Hi,

There are a lot situation when we keep confidential data into our database. When matter of confidentiality comes, encryption comes first in mind. Today, in this article I will try to explain a beautiful technique to do so. This technique does not only work with the beginning of the project but also works well if you have written the most of the code to persistent data in your database.

The technique name is Jasypt. Jasypt is a java library which allows the developer to add basic encryption capabilities to projects with minimum effort, and without the need of having deep knowledge on how cryptography works. Let's see how it works with Spring 4 and Hibernate 4.

Jasypt beans Configuration in ApplicationContext -

@Bean
@Autowired
@Lazy(false)
public HibernatePBEStringEncryptor hibernateStringEncryptor(PBEStringEncryptor strongEncryptor){
	HibernatePBEStringEncryptor hibernateEncryptor = new HibernatePBEStringEncryptor();
	hibernateEncryptor.setRegisteredName("STRING_ENCRYPTOR");
	hibernateEncryptor.setEncryptor(strongEncryptor);
	return hibernateEncryptor;
}
	 
@Bean
@Lazy(false)
public PBEStringEncryptor strongEncryptor() {	 
	String encryptorKey = environment.getRequiredProperty("encryptorKey");
	PooledPBEStringEncryptor strongEncryptor = new PooledPBEStringEncryptor(); // There are few version of PBEStringEncryptor, I have used here PooledPBEStringEncryptor.
	strongEncryptor.setPassword(encryptorKey);
	strongEncryptor.setAlgorithm("PBEWithMD5AndDES");
	strongEncryptor.setPoolSize(4);
	
	return strongEncryptor;
}

Keep these two beans in your @Configuration java files. The above code registers the Encryptor with Spring ApplicationContext. Now the Encryptor is available with name STRING_ENCRYPTOR for Hibernate in ApplicationContext, which could be used to encrypt/decrypt data at the DAO layer.

Entities Configuration - 

Suppose we have an entity class as follow - 

@Entity
public class UserTransaction implements java.io.Serializable {
    
    private String isinNo;
    
    @Column(name = "ISIN_NO", length = 16)
	public String getIsinNo() {
		return this.isinNo;
	}

	public void setIsinNo(String isinNo) {
		this.isinNo = isinNo;
	}

     // (...)
}

We can define the types as below-

@TypeDefs
({
        @TypeDef(
                name="encryptedString",
                typeClass=EncryptedStringType.class,
                parameters={
                	@Parameter(name="encryptorRegisteredName", value="STRING_ENCRYPTOR")
                }
        )
})
@Entity
public class UserTransaction implements java.io.Serializable {
    
    private String isinNo;
    
    @Column(name = "ISIN_NO", length = 16)
	public String getIsinNo() {
		return this.isinNo;
	}

	public void setIsinNo(String isinNo) {
		this.isinNo = isinNo;
	}
     // (...)
}

In the above code snippet, We define the encrypted types for our columns properties in entity class. We can encrypt as many property as many we want in our entity. Jasypt provides us the many types corresponds to the different java types as EncryptedStringType. Few of them are as follow - 

Mark Column with Jasypt type in entity class - 

@TypeDefs
({
        @TypeDef(
                name="encryptedString",
                typeClass=EncryptedStringType.class,
                parameters={
                	@Parameter(name="encryptorRegisteredName", value="STRING_ENCRYPTOR")
                }
        )
})
@Entity
public class UserTransaction implements java.io.Serializable {
    
    private String isinNo;
    
    @Column(name = "ISIN_NO", length = 16)
    @Type(type="encryptedString")
	public String getIsinNo() {
		return this.isinNo;
	}

	public void setIsinNo(String isinNo) {
		this.isinNo = isinNo;
	}
     // (...)
}

That's it. Run the code and check the encrypted data in your database.

Thanks. Happy coding.