0
Grails Jasypt
 Encryption
     by Ted Naleid
Who am I?
Overview
    What is it?
 Why did we need it?
    Advantages
    Limitations
  How is it used?
What Is It?
grails plugin that integrates strong
      encryption into GORM
allows field-level encryption on any
    domain object or field type
import com.bloomhealthco.jasypt
                               .GormEncryptedStringType


integrated into   class Member {...
built on Jasypt Simplified Encryption
             framework
Jasypt leverages Java Cryptography
          Extensions (JCE)
Bouncy Castle JCE provider jar
           included
(you can still use any JCE compatible encryptors you want)
Why did we need it?
constant automated hacking
attempts happen on every computer
       on the public internet
cloud computing potentially adds
      security weak points
if you have users, you have data to
              protect
           social security numbers
              medical claims/...
full disk encryption has many
  drawbacks and limitations
field level encryption lets you
protect the sensitive things –
everything else is at full speed
don’t need to outrun the bear
advantages
encrypt only what you need to
strongly protects info even if your
database gets rooted or someone
     steals a database dump
painless integration into your domain
Limitations
encrypted fields take up extra space
           in database
import com.bloomhealthco.jasypt
                                 .GormEncryptedStringType

                    class Membe...
breaks using field in WHERE clause
    (so dynamic finders for this field don’t work)
How is it used?
how do I install it?




grails install-plugin jasypt-encryption
how do I configure it?


// add to Config.groovy or external config file

jasypt {
    algorithm = "PBEWITHSHA256AND128BITA...
what encryption does Java allow
             by default?
% cat default_local.policy
// Some countries have import limits o...
what you actually want
        (download “unlimited” crypto jar from Sun^wOracle)




% cat default_local.policy
// Countr...
after that, it’s easy


import com.bloomhealthco.jasypt.GormEncryptedStringType

class Member {
  String name
  String ssn...
all encrypted values stored as strings
           in the database
java.lang.String supported
       out of the box
just implement 3 methods
encrypt your   protected Object convertToObject(String)

own objects    protected String convertT...
create your own GORM
                  encrypted type

import org.jasypt.hibernate.type.AbstractGormEncryptedStringType

p...
then use it in your mapping


class Foo {
  MyClass value

    static mapping = {
      ! value type: GormEncryptedMyObjec...
Quick Demo
Links
                           Grails Jasypt Plugin
                   http://bitbucket.org/tednaleid/grails-jasypt/wiki...
Questions?
Upcoming SlideShare
Loading in...5
×

Grails Jasypt Encryption Plugin

5,601

Published on

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,601
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
29
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Grails Jasypt Encryption Plugin"

  1. 1. Grails Jasypt Encryption by Ted Naleid
  2. 2. Who am I?
  3. 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  4. 4. What Is It?
  5. 5. grails plugin that integrates strong encryption into GORM
  6. 6. allows field-level encryption on any domain object or field type
  7. 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  8. 8. built on Jasypt Simplified Encryption framework
  9. 9. Jasypt leverages Java Cryptography Extensions (JCE)
  10. 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  11. 11. Why did we need it?
  12. 12. constant automated hacking attempts happen on every computer on the public internet
  13. 13. cloud computing potentially adds security weak points
  14. 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  15. 15. full disk encryption has many drawbacks and limitations
  16. 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  17. 17. don’t need to outrun the bear
  18. 18. advantages
  19. 19. encrypt only what you need to
  20. 20. strongly protects info even if your database gets rooted or someone steals a database dump
  21. 21. painless integration into your domain
  22. 22. Limitations
  23. 23. encrypted fields take up extra space in database
  24. 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  25. 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  26. 26. How is it used?
  27. 27. how do I install it? grails install-plugin jasypt-encryption
  28. 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  29. 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  30. 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  31. 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  32. 32. all encrypted values stored as strings in the database
  33. 33. java.lang.String supported out of the box
  34. 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  35. 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  36. 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  37. 37. Quick Demo
  38. 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
  39. 39. Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×