#298 added configurable algorithm. #332
Conversation
There was a problem hiding this comment.
For #71 my expecation would be:
- we understand why the default algorithm is flawed and should be discouraged - if noone can clarify this and improve documentation on password encryption for strong encryption #71 is invalid, we should simply cose it. Otherwise we need to take action with the next points.
- we understand what algorithm should be our best-practice
- we practically proof the usage with the new algorithm on a running example application
- we change this documentation with concrete steps so all steps and example configs and outputs match to the new algorithm
| [source, bash] | ||
| ---- | ||
| ----ARGUMENTS------------------- | ||
| ----- ARGUMENTS ``` |
There was a problem hiding this comment.
is this valid AsciiDoc?
Either
[source, «type»]
---
or
\```
will start a code block.
If you did rerun jasypt with more recent algorithm you are more than welcome to replace this output examples here. However, I do not understand these changes here...
| ==== Configure Algorithm | ||
| Algorithm can be configured for stronger encryption. Jasypt uses PBEWITHHMACSHA512ANDAES_256 as the Default encryption algorithm. | ||
| Algorithm can be configured through System, properties file, command line argumments, environment variable etc. | ||
|
|
||
| [source, java] | ||
| ---- | ||
| StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); | ||
| String privateData = "secret-password-to-encrypt"; | ||
| encryptor.setPassword("master-password"); | ||
| encryptor.setAlgorithm("PBEWithMD5AndTripleDES"); | ||
| String encryptedText = encryptor.encrypt(privateData); | ||
| ---- | ||
|
|
||
| Other configurable properties can be found https://github.com/ulisesbocchio/jasypt-spring-boot#password-based-encryption-configuration[here] |
There was a problem hiding this comment.
Very nice improvement. Still it is unclear what to do? Which algorithm should we use now?
There was a problem hiding this comment.
@sujith-mn thanks for your updates. I am approving. However, I still have one concern:
If we override the encryption algorithm manually in the jasypt CLI we IMHO also have to configure that in springs application.properties, right?
Did you test this and ensure that the password can be decrypted by the devon4j template application following this guide?
Otherwise if the new version of Jasypt has changed the encryption algorithm, do we still need to provide it in the jasypt CLI?
Appart from this last point this is ready for merge.
Yes, if other than default algorithm required, it needs to be used in the CLI, it has to be configured in the
Yes
If the algorithm is not provided in the CLI, jasypt considers the default algorithm. |
hohwille
added
configuration
Implements issue #71 (update doc for password encryption with secure algorithm for jasypt) and replaces PR #298.