Jasypt offers support for performing PBE (Password Based Encryption) operations on numbers. This is offered through the org.jasypt.encryption.pbe.PBEBigIntegerEncryptor and org.jasypt.encryption.pbe.PBEBigDecimalEncryptor interfaces and their respective default implementations, org.jasypt.encryption.pbe.StandardPBEBigIntegerEncryptor and org.jasypt.encryption.pbe.StandardPBEBigDecimalEncryptor.
Jasypt uses the byte (binary) encryption mechanisms as a basis for text encryption.
Note that encrypted numbers will need much more digits for its representation than the original numbers from which they come, and so they will also need more space for being stored. For example, a 4-byte integer will probably have a size of no less than 16 bytes, once encrypted. This is why only BigIntegers and BigDecimals can be encrypted with jasypt, and not usual integers, longs, floats... (although these can be encrypted in hibernate as Strings instead of numbers) .
Assuming that you will be using the default implementations, once a StandardPBEBigIntegerEncryptor or StandardPBEBigDecimalEncryptor instance has been created, this is how it will work:
The algorithm, password and key-obtention iterations can take values in any of these ways:
And the actual values to be used for initialization will be established by applying the following priorities:
Before it is ready to encrypt, an object of this class has to be initialised. Initialisation happens:
An encryptor may be used for:
When using a random salt generator, two encryption results for the same message will always be different (except in the case of random salt coincidence). This enforces security by difficulting brute force attacks on sets of data at a time and forcing attackers to perform a brute force attack on each separate piece of encrypted data.
To learn more about the mechanisms involved in encryption, read PKCS #5: Password-Based Cryptography Standard.
Easiest use: the BasicIntegerNumberEncryptor and BasicDecimalNumberEncryptor util classes:
... BigInteger myNumber = ...; ... BasicIntegerNumberEncryptor numberEncryptor = new BasicIntegerNumberEncryptor(); numberEncryptor.setPassword(myEncryptionPassword); ... BigInteger myEncryptedNumber = numberEncryptor.encrypt(myNumber); ... BigInteger plainNumber = numberEncryptor.decrypt(myEncryptedNumber); ...
More security: the StrongIntegerNumberEncryptor and StrongDecimalNumberEncryptor util classes with a much more secure (but slower!) algorithm (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use them):
... BigDecimal myNumber = ...; ... StrongDecimalNumberEncryptor numberEncryptor = new StrongDecimalNumberEncryptor(); numberEncryptor.setPassword(myEncryptionPassword); ... BigDecimal myEncryptedNumber = numberEncryptor.encrypt(myNumber); ... BigDecimal plainNumber = numberEncryptor.decrypt(myEncryptedNumber); ...
All these util classes are in fact pre-configured, easy-to-use versions of their corresponding full-featured classes StandardPBEBigIntegerEncryptor and, StandardPBEBigDecimalEncryptor so let's use the original classes for total control:
... BigDecimal myNumber = ...; ... StandardPBEBigDecimalEncryptor encryptor = new StandardPBEBigDecimalEncryptor(); encryptor.setPassword("jasypt"); // we HAVE TO set a password encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); // optionally set the algorithm ... BigDecimal myEncryptedNumber = encryptor.encrypt(myNumber); ... BigDecimal plainNumber = encryptor.decrypt(myEncryptedNumber); ...
And we can even use a pooled version for higher performance in multi-processor/multi-core systems:
... BigInteger myNumber = ...; ... PooledPBEBigIntegerEncryptor encryptor = new PooledPBEBigIntegerEncryptor(); encryptor.setPoolSize(4); // This would be a good value for a 4-core system encryptor.setPassword("jasypt"); encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); ... BigInteger myEncryptedNumber = encryptor.encrypt(myNumber); ... BigInteger plainNumber = encryptor.decrypt(myEncryptedNumber); ...