250x250
Notice
Recent Posts
Recent Comments
일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | |||
5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | 28 | 29 | 30 | 31 |
Tags
- IntelliJ
- Exception
- ubuntu
- Python
- AJAX
- oracle
- myBatis
- jpa
- MySQL
- SpringBoot
- Tomcat
- Core Java
- Thymeleaf
- error
- 설정
- Eclipse
- Source
- JDBC
- git
- Open Source
- Docker
- Spring Boot
- 문서
- PostgreSQL
- spring
- 오픈소스
- STS
- MSSQL
- maven
- JavaScript
Archives
- Today
- Total
헤르메스 LIFE
Spring Boot 설정파일 암호화 본문
728x90
출처 : https://dejavuhyo.github.io/posts/encrypt-configuration-file-in-springboot/
1. Jasypt
Jasypt(Java Simplified Encryption)는 개발자가 암호화 작동 방식에 대한 깊은 지식 없이도 최소한의 노력으로 자신의 프로젝트에 기본 암호화 기능을 추가할 수 있도록 하는 Java 라이브러리이다.
2. 암호화 설정
1) Dependency 추가
- 설정파일 암호화
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
- 암호 알고리즘
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.69</version>
</dependency>
2) PBEWithMD5AndDES 알고리즘 사용
- JasyptConfigDES.java
import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
@EnableEncryptableProperties
public class JasyptConfigDES {
@Bean("jasyptEncryptor")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("password"); // 암호화 키
config.setAlgorithm("PBEWithMD5AndDES"); // 알고리즘
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
}
- 테스트
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
public class DESEncyptTest {
public static void main(String[] args) {
StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
pbeEnc.setAlgorithm("PBEWithMD5AndDES");
pbeEnc.setPassword("password");
String enc = pbeEnc.encrypt("plain_text");
System.out.println("enc = " + enc);
String des = pbeEnc.decrypt(enc);
System.out.println("des = " + des);
}
}
3) PBEWithSHA256And128BitAES-CBC-BC 알고리즘 사용
SHA256, AES128 사용을 위해 BouncyCastle 라이브러리를 사용한다. BouncyCastle은 PBE(Password Based Encryption)에 보다 많은 알고리즘을 제공해 준다.
- JasyptConfigAES.java
import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
@EnableEncryptableProperties
public class JasyptConfigAES {
@Bean("jasyptEncryptor")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setProvider(new BouncyCastleProvider());
encryptor.setPoolSize(2);
encryptor.setPassword("password"); // 암호화 키
encryptor.setAlgorithm("PBEWithSHA256And128BitAES-CBC-BC"); // 알고리즘
return encryptor;
}
}
- 테스트
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
public class AESEncyptTest {
public static void main(String[] args) {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setProvider(new BouncyCastleProvider());
encryptor.setPoolSize(2);
encryptor.setPassword("password");
encryptor.setAlgorithm("PBEWithSHA256And128BitAES-CBC-BC");
String plainText = "plain_text";
String encryptedText = encryptor.encrypt(plainText);
String decryptedText = encryptor.decrypt(encryptedText);
System.out.println("Enc = " + encryptedText);
System.out.println("Dec = " + decryptedText);
}
}
3. properties 파일 적용
properties 파일에 암호화 bean 이름과 암호화된 내용을 작성한다.
- application.properties
jasypt.encryptor.bean=jasyptEncryptor
spring.datasource.driver-class-name=net.sf.log4jdbc.sql.jdbcapi.DriverSpy
spring.datasource.jdbc-url=ENC(OCVOlP4CAmC/49yWqP4rn/6ZKuleEtEyLJNUh5KjuJEfGzd4iGrFMShHVjoCL6GCeCK9jmArUZO/G7F0jQmsarR6TYMUwag6trEv33e3tcs=)
spring.datasource.username=ENC(MHEf37ImCLMjbioeXLqYCRpgyjUAcZAo88Nq9NbCd4I=)
spring.datasource.password=ENC(BbJAsSr4uISv+mTAw2fN+UTy2dodoDh3++YchPhw5qI=)
[출처 및 참고]
- http://www.jasypt.org/
- https://goateedev.tistory.com/131
- https://elfinlas.github.io/2017/12/21/jsaypt/
728x90
'Spring Framework' 카테고리의 다른 글
[Maven] Dynamic Web Project를 Maven Project 로 Convert 하기 (0) | 2022.11.18 |
---|---|
[개발환경] Spring + Maven + MyBatis + HSQL Simple Web Sample (0) | 2022.08.17 |
[QueryDSL] STS에서 Gradle 사용 시 QueryDSL QClass 생성 설정 (0) | 2022.03.27 |
[Hadoop] VirtualBox 에 HDP Sandbox 환경 구축 (0) | 2021.12.02 |
[Spring Boot] HikariCP를 이용한 Multi Database Connection 샘플 (0) | 2021.07.19 |