java 使用 Jasypt 和随机盐进行密码加密和解密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26211466/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Password Encryption and Decryption with Jasypt and random salt
提问by iCode
Hi I have a Java application. I want to use Jasypt to encrypt and decrypt the passwords with random salt generated based on size and algorithm.
嗨,我有一个 Java 应用程序。我想使用 Jasypt 使用基于大小和算法生成的随机盐来加密和解密密码。
This is what I want to achieve.
这就是我想要达到的目标。
- Create a random salt.
- Encrypt the password with the salt.
- Save the salt and encrypted password for the user.
- 创建一个随机盐。
- 用盐加密密码。
- 为用户保存盐和加密密码。
I want the salt size, algorithm to be given as input.
我希望将盐大小和算法作为输入给出。
The reason why I want decryption is that, I have some configuration files created for the application and some values are passwords that I want to save as encrypted in the file and decrypt it when I want to use it.
我想要解密的原因是,我为应用程序创建了一些配置文件,一些值是密码,我想在文件中保存为加密的密码,并在我想使用它时解密。
I have this Java classwhich creates salt and then creates the hash code and I could use it for validating user (I can save salt and hascode instead of encrypted password.). I changed it some and created a method to create random salt in that example. But there is no decryption method.
我有这个 Java 类,它创建 salt 然后创建哈希码,我可以用它来验证用户(我可以保存 salt 和 hascode 而不是加密密码。)。我对其进行了一些更改,并在该示例中创建了一种创建随机盐的方法。但是没有解密方法。
That's why I choose Jasypt. But I havn't seen any proper example of how to use it.
这就是我选择Jasypt的原因。但是我还没有看到任何关于如何使用它的正确示例。
I tried following and always it returns same salt.
我尝试跟随并且总是返回相同的盐。
public static void main(String[] args) {
RandomSaltGenerator saltGenerator = new RandomSaltGenerator();
byte[] salt = saltGenerator.generateSalt(24);
System.out.println(salt);
}
Can anybody provide a proper example or how to use it in my own way? I want to achieve what Jasypt have mentioned in their article. But there are no codes available.
任何人都可以提供一个适当的例子或如何以我自己的方式使用它?我想实现Jasypt 在他们的文章中提到的内容。但是没有可用的代码。
回答by Cristian Greco
This article about password encryptionwith Jasypt describes standard best practices of storing encrypted user passwords with one-way encryption. Once you've stored a password using such techniques, there is now way to decrypt it.
这篇关于使用 Jasypt加密密码的文章描述了使用单向加密存储加密用户密码的标准最佳实践。一旦您使用此类技术存储了密码,现在就可以对其进行解密。
If you need to encrypt and decrypt passwords for application configuration, you should consider using the StandardPBEStringEncryptorprovided by Jasypt (or whatever provider best fits your data type). This pagecontains good explanation and example code.
如果你需要加密和应用程序配置解密的密码,你应该考虑使用StandardPBEStringEncryptor提供由Jasypt(或任何提供最适合您的数据类型)。此页面包含很好的解释和示例代码。
Even better, Jasypt provides first class support for encrypted application configurationusing .properties files (also with good support for Spring).
更好的是,Jasypt 为使用 .properties 文件的加密应用程序配置提供了一流的支持(对 Spring 也有很好的支持)。
