Jasypt offers support for performing PBE (Password Based Encryption) operations on binaries (byte objects). This is offered through the org.jasypt.encryption.pbe.PBEByteEncryptor interface and its default implementation, org.jasypt.encryption.pbe.StandardPBEByteEncryptor.
Assuming that you will be using the default implementation, once the StandardPBEByteEncryptor instance has been created, this is how it will work:
The algorithm, password and key-obtention iterations can take values in any of these ways:
And the actual values to be used for initialization will be established by applying the following priorities:
Before it is ready to encrypt, an object of this class has to be initialised. Initialisation happens:
An encryptor may be used for:
When using a random salt generator, two encryption results for the same message will always be different (except in the case of random salt coincidence). This enforces security by difficulting brute force attacks on sets of data at a time and forcing attackers to perform a brute force attack on each separate piece of encrypted data.
To learn more about the mechanisms involved in encryption, read PKCS #5: Password-Based Cryptography Standard.
Easiest use: the BasicBinaryEncryptor util class:
... BasicBinaryEncryptor binaryEncryptor = new BasicBinaryEncryptor(); binaryEncryptor.setPassword(myEncryptionPassword); ... byte myEncryptedBytes = binaryEncryptor.encrypt(myBytes); ... byte plainBytes = binaryEncryptor.decrypt(myEncryptedBytes); ...
More security: the StrongBinaryEncryptor util class with a much more secure (but slower!) algorithm (you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use it):
... StrongBinaryEncryptor binaryEncryptor = new StrongBinaryEncryptor(); binaryEncryptor.setPassword(myEncryptionPassword); ... byte myEncryptedBytes = binaryEncryptor.encrypt(myBytes); ... byte plainBytes = binaryEncryptor.decrypt(myEncryptedBytes); ...
All these util classes are in fact pre-configured, easy-to-use versions of StandardPBEByteEncryptor, so let's use the original class for total control:
... StandardPBEByteEncryptor encryptor = new StandardPBEByteEncryptor(); encryptor.setPassword("jasypt"); // we HAVE TO set a password encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); // optionally set the algorithm ... byte encryptedBytes = encryptor.encrypt(myBytes); ... byte plainBytes = encryptor.decrypt(encryptedBytes); // myBytes.equals(plainBytes) ...
And we can even use a pooled version for higher performance in multi-processor/multi-core systems:
... PooledPBEByteEncryptor encryptor = new PooledPBEByteEncryptor(); encryptor.setPoolSize(4); // This would be a good value for a 4-core system encryptor.setPassword("jasypt"); encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); ... byte encryptedBytes = encryptor.encrypt(myBytes); ...