Use the jasypt command-line tool description

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

Jasypt can provide the encryption functionality in a simple way for the Java project, this simple way embodies the command line tool, and its Spring, Hibernate, Springsecurity, wicket and three party integration framework.

In this paper, in jasypt official website: download the jasypt package, unzip it to a local directory.

The following diagram:

The root directory:


The command line tools directory:



In the Lib directory is the core of jar jasypt and integrated with the third party components jar.

In the bin directory is a command line tool script jasypt.

In the apidoc directory of nature is the help documentation.

The following describes the command-line tool jasypt (here the operating environment is Windows system):



DIGEST ALGORTHMS: abstract algorithm

PBE ALGORTHMS(PASSWORD BASE ENCRYPTION):Encryption algorithm based on password

2 the following describes how to use the digest.bat, encrypt.bat, decrypt.bat

Command: digest.bat input=sa algorithm=SHA means to input information: "Sa" using the SHA algorithm to calculate the abstract information, OUTPUT is the output results.

Description: direct input digest.bat can help command information and parameters, where input is a required parameter, algorithm is an optional parameter, calculation of the information algorithm, the default is MD5.

Encryption and decryption are corresponding, the same way, directly enter the command can view the help information and parameters. For example, in the command window, type: encrypt.bat


Because encrypt.bat and decrypt.bat are the corresponding help information and parameters, so the requirements are the same, except that the input value of the encrypt.bat parameter is the "information", the input parameter decrypt.bat value is "encrypted information".

From the description of the above parameters can be seen in the algorithm is optional, it should provide the default set parameters for the jasypt, and the default algorithm encryption is here: PBEWithMD5AndDES

Below demonstrate by an example about encryption and decryption:





The encryption and decryption using the "PBEWITHSHA1ANDRC2_40" algorithm, all the normal operation.

After the PBE algorithm in the other three did the same test found that the use of "PBEWITHMD5ANDTRIPLEDES" algorithm operation failure condition.


From the information above is difficult to see what the problem is, so think of using Java program to test this algorithm. The error message is as follows:

 Encryption raised an exception. 
 A possible cause is you are using strong encryption algorithms and you have 
 not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 
 in this Java Virtual Machine

There is JCE not limited length policy file is not installed, so Baidu Google a to Orcale official website to find JDK7 JCE file.

Download after decompression can under the JAVA_HOME\jdk1.7.0_45\jre\lib\security or JAVA_HOME\jdk1.7.0_45_jre\lib\security, A total of two files local_policy.jar and US_export_policy.jar. that the two documents cover the default JDK.

In order to investigate the difference here, a file's contents, decompression after the discovery of different places in the local_policy.policy content in local_policy.jar.

Local_policy.policy JDK the default is:

// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.

grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;

The local_policy.policy content of JCE is:

// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;

The import of some countries password strength JDK in the default policy restrictions.

The command line tools on the use of jasypt is introduced and the possible problems are explained, to understand the secret decryption principle of concrete can participate in the "Java encryption and decryption of art" the author's blog: .

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Ralap at August 23, 2014 - 11:28 PM