Encrypting from the command line: Jasypt CLI Tools

Jasypt supplies a bunch of Command Line Interface (CLI) tools, useful for performing encryption, decryption and digest operations from the command line.

To use this tools, you should download the distribution zip file (named jasypt-$VERSION-dist.zip) and unzip it. Once done, you will find a jasypt-$VERSION/bin directory containing:

  • jasypt-cli-bundle.jar: A jar file containing a specially prepared version of jasypt, including the CLI tools and all the required jasypt dependencies, which you should never add into your projects' classpath.
  • A set of .bat files for Windows execution:
    • encrypt.bat: for PBE (Password Based Encryption) encryption operations.
    • decrypt.bat: for PBE (Password Based Encryption) decryption operations.
    • digest.bat: for message digest operations.
  • A set of .sh files for Linux/UNIX execution:
    • encrypt.sh: for PBE (Password Based Encryption) encryption operations.
    • decrypt.sh: for PBE (Password Based Encryption) decryption operations.
    • digest.sh: for message digest operations.

      (Please note that before using the .sh files, you might need to add execution permissions to them with something like "chmod u+x *.sh".)

All the commands are executed with the following syntax:

[command] [argument1]=[value1] [argument2]=[value2] ...

For example:

./digest.sh input="U3ERPA33_W0RD" algorithm=SHA1

Extended Classpath: All these commands honor the existence of a JASYPT_CLASSPATH environment variable containing extended classpath definitions for the execution of the encryption/decryption/digest commands. This feature can be useful if the user wants to configurehis/her own security provider or salt generator implementation.

Verbosity: All these commands admit a verbose parameter (which can be set to true (default) or false) which let the user switch from an explanatory output to a very reduced one, showing only the result of the operation (specially useful for scripting).

Encryption from the command line ("encrypt" command)

Encryption is performed at the command line with the encrypt.bat/encrypt.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.encryption.pbe.StandardPBEStringEncryptor. All the default values of this encryptor class are assumed when executing the CLI command. To know more, see JavaDoc.

Usage:

$ ./encrypt.sh

USAGE: encrypt.sh [ARGUMENTS]

  * Arguments must apply to format:

      "arg1=value1 arg2=value2 arg3=value3 ..."

  * Required arguments:

      input

      password

  * Optional arguments:

      verbose

      algorithm

      keyObtentionIterations

      saltGeneratorClassName

      providerName

      providerClassName

      stringOutputType

Examples:

$ ./encrypt.sh input="This is my message to be encrypted" password=MYPAS_WORD

 ----ENVIRONMENT-----------------

Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05



 ----ARGUMENTS-------------------

input: This is my message to be encrypted
password: MYPAS_WORD



 ----OUTPUT----------------------

k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e


$ ./encrypt.sh input="This is my message to be encrypted" password=MYPAS_WORD verbose=false
uv9+BnQFuZbfTV5Kf45oBOr0eJzBW5AS+XaYY+Lu5XWYhGgl0Ee41P0QUGpIrfyD

Decryption from the command line ("decrypt" command)

Decryption is performed at the command line with the decrypt.bat/decrypt.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.encryption.pbe.StandardPBEStringEncryptor. All the default values of this encryptor class are assumed when executing the CLI command. To know more, see JavaDoc.

Usage:

$ ./decrypt.sh

USAGE: decrypt.sh [ARGUMENTS]

  * Arguments must apply to format:

      "arg1=value1 arg2=value2 arg3=value3 ..."

  * Required arguments:

      input

      password

  * Optional arguments:

      verbose

      algorithm

      keyObtentionIterations

      saltGeneratorClassName

      providerName

      providerClassName

      stringOutputType

Examples:

$ ./decrypt.sh input="k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e" password=MYPAS_WORD

 ----ENVIRONMENT-----------------

Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05



 ----ARGUMENTS-------------------

input: k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e
password: MYPAS_WORD



 ----OUTPUT----------------------

This is my message to be encrypted


$ ./decrypt.sh input="k1AwOd5XuW4VfPQtEXEdVlMnaNn19hivMbn1G4JQgq/jArjtKqryXksYX4Hl6A0e" password=MYPAS_WORD verbose=false
This is my message to be encrypted

Digest from the command line ("digest" command)

Digest is performed at the command line with the digest.bat/digest.sh command, and its usage and parametrization corresponds exactly with that of a org.jasypt.digest.StandardStringDigester. All the default values of this digester class are assumed when executing the CLI command. To know more, see JavaDoc.

Usage:

$ ./digest.sh
I:\Projects\workspace\jasypt\target\jasypt-1.4-dev\bin>digest

USAGE: digest.sh [ARGUMENTS]

  * Arguments must apply to format:

      "arg1=value1 arg2=value2 arg3=value3 ..."

  * Required arguments:

      input

  * Optional arguments:

      verbose

      algorithm

      iterations

      saltSizeBytes

      saltGeneratorClassName

      providerName

      providerClassName

      unicodeNormalizationIgnored

      stringOutputType

Examples:

$ ./digest.sh input="userDaTaBaSe_pass_word"

 ----ENVIRONMENT-----------------

Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM 1.6.0_03-b05



 ----ARGUMENTS-------------------

input: userDaTaBaSe_pass_word



 ----OUTPUT----------------------

RSeN4JXTJwVFK6YYnxr6kYzK5I7aDqnJ


$ ./decrypt.sh input="userDaTaBaSe_pass_word" verbose=false
3oZF4OzyW/0OZEDG/EU+22b+0ZJg9FSc