grails jasypt encryption plugin
DESCRIPTION
The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.TRANSCRIPT
![Page 1: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/1.jpg)
Grails Jasypt Encryption
by Ted Naleid
![Page 2: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/2.jpg)
Who am I?
![Page 3: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/3.jpg)
Overview
What is it?
Why did we need it?
Advantages
Limitations
How is it used?
![Page 4: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/4.jpg)
What Is It?
![Page 5: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/5.jpg)
grails plugin that integrates strong encryption into GORM
![Page 6: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/6.jpg)
allows field-level encryption on any domain object or field type
![Page 7: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/7.jpg)
import com.bloomhealthco.jasypt .GormEncryptedStringType
class Member { String name String ssn
static mapping = { ssn type: GormEncryptedStringType }}
integrated into domain objects
![Page 8: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/8.jpg)
built on Jasypt Simplified Encryption framework
![Page 9: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/9.jpg)
Jasypt leverages Java Cryptography Extensions (JCE)
![Page 10: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/10.jpg)
Bouncy Castle JCE provider jar included
(you can still use any JCE compatible encryptors you want)
![Page 11: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/11.jpg)
Why did we need it?
![Page 12: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/12.jpg)
constant automated hacking attempts happen on every computer
on the public internet
![Page 13: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/13.jpg)
cloud computing potentially adds security weak points
![Page 14: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/14.jpg)
if you have users, you have data to protect
social security numbers
medical claims/PHI
credit card numbers
birth dates
security question answers
![Page 15: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/15.jpg)
full disk encryption has many drawbacks and limitations
![Page 16: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/16.jpg)
field level encryption lets you protect the sensitive things – everything else is at full speed
![Page 17: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/17.jpg)
don’t need to outrun the bear
![Page 18: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/18.jpg)
advantages
![Page 19: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/19.jpg)
encrypt only what you need to
![Page 20: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/20.jpg)
strongly protects info even if your database gets rooted or someone
steals a database dump
![Page 21: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/21.jpg)
painless integration into your domain
![Page 22: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/22.jpg)
Limitations
![Page 23: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/23.jpg)
encrypted fields take up extra space in database
![Page 24: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/24.jpg)
import com.bloomhealthco.jasypt .GormEncryptedStringType
class Member { String name String ssn
static mapping = { ssn type: GormEncryptedStringType }
static constraints = { ssn( matches: '^\\d{3}-\\d{2}-\\d{4}$', maxSize: 44 // unencrypted 11 ) }}
currently need to use two grails
validators
![Page 25: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/25.jpg)
breaks using field in WHERE clause(so dynamic finders for this field don’t work)
![Page 26: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/26.jpg)
How is it used?
![Page 27: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/27.jpg)
grails install-plugin jasypt-encryption
how do I install it?
![Page 28: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/28.jpg)
// add to Config.groovy or external config file
jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000}
how do I configure it?
![Page 29: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/29.jpg)
% cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable.grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128;};
what encryption does Java allow by default?
![Page 30: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/30.jpg)
% cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength.grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
what you actually want(download “unlimited” crypto jar from Sun^wOracle)
![Page 31: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/31.jpg)
import com.bloomhealthco.jasypt.GormEncryptedStringType
class Member { String name String ssn
static mapping = { ! ssn type: GormEncryptedStringType }}
after that, it’s easy
![Page 32: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/32.jpg)
all encrypted values stored as strings in the database
![Page 33: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/33.jpg)
java.lang.String supported out of the box
![Page 34: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/34.jpg)
just implement 3 methods
protected Object convertToObject(String)
protected String convertToString(Object)
public Class returnedClass()
encrypt your own objects
![Page 35: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/35.jpg)
import org.jasypt.hibernate.type.AbstractGormEncryptedStringType
public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType {
protected Object convertToObject(String string) { new MyObject(string) }
protected String convertToString(Object object) {MyObject.toString()
}
public Class returnedClass() { MyObject }}
create your own GORM encrypted type
![Page 36: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/36.jpg)
class Foo { MyClass value
static mapping = { ! value type: GormEncryptedMyObjectType }}
then use it in your mapping
![Page 37: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/37.jpg)
Quick Demo
![Page 38: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/38.jpg)
Links
Grails Jasypt Pluginhttp://bitbucket.org/tednaleid/grails-jasypt/wiki
Jasypthttp://www.jasypt.org/
Bouncy Castle (AES)http://www.bouncycastle.org/java.html
Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
![Page 39: Grails Jasypt Encryption Plugin](https://reader033.vdocument.in/reader033/viewer/2022061616/5558752dd8b42aaa7e8b53a6/html5/thumbnails/39.jpg)
Questions?