The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.
27. how do I install it?
grails install-plugin jasypt-encryption
28. how do I configure it?
// add to Config.groovy or external config file
jasypt {
algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC"
providerName = "BC"
password = "<my super secret passphrase>"
keyObtentionIterations = 1000
}
29. what encryption does Java allow
by default?
% cat default_local.policy
// Some countries have import limits on crypto strength. This policy file is
worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
30. what you actually want
(download “unlimited” crypto jar from Sun^wOracle)
% cat default_local.policy
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
31. after that, it’s easy
import com.bloomhealthco.jasypt.GormEncryptedStringType
class Member {
String name
String ssn
static mapping = {
! ssn type: GormEncryptedStringType
}
}
34. just implement 3 methods
encrypt your protected Object convertToObject(String)
own objects protected String convertToString(Object)
public Class returnedClass()
35. create your own GORM
encrypted type
import org.jasypt.hibernate.type.AbstractGormEncryptedStringType
public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType {
protected Object convertToObject(String string) {
new MyObject(string)
}
protected String convertToString(Object object) {
MyObject.toString()
}
public Class returnedClass() { MyObject }
}
36. then use it in your mapping
class Foo {
MyClass value
static mapping = {
! value type: GormEncryptedMyObjectType
}
}