All geek questions in one place

Encryption exception when loading application properties (Java jasypt encryption)

When trying to install a module using Maven, it causes the following error:

org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine

Application properties are encoded as follows:

 app.check.url=ENC(sCO3322RNYdt3wPfO04GoaN9PijwJzUcn9rb4ggHymA\=)

And my spring configuration is as follows:

 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <bean id="placeholderConfig" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor"/> <property name="ignoreResourceNotFound"> <value>true</value> </property> <property name="ignoreUnresolvablePlaceholders"> <value>false</value> </property> <property name="locations"> <list> <!-- These always come from the file system in ./conf/appCtx --> <value>file:../application.properties</value> </list> </property> <property name="systemPropertiesModeName"> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value> </property> </bean> <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config" ref="environmentVariablesConfiguration"/> </bean> <bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndTripleDES"/> <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD"/> </bean>

And I have jdk 1.7 which has the necessary JCE files for encryption.

Any ideas on how to solve this problem?

+4
source share
2 answers

you did not install jce, were present by default in lib\security . But it could not be obtained or used. Download jce files and overwrite existing files. Look at your error you have not installed the Java Cryptography Extension (JCE)

+5
source

Your problem is not that you do not have JCE. You do. But from your configuration, you use the TripleDES algorithm, and for this you need to install the JCE "Unlimited strong jurisdiction policy files", as stated in the message.

These files can be downloaded from the Oracle website (from the same page where you download the JDK), and are distributed under a very different license agreement, because you must assure that you are not from a “forbidden” country (Iran, N. Korea, etc. .d.) ...

See this question in the Jasypt FAQ: http://www.jasypt.org/faq.html#no-unlimited-strength

+9
source

Source: https://habr.com/ru/post/1444249/

More articles:


All Articles