grails jasypt encryption plugin

Report

Tags:

Post on 17-May-2015

5.532 Views

Category:

Technology

6 Downloads

Preview:

Click to see full reader

DESCRIPTION

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

TRANSCRIPT

Grails Jasypt Encryption

by Ted Naleid

Who am I?

Overview

What is it?

Why did we need it?

Advantages

Limitations

How is it used?

What Is It?

grails plugin that integrates strong encryption into GORM

allows field-level encryption on any domain object or field type

import com.bloomhealthco.jasypt .GormEncryptedStringType

class Member { String name String ssn

static mapping = { ssn type: GormEncryptedStringType }}

integrated into domain objects

built on Jasypt Simplified Encryption framework

Jasypt leverages Java Cryptography Extensions (JCE)

Bouncy Castle JCE provider jar included

(you can still use any JCE compatible encryptors you want)

Why did we need it?

constant automated hacking attempts happen on every computer

on the public internet

cloud computing potentially adds security weak points

if you have users, you have data to protect

social security numbers

medical claims/PHI

credit card numbers

birth dates

security question answers

full disk encryption has many drawbacks and limitations

field level encryption lets you protect the sensitive things – everything else is at full speed

don’t need to outrun the bear

advantages

encrypt only what you need to

strongly protects info even if your database gets rooted or someone

steals a database dump

painless integration into your domain

Limitations

encrypted fields take up extra space in database

import com.bloomhealthco.jasypt .GormEncryptedStringType

class Member { String name String ssn

static mapping = { ssn type: GormEncryptedStringType }

static constraints = { ssn( matches: '^\\d{3}-\\d{2}-\\d{4}$', maxSize: 44 // unencrypted 11 ) }}

currently need to use two grails

validators

breaks using field in WHERE clause(so dynamic finders for this field don’t work)

How is it used?

grails install-plugin jasypt-encryption

how do I install it?

// add to Config.groovy or external config file

jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000}

how do I configure it?

% cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable.grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128;};

what encryption does Java allow by default?

% cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength.grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };

what you actually want(download “unlimited” crypto jar from Sun^wOracle)

import com.bloomhealthco.jasypt.GormEncryptedStringType

class Member { String name String ssn

static mapping = { ! ssn type: GormEncryptedStringType }}

after that, it’s easy

all encrypted values stored as strings in the database

java.lang.String supported out of the box

just implement 3 methods

protected Object convertToObject(String)

protected String convertToString(Object)

public Class returnedClass()

encrypt your own objects

import org.jasypt.hibernate.type.AbstractGormEncryptedStringType

public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType {

protected Object convertToObject(String string) { new MyObject(string) }

protected String convertToString(Object object) {MyObject.toString()

}

public Class returnedClass() { MyObject }}

create your own GORM encrypted type

class Foo { MyClass value

static mapping = { ! value type: GormEncryptedMyObjectType }}

then use it in your mapping

Quick Demo

Links

Grails Jasypt Pluginhttp://bitbucket.org/tednaleid/grails-jasypt/wiki

Jasypthttp://www.jasypt.org/

Bouncy Castle (AES)http://www.bouncycastle.org/java.html

Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)

http://bitbucket.org/tednaleid/grails-jasypt/wiki/Home
http://bitbucket.org/tednaleid/grails-jasypt/wiki/Home
http://www.jasypt.org
http://www.jasypt.org
http://www.bouncycastle.org/java.html
http://www.bouncycastle.org/java.html
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Questions?

top related

migrating from grails 2 to grails 3
Technology
grails audit logging plugin - github pages · previously,...
Documents
grails notes
Documents
grails transactions
Software
gr8conf 2009. the grails plugin system by graeme rocher
Art & Photos
elasticsearch plugin - reference documentation · the...
Documents
grails transactions
Technology
coopbioplat argentina's status - gbif · grails...
Documents
grails audit logging plugin - github pages...the audit...
Documents
neo4 + grails
Technology
spring security core plugin - reference...
Documents
grails presentations
Documents
grails fast, robust and plugin-based web development with...
Documents
grails basics
Technology
elasticsearch plugin - reference documentation · chapter...
Documents
grails - crud
Documents
grails audit logging plugin...plugin create the...
Documents
hacking the grails spring security 2.0 plugin
Software
demystifying spring security in grails - burt beckwith...
Documents
practical grails
Technology