Jasypt supplies a bunch of Command Line Interface (CLI) tools, useful for performing encryption, decryption and digest operations from the command line.
In order to use this tools, you should download the distribution zip file (named jasypt-$VERSION-dist.zip) and unzip it. Once done, you will find a jasypt-$VERSION/bin directory containing:
(Please note that before using the .sh files, you might need to add execution permissions to them with something like "chmod u+x *.sh".)
Most of these commands are executed with the following syntax:
[command] [argument1]=[value1] [argument2]=[value2] ...
For example:
./digest.sh input="U3ERPA33_W0RD" algorithm=SHA1
Extended Classpath: All these commands honor the existence of a JASYPT_CLASSPATH environment variable containing extended classpath definitions for the execution of the encryption/decryption/digest commands. This feature can be useful if the user wants to configurehis/her own security provider or salt generator implementation, or if the user is using Java 1.5 or older and needs to add icu4j's jars to the classpath (which are not included with jasypt's distribucion any more).
Verbosity: Most of these commands admit a verbose parameter (which can be set to true (default) or false) which let the user switch from an explanatory output to a very reduced one, showing only the result of the operation (specially useful for scripting).
Encryption is performed at the command line with the encrypt.bat/encrypt.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.encryption.pbe.StandardPBEStringEncryptor. All the default values of this encryptor class are assumed when executing the CLI command. To know more, see JavaDoc.
Usage:
$ ./encrypt.sh
Using classpath: .:./lib/icu4j-3.4.4.jar:./lib/jasypt-1.9.x.jar
USAGE: encrypt.sh [ARGUMENTS]
* Arguments must apply to format:
"arg1=value1 arg2=value2 arg3=value3 ..."
* Required arguments:
input
password
* Optional arguments:
verbose
algorithm
keyObtentionIterations
saltGeneratorClassName
providerName
providerClassName
stringOutputType
ivGeneratorClassNameExamples:
$ ./encrypt.sh input="This is my message to be encrypted" password=MYPAS_WORD ----ENVIRONMENT----------------- Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05 ----ARGUMENTS------------------- input: This is my message to be encrypted password: MYPAS_WORD ----OUTPUT---------------------- k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e
$ ./encrypt.sh input="This is my message to be encrypted" password=MYPAS_WORD verbose=false uv9+BnQFuZbfTV5Kf45oBOr0eJzBW5AS+XaYY+Lu5XWYhGgl0Ee41P0QUGpIrfyD
Decryption is performed at the command line with the decrypt.bat/decrypt.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.encryption.pbe.StandardPBEStringEncryptor. All the default values of this encryptor class are assumed when executing the CLI command. To know more, see JavaDoc.
Usage:
$ ./decrypt.sh
Using classpath: .:./lib/icu4j-3.4.4.jar:./lib/jasypt-1.9.x.jar
USAGE: decrypt.sh [ARGUMENTS]
* Arguments must apply to format:
"arg1=value1 arg2=value2 arg3=value3 ..."
* Required arguments:
input
password
* Optional arguments:
verbose
algorithm
keyObtentionIterations
saltGeneratorClassName
providerName
providerClassName
stringOutputType
ivGeneratorClassNameExamples:
$ ./decrypt.sh input="k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e" password=MYPAS_WORD ----ENVIRONMENT----------------- Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05 ----ARGUMENTS------------------- input: k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e password: MYPAS_WORD ----OUTPUT---------------------- This is my message to be encrypted
$ ./decrypt.sh input="k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e" password=MYPAS_WORD verbose=false This is my message to be encrypted
Digest is performed at the command line with the digest.bat/digest.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.digest.StandardStringDigester. All the default values of this digester class are assumed when executing the CLI command. To know more, see JavaDoc.
Usage:
$ ./digest.sh
Using classpath: .:./lib/icu4j-3.4.4.jar:./lib/jasypt-1.9.x.jar
USAGE: digest.sh [ARGUMENTS]
* Arguments must apply to format:
"arg1=value1 arg2=value2 arg3=value3 ..."
* Required arguments:
input
* Optional arguments:
verbose
algorithm
iterations
saltSizeBytes
saltGeneratorClassName
providerName
providerClassName
invertPositionOfSaltInMessageBeforeDigesting
invertPositionOfPlainSaltInEncryptionResults
useLenientSaltSizeCheck
unicodeNormalizationIgnored
stringOutputType
prefix
suffixExamples:
$ ./digest.sh input="userDaTaBaSe_pass_word" ----ENVIRONMENT----------------- Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05 ----ARGUMENTS------------------- input: userDaTaBaSe_pass_word ----OUTPUT---------------------- RSeN4JXTJwVFK6YYnxr6kYzK5I7aDqnJ
$ ./digest.sh input="userDaTaBaSe_pass_word" verbose=false 3oZF4OzyW/0OZEDG/EU+22b+0ZJg9FSc
The listAlgorithms[.sh|.bat] script will list the digest and PBE (Password-Based-Encryption) algorithms available in your Java VM.
It receives no arguments and its usage is extremely simple:
$ ./listAlgorithms.sh DIGEST ALGORITHMS: [MD2, MD5, SHA, SHA-256, SHA-384, SHA-512] PBE ALGORITHMS: [PBEWITHMD5ANDDES, PBEWITHMD5ANDTRIPLEDES, PBEWITHSHA1ANDDESEDE, PBEWITHSHA1ANDRC2_40]
Please note that this command will not list any arguments from non-default JCE providers like Bouncy Castle unless you have registered such providers at the JVM installation by copying the provider's jar files to the extensions directory of our JRE installation ($JRE_HOME/lib/ext) and then appending the name of the Provider class at the end of the provider list at the java.security file in $JRE_HOME/lib/security. See Using Non-Default Providers or Jasypt + Bouncy Castle for more details.