Grails Jasypt Encryption Plugin
Upcoming SlideShare
Loading in...5

Grails Jasypt Encryption Plugin



The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of ...

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.



Total Views
Views on SlideShare
Embed Views



7 Embeds 1,231 1219 4 3 2 1 1 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Grails Jasypt Encryption Plugin Grails Jasypt Encryption Plugin Presentation Transcript

  • Grails Jasypt Encryption by Ted Naleid
  • Who am I?
  • Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • What Is It?
  • grails plugin that integrates strong encryption into GORM
  • allows field-level encryption on any domain object or field type
  • import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • built on Jasypt Simplified Encryption framework
  • Jasypt leverages Java Cryptography Extensions (JCE)
  • Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • Why did we need it?
  • constant automated hacking attempts happen on every computer on the public internet
  • cloud computing potentially adds security weak points
  • if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • full disk encryption has many drawbacks and limitations
  • field level encryption lets you protect the sensitive things – everything else is at full speed
  • don’t need to outrun the bear
  • advantages
  • encrypt only what you need to
  • strongly protects info even if your database gets rooted or someone steals a database dump
  • painless integration into your domain
  • Limitations
  • encrypted fields take up extra space in database
  • import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • How is it used?
  • how do I install it? grails install-plugin jasypt-encryption
  • how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • all encrypted values stored as strings in the database
  • java.lang.String supported out of the box
  • just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • Quick Demo
  • Links Grails Jasypt Plugin Jasypt Bouncy Castle (AES) Unlimited Strength Jars (under “other”)
  • Questions?