Your SlideShare is downloading. ×
Grails Jasypt Encryption Plugin
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Grails Jasypt Encryption Plugin

5,462

Published on

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of …

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,462
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Grails Jasypt Encryption by Ted Naleid
  • 2. Who am I?
  • 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • 4. What Is It?
  • 5. grails plugin that integrates strong encryption into GORM
  • 6. allows field-level encryption on any domain object or field type
  • 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • 8. built on Jasypt Simplified Encryption framework
  • 9. Jasypt leverages Java Cryptography Extensions (JCE)
  • 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • 11. Why did we need it?
  • 12. constant automated hacking attempts happen on every computer on the public internet
  • 13. cloud computing potentially adds security weak points
  • 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • 15. full disk encryption has many drawbacks and limitations
  • 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  • 17. don’t need to outrun the bear
  • 18. advantages
  • 19. encrypt only what you need to
  • 20. strongly protects info even if your database gets rooted or someone steals a database dump
  • 21. painless integration into your domain
  • 22. Limitations
  • 23. encrypted fields take up extra space in database
  • 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • 26. How is it used?
  • 27. how do I install it? grails install-plugin jasypt-encryption
  • 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • 32. all encrypted values stored as strings in the database
  • 33. java.lang.String supported out of the box
  • 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • 37. Quick Demo
  • 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
  • 39. Questions?

×