This little project provides some RSA extensions to the basespring-security-cryptolibrary. Currently supported: encryption and decryption with 2algorithms wrapped up in the Spring Security Crypto interfacesTextEncryptor and BytesEncryptor. Example round trip:

Security

Above we create an encryptor with a random RSA key (the defaultconstructor), and use it to encrypt and then decrypt a message. thedefault constructor is useful for testing, but for more durable usecases you can inject a private key or a KeyPair using the otherconstructors.

The encryption algorithm in the RsaSecretEncryptor is to generate arandom 16-byte password, and use that to encrypt the message. Thepassword is then itself RSA encrypted and prepended to the ciphertext. The cipher test is base64 encoded (if using the TextEncryptorinterface).

Spring Security Generate Random Key Generator

Spring Security Generate Random Key

The other algorithm is in the RsaRawEncryptor which does raw RSAencryption on the whole message. We recommend theRsaSecretEncryptor.

Generate Random Password

May 11, 2017  The encryption algorithm in the RsaSecretEncryptor is to generate a random 16-byte password, and use that to encrypt the message. The password is then itself RSA encrypted and prepended to the cipher text. The cipher test is base64 encoded (if using the TextEncryptor interface). Apr 30, 2019 This step concludes the steps to secure a REST API using Spring Security with token based authentication. In the next step, we will setup a simple Spring Boot web application to test our workflow. Spring Boot Controller. Let’s create a simple Spring Boot controller to test our application: 6.1 Token Controller.

N.B. if you need RSA signing and verification there are utilitiesalready available inspring-security-jwt.

Important Prerequisites: to use Spring Security RSAyou need the full-strength JCE installed in your JVM (it's not there by default).You can download the 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'from Oracle, and follow instructions for installation (essentially replace the 2 policy filesin the JRE lib/security directory with the ones that you downloaded).

Coments are closed
Scroll to top