-----


#private_key.pem

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDgAwjtnRJ3Eaqy
bgnGRi1M+AxsdKzeHTg1Qj7mfH0MlVW1SfhU03/3sES9cxNd14+ZNybwrv4mL9HJ
dMvidLauJ7Tt3dMEPGTjYi6nkfZrDZlBgIJPNaqTsjAL1q8ttRia7onOZJe9mB5S
SOWKHmOMVb+8RQeqzLx7/qAIx3jwtJ9noue8tnQ9cjuXte6zkyrA7BNvP1K6nKyf
xdZircW/Kj1sJzSn1z7CJ+Pi4NGEw5Wpy8fiYYFdpAgC0+lnwhQdlGqv8J81p5UB
sKGLuDt3QPW6OuALGmzJiHKW9RND9cWAwm3+/qQPhMYrp0GewslIcNKuw0PUf6tw
GqClZH1nAgMBAAECggEBAKazW3eHxe/5o694l6mHG7sFdClZgjMgR23KyIg4583v
a4Knczec1MP71outESJqgaAhHMdLUjIUr+ddFUSGWlOrlMbWpmumjeVwcQueYWQ1
EHFgMpjDdRbIKV0F/ALlm1PgY4jF7u3WP+o3+SkZiDcssKxoKlZ+WV1klK8z0do9
CvuhQybFDMxXWbI1c/gffS+rE68NiAY+M6K9RdlhEJFmQku1XXqSInyCnAA4HpEm
9DUkZoTptCzuLUIAZjywAHwhxQBjEBYuzWA+FcDKFbHW2naSg8N+CE7dZngrIvp3
AKEVD9LALDJgH9UfMWr/3sYivnlL/h3J6G3pOaB3BAECgYEA+voOef89zOgqAsgX
epJt5xsi8OWgNi/HJC6PLD/bIp+xlfKGme/ajLDniOSNV5JAzWSWWAm7oDiaZYev
0CS055QwUUQi12plw7xLxKH6XfItlszvXp8KrmlQF/b+HUgf4V6GZ+iajCH/bQX2
VNWKRVG0nUBM6OiHduTkCA91wGcCgYEA5H7REABCmbL3wKkoZlj1B0Qbx9T7bXFt
WVI1GOZTuVsWKUE2JVPYo5Y/gJ1n0V7AGyHxIGN5yqTB8OxNs7eSA0Rv52VmSUB/
OV3GFlrceca6mJC8t40UX9r3oBAGcJWf5JL/dF9lWSk+aREJIONKqwx9d8pvYyyu
QR8lYZ5ROwECgYA4HEe4RrROZ2ldDdcR9ELV9F8vdGcJNk1TbYVc4zne180gNQSa
zeESq0pYdKCU/4G1adOjAyoLfBwortlDs7EuRRc4U/9mIcd2p1ZZM82By28d09uA
UBZXP/xEH1hYu5NFE5kBCiPjSIaOnVKhTMyJCudScNnBCJugnTPOCYbN6QKBgQDE
o56ndpHaU/qDAxCRg9za8/I0d0YpWYQRan3nf9Bto8XemxBN72pw3cyoks3VkQUi
VIN+rB0UF9YP0EzObRxrU2o6aTktsSPL6reeZXN4GV5cDbNbAz6Vf4u7ZA8mtJ11
yEuviqldofDj2pVQiEqqCYWwobZaUwljYbp52BVwAQKBgQDoea/Y91c0TrU2Zfd0
J87vBxA82o8RhZR+1LPZxwkEnbbfewTlnESUVCo6NkKnNHjYo/UDAkhuNypNF+r7
cGq5FFOgHJ1fD1RgrUDZgbRLyQveG5vNKQAzSb7AbosE1Jsi9BJNB9bqXnnlwW+M
qwDLI2Fs3iJse7xcOlbO1q+O0A==
-----END PRIVATE KEY-----

2.2、加密密碼

    public static void main(String[] args) {
        SimpleAsymmetricConfig config = new SimpleAsymmetricConfig();
        config.setKeyFormat(AsymmetricCryptography.KeyFormat.PEM);
        config.setPublicKey("-----BEGIN PUBLIC KEY-----\n" +
                "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AMI7Z0SdxGqsm4JxkYt\n" +
                "TPgMbHSs3h04NUI+5nx9DJVVtUn4VNN/97BEvXMTXdePmTcm8K7+Ji/RyXTL4nS2\n" +
                "rie07d3TBDxk42Iup5H2aw2ZQYCCTzWqk7IwC9avLbUYmu6JzmSXvZgeUkjlih5j\n" +
                "jFW/vEUHqsy8e/6gCMd48LSfZ6LnvLZ0PXI7l7Xus5MqwOwTbz9Supysn8XWYq3F\n" +
                "vyo9bCc0p9c+wifj4uDRhMOVqcvH4mGBXaQIAtPpZ8IUHZRqr/CfNaeVAbChi7g7\n" +
                "d0D1ujrgCxpsyYhylvUTQ/XFgMJt/v6kD4TGK6dBnsLJSHDSrsND1H+rcBqgpWR9\n" +
                "ZwIDAQAB\n" +
                "-----END PUBLIC KEY-----");
        StringEncryptor encryptor = new SimpleAsymmetricStringEncryptor(config);
        String message = "1234567890";
        String encrypted = encryptor.encrypt(message);
        System.out.println(encrypted);
    }

2.3、設置配置項目application.yml

redis:
  password: zx2EBiIp85Is2701IJrfFGxhtM8wDgilfQkDdi7k3o+voT22n6KwaE3sQH+SKkKOgzIXScM9MVOYtFEOUoDSuWKL8ysP1fHaZag8GcS9ZH9BcJTb2IRFhE5qWbvCrNBS57lXfSHMflVKnNYeYn4wA1pEnOsdJt+YynCP7K4AHie+GHwaYzoqxuLFFVczYw7UqhqdxDeRun7gKHibA9/sbr7EATFgTHsaV3pv0Sfk3hLJw+/KewAdVmNW4YwRC/MsH9Igt7S2K+Ua9Kt6XgvL2C4HCFd9pLeeC0FCzyAt0kzVJy4Lwr2QmOVkpGnhEFK+N4knM3UxCsLqTOivmO3M6g==
jasypt:
  encryptor:
    private-key-format: PEM
    private-key-location: classpath:private_key.pem

2.4、將private_key.pem放到項目resources下。