Jasypt: Java simplified encryption - Jasypt: Java simplified encryption

Easy usage: the utils

The easiest way to use Jasypt is using its easy encryption tools, which are called the utils, because they live in the org.jasypt.util package.

They are called utils because they are ready-to-use, preconfigured digesters and encryptors you can use without knowing much about their configuration.

These utils are categorised depending on the task they are intended to do:

General digesting (org.jasypt.util.digest.*)

Password encryption (digesting) (org.jasypt.util.password.*)

Text encryption (org.jasypt.util.text.*)

Number encryption (org.jasypt.util.numeric.*)

Binary encryption (org.jasypt.util.binary.*)

(Note that, generally, when we talk about "password encryption", we are in fact talking about "password digesting", which is the technically correct term)

General digesting

org.jasypt.util.digest.Digester which performs message digesting at a binary level, and which results are equivalent to the ones obtained from a java.security.MessageDigest object, although acting in a thread-safe way and implementing an interface more suitable for use in a bean-centric environment.
```
...
Digester digester = new Digester();
digester.setAlgorithm("SHA-1");
...
byte[] digest = digester.digest(message);
...
```

Password encryption (digesting)

All classes here implement the org.jasypt.util.password.PasswordEncryptor interface, so that they can be used interchangeabily if needed.

org.jasypt.util.password.BasicPasswordEncryptor which can be used to both encrypt passwords when users sign up and check input passwords when users sign in.

...
BasicPasswordEncryptor passwordEncryptor = new BasicPasswordEncryptor();
String encryptedPassword = passwordEncryptor.encryptPassword(userPassword);
...
if (passwordEncryptor.checkPassword(inputPassword, encryptedPassword)) {
  // correct!
} else {
  // bad login!
}
...

org.jasypt.util.password.StrongPasswordEncryptor which implements much higher password security than PasswordEncryptor (at a higher computational cost).

...
StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
String encryptedPassword = passwordEncryptor.encryptPassword(userPassword);
...
if (passwordEncryptor.checkPassword(inputPassword, encryptedPassword)) {
  // correct!
} else {
  // bad login!
}
...

org.jasypt.util.password.ConfigurablePasswordEncryptor which lets the developer decide the algorithm to be used and whether he/she wants the full secure password encryption mechanism to be applied (as explained here) or rather a simple digest to be generated for legacy integration reasons.

...
ConfigurablePasswordEncryptor passwordEncryptor = new ConfigurablePasswordEncryptor();
passwordEncryptor.setAlgorithm("SHA-1");
passwordEncryptor.setPlainDigest(true);
String encryptedPassword = passwordEncryptor.encryptPassword(userPassword);
...
if (passwordEncryptor.checkPassword(inputPassword, encryptedPassword)) {
  // correct!
} else {
  // bad login!
}
...

Text encryption

All classes here implement the org.jasypt.util.text.TextEncryptor interface, so that they can be used interchangeabily if needed.

org.jasypt.util.text.BasicTextEncryptor which allows the user to encrypt and decrypt text data using a normal-strength algorithm. In order to be able to encrypt and decrypt, this encryptor has to be set a password first.

...
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
...
String plainText = textEncryptor.decrypt(myEncryptedText);
...

org.jasypt.util.text.StrongTextEncryptor which allows the user to encrypt and decrypt text data using a high-strength algorithm. (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it). In order to be able to encrypt and decrypt, this encryptor has to be set a password first.
```
...
StrongTextEncryptor textEncryptor = new StrongTextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
...
String plainText = textEncryptor.decrypt(myEncryptedText);
...
```

More security: the AES256TextEncryptor util class with a much more secure algorithm: PBEWithHMACSHA512AndAES_256, (you need Java 8 at least to use it):

...
AES256TextEncryptor textEncryptor = new AES256TextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
...
String plainText = textEncryptor.decrypt(myEncryptedText);
...

Number encryption

All classes here implement either the org.jasypt.util.numeric.DecimalNumberEncryptor or the org.jasypt.util.numeric.IntegerNumberEncryptor interfaces, so that they can be used interchangeabily if needed.

org.jasypt.util.numeric.BasicIntegerNumberEncryptor which allows the user to encrypt and decrypt BigInteger objects using a normal-strength algorithm. In order to be able to encrypt and decrypt, this encryptor has to be set a password first.

...
BasicIntegerNumberEncryptor integerEncryptor = new BasicIntegerNumberEncryptor();
integerEncryptor.setPassword(myEncryptionPassword);
...
BigInteger myEncryptedNumber = textEncryptor.encrypt(myNumber);
...
BigInteger plainNumber = textEncryptor.decrypt(myEncryptedNumber);
...

org.jasypt.util.numeric.StrongIntegerNumberEncryptor which allows the user to encrypt and decrypt BigInteger objects using a high-strength algorithm. (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it). In order to be able to encrypt and decrypt, this encryptor has to be set a password first.
```
...
StrongIntegerNumberEncryptor integerEncryptor = new StrongIntegerNumberEncryptor();
integerEncryptor.setPassword(myEncryptionPassword);
...
BigInteger myEncryptedNumber = integerEncryptor.encrypt(myNumber);
...
BigInteger plainNumber = integerEncryptor.decrypt(myEncryptedNumber);
...
```

More security: the AES256DecimalNumberEncryptor util class with a much more secure algorithm: PBEWithHMACSHA512AndAES_256, (you need Java 8 at least to use it):

...
BigInteger myNumber = ...;
...
AES256IntegerNumberEncryptor numberEncryptor = new AES256IntegerNumberEncryptor();
numberEncryptor.setPassword(myEncryptionPassword);
...
BigInteger myEncryptedNumber = numberEncryptor.encrypt(myNumber);
...
BigInteger plainNumber = numberEncryptor.decrypt(myEncryptedNumber);
...

org.jasypt.util.numeric.BasicDecimalNumberEncryptor which allows the user to encrypt and decrypt BigDecimal objects using a normal-strength algorithm. In order to be able to encrypt and decrypt, this encryptor has to be set a password first.

...
BasicDecimalNumberEncryptor decimalEncryptor = new BasicDecimalNumberEncryptor();
decimalEncryptor.setPassword(myEncryptionPassword);
...
BigDecimal myEncryptedNumber = decimalEncryptor.encrypt(myNumber);
...
BigDecimal plainNumber = decimalEncryptor.decrypt(myEncryptedNumber);
...

org.jasypt.util.numeric.StrongDecimalNumberEncryptor which allows the user to encrypt and decrypt BigDecimal objects using a high-strength algorithm. (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it). In order to be able to encrypt and decrypt, this encryptor has to be set a password first.
```
...
StrongDecimalNumberEncryptor decimalEncryptor = new StrongDecimalNumberEncryptor();
decimalEncryptor.setPassword(myEncryptionPassword);
...
BigDecimal myEncryptedNumber = decimalEncryptor.encrypt(myNumber);
...
BigDecimal plainNumber = decimalEncryptor.decrypt(myEncryptedNumber);
...
```

More security: the AES256DecimalNumberEncryptor util class with a much more secure algorithm: PBEWithHMACSHA512AndAES_256, (you need Java 8 at least to use it):

...
BigDecimal myNumber = ...;
...
AES256DecimalNumberEncryptor numberEncryptor = new AES256DecimalNumberEncryptor();
numberEncryptor.setPassword(myEncryptionPassword);
...
BigDecimal myEncryptedNumber = numberEncryptor.encrypt(myNumber);
...
BigDecimal plainNumber = numberEncryptor.decrypt(myEncryptedNumber);
...

Binary encryption

All classes here implement the org.jasypt.util.binary.BinaryEncryptor interface, so that they can be used interchangeabily if needed.

org.jasypt.util.binary.BasicBinaryEncryptor which allows the user to encrypt and decrypt byte[] objects using a normal-strength algorithm. In order to be able to encrypt and decrypt, this encryptor has to be set a password first.

...
BasicBinaryEncryptor binaryEncryptor = new BasicBinaryEncryptor();
binaryEncryptor.setPassword(myEncryptionPassword);
...
byte[] myEncryptedBinary = binaryEncryptor.encrypt(myBinary);
...
String plainBinary = binaryEncryptor.decrypt(myEncryptedBinary);
...

org.jasypt.util.binary.StrongBinaryEncryptor which allows the user to encrypt and decrypt byte[] objects using a high-strength algorithm. (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it). In order to be able to encrypt and decrypt, this encryptor has to be set a password first.
```
...
StrongBinaryEncryptor binaryEncryptor = new StrongBinaryEncryptor();
binaryEncryptor.setPassword(myEncryptionPassword);
...
byte[] myEncryptedBinary = binaryEncryptor.encrypt(myBinary);
...
String plainBinary = binaryEncryptor.decrypt(myEncryptedBinary);
...
```

More security: the AES256BinaryEncryptor util class with a much more secure algorithm: PBEWithHMACSHA512AndAES_256, (you need Java 8 at least to use it):

...
AES256BinaryEncryptor binaryEncryptor = new AES256BinaryEncryptor();
binaryEncryptor.setPassword(myEncryptionPassword);
...
byte[] myEncryptedBytes = binaryEncryptor.encrypt(myBytes);
...
byte[] plainBytes = binaryEncryptor.decrypt(myEncryptedBytes);
...

The Jasypt Project

Reference

Guides