Spring Boot 配置文件加密

发表于 更新于 分类于 本文字数: 218 阅读时长 ≈ 1 分钟

openssl 新建RSA公钥私钥

1
2
3
4
5
6
7
8
# 私钥
openssl genrsa -out key.pem 1024
# 公钥
openssl rsa -in key.pem -pubout -out pubkey.pem
# 转换为pkcs8格式的私钥,Java读取的就是这个格式
openssl pkcs8 -topk8 -inform PEM -in key.pem -outform pem -nocrypt -out pkcs8.pem
# 转换rsa私钥,参考
openssl rsa -in pkcs8.pem -out pkcs1.pem

私钥的区别

1
2
3
4
# rsa私钥的头部
-----BEGIN RSA PRIVATE KEY-----
# pkcs8格式的私钥的头部
-----BEGIN PRIVATE KEY-----

jasypt maven

1
2
3
4
5
<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.1.1</version>
</dependency>

jasypt的用法

1
2
3
4
5
6
7
8
9
10
# jasypt配置,本地采用PEM的RSA私钥解密
jasypt:
  encryptor:
    privateKeyFormat: PEM
    privateKeyLocation: classpath:key.pem

# 配置密码的部分用ENC(******)
spring:
  mail:
    password: ENC(******)

jasypt生成密文

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricConfig;
import com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor;
import org.jasypt.encryption.StringEncryptor;

SimpleAsymmetricConfig config = new SimpleAsymmetricConfig();
config.setKeyFormat(PEM);
config.setPublicKey("-----BEGIN PUBLIC KEY-----\n"
    + "******\n"
    + "-----END PUBLIC KEY-----\n");
config.setPrivateKey("-----BEGIN PRIVATE KEY-----\n"
    + "******\n"
    + "-----END PRIVATE KEY-----\n");
StringEncryptor encryptor = new SimpleAsymmetricStringEncryptor(config);
String message = "passord";
String encrypted = encryptor.encrypt(message);
System.out.printf("Encrypted message %s\n", encrypted);
System.out.printf("Decrypted message %s\n", encryptor.decrypt(encrypted));