Spring

[SpringBoot] yml, propertise ์„ค์ • ๊ฐ’ ์•”ํ˜ธํ™” (Jasypt)

๋น…์ฝœํŒ 2023. 8. 20. 14:23
728x90
๋ฐ˜์‘ํ˜•

๐Ÿ”’ Jasypt(Java Simplified Encryption)

- ๊ฐœ๋ฐœ์ž๊ฐ€ ์•”ํ˜ธํ™” ์ž‘๋™ ๋ฐฉ์‹์— ๋Œ€ํ•œ ๊นŠ์€ ์ง€์‹์ด ์—†์–ด๋„ ์ตœ์†Œํ•œ์˜ ๋…ธ๋ ฅ์œผ๋กœ ํ”„๋กœ์ ํŠธ์— ๊ธฐ๋ณธ ์•”ํ˜ธํ™” ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ๋Š” ์ž๋ฐ” ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ
- ํ”„๋กœํผํ‹ฐ๋กœ ๊ด€๋ฆฌํ•˜๋Š” DB ๊ณ„์ • ์ •๋ณด์™€ ๊ฐ™์€ ์„ค์ • ๊ฐ’์„ ํ‰๋ฌธ์ด ์•„๋‹Œ ์•”ํ˜ธ๋ฌธ์œผ๋กœ ๊ด€๋ฆฌ
 

๐Ÿก Jasypt Spring Stater ๋™์ž‘ ๋ฐฉ์‹

@SpringBootApplication

 
- ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ๊ตฌ๋™ ๋‹จ๊ณ„์—์„œ ENC(์•”ํ˜ธํ™” ๋œ ๊ฐ’) ํ˜•์‹์˜ ์†์„ฑ์„ ์ฐพ์•„ ๋ณตํ˜ธํ™” ์ˆ˜ํ–‰ ํ›„ ๋ณตํ˜ธํ™” ๋œ ๊ฐ’์œผ๋กœ ์›๋ž˜์˜ ์•”ํ˜ธํ™”๋œ ์†์„ฑ ๊ฐ’ ๋Œ€์ฒด
 

๐Ÿงฉ Jasypt ์ฃผ์š” ๋ฉ”์†Œ๋“œ

KeyRequiredDefault Value
jasypt.encryptor.passwordTrue-
jasypt.encryptor.algorithmFalsePBEWITHHMACSHA512ANDAES_256
jasypt.encryptor.key-obtention-iterationsFalse1000
jasypt.encryptor.pool-sizeFalse1
jasypt.encryptor.provider-nameFalseSunJCE
jasypt.encryptor.provider-class-nameFalsenull
jasypt.encryptor.salt-generator-classnameFalseorg.jasypt.salt.RandomSaltGenerator
jasypt.encryptor.iv-generator-classnameFalseorg.jasypt.iv.RandomIvGenerator
jasypt.encryptor.string-output-typeFalsebase64
jasypt.encryptor.proxy-property-sourcesFalsefalse
jasypt.encryptor.skip-property-sourcesFalseempty list

๋žœ๋ค ์†”ํŠธ ์ƒ์„ฑ๊ธฐ - ๋žœ๋ค ์†”ํŠธ ์ƒ์„ฑ๊ธฐ๋ฅผ ์‚ฌ์šฉํ•˜๋ฏ€๋กœ ๋™์ผํ•œ ๋ฉ”์‹œ์ง€์— ๋Œ€ํ•œ ๋‘๊ฐœ์˜ ์•”ํ˜ธํ™” ๊ฒฐ๊ณผ๊ฐ€ ๋‹ค๋ฆ„
๋ฌด์ž‘์œ„ IV ์ƒ์„ฑ๊ธฐ - IV๋Š” ๋ฌด์ž‘์œ„์—ฌ์•ผ ํ•˜๊ณ  ํ•œ ๋ฒˆ๋งŒ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๋ฏ€๋กœ org.jasypt.RandomIvGenerator๊ฐ€ ๊ถŒ์žฅ ๋จ.
 

๐ŸŽจ ๋Œ€ํ‘œ์ ์ธ Jasypt ์•”ํ˜ธํ™” ์•Œ๊ณ ๋ฆฌ์ฆ˜ 

PBEWithMD5AndDES

- MD5 ํ•ด์‹œ ํ•จ์ˆ˜์™€ DES ๋Œ€์นญํ‚ค ์•”ํ˜ธํ™”๋ฅผ ์กฐํ•ฉํ•˜์—ฌ ๋ฐ์ดํ„ฐ ์•”ํ˜ธํ™”
- ๋น ๋ฅธ ์•”๋ณตํ˜ธํ™” ์†๋„๋ฅผ ๊ฐ€์ง€์ง€๋งŒ ์ƒ๋Œ€์ ์œผ๋กœ ๋ณด์•ˆ์— ์ทจ์•ฝ
 

PBES2WithHmacSHA512AndAES_256 (default)

- HmacSHA512 : Hmac์„ ์‚ฌ์šฉํ•˜์—ฌ SHA-512 ํ•ด์‹œ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๊ตฌํ˜„
- HmacSHA512๋กœ ๋ถ€ํ„ฐ ์ƒ์„ฑ๋œ ํ‚ค๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐ์ดํ„ฐ๋ฅผ AES-256 ์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ์ด์šฉํ•˜์—ฌ ์•”ํ˜ธํ™”

 

๐Ÿ„โ€โ™‚๏ธ ์‚ฌ์šฉ ์˜ˆ์‹œ

build.gradle ์˜์กด์„ฑ ์ถ”๊ฐ€

implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.5'

 

application.yml

jasypt:
  encryptor:
    key: ${jasypt-key}

 

JasyptConfig.java

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class JasyptConfig {

    @Value("${jasypt.encryptor.key}")
    private String key;

    @Bean(name = "jasyptStringEncryptor")
    public StringEncryptor stringEncryptor() {
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword(key); // ์•”ํ˜ธํ™” ํ‚ค
        config.setAlgorithm("PBEWithHMACSHA512AndAES_256"); // ์•”ํ˜ธํ™” ์•Œ๊ณ ๋ฆฌ์ฆ˜
        config.setIvGenerator(new RandomIvGenerator()); // PBE-AES ๊ธฐ๋ฐ˜ ์•Œ๊ณ ๋ฆฌ์ฆ˜์˜ ๊ฒฝ์šฐ IV ์ƒ์„ฑ ํ•„์ˆ˜
        config.setKeyObtentionIterations("1000"); // ๋ฐ˜๋ณตํ•  ํ•ด์‹ฑ ํšŒ์ˆ˜
        config.setPoolSize("1"); // ์ธ์Šคํ„ด์Šค pool
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator"); // salt ์ƒ์„ฑ ํด๋ž˜์Šค
        config.setStringOutputType("base64"); // ์ธ์ฝ”๋”ฉ
        encryptor.setConfig(config);
        return encryptor;
    }
}

 
- application.yml์˜ jasypt.encryptor.key ๊ฐ’์ด ๋…ธ์ถœ๋˜๋ฉด ์•ˆ๋˜๋ฏ€๋กœ ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋กœ ํ• ๋‹น

 

class JasyptConfigTest {

    private static final String SECRET_KEY = "my_secret_key";

    @Test
    void string_encryption() {
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword(SECRET_KEY);
        config.setAlgorithm("PBEWithHMACSHA512AndAES_256");
        config.setIvGenerator(new RandomIvGenerator());
        config.setKeyObtentionIterations("1000");
        config.setPoolSize("1");
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
        config.setStringOutputType("base64");
        encryptor.setConfig(config);

        String originalString = "my_password";

        // ์•”ํ˜ธํ™”
        String encryptedString = encryptor.encrypt(originalString);
        System.out.println("Encrypted String ::: ENC(" + encryptedString + ")");

        // ๋ณตํ˜ธํ™”
        String decryptedString = encryptor.decrypt(encryptedString);
        System.out.println("Decrypted String ::: " + decryptedString);

        assertEquals(originalString, decryptedString);
    }
}

ํ…Œ์ŠคํŠธ ์ฝ”๋“œ๋ฅผ ์‹คํ–‰ํ•ด ๋‚˜์˜จ enc ๊ฐ’์œผ๋กœ ๋Œ€์ฒด
 

๐Ÿง˜ reference

https://github.com/ulisesbocchio/jasypt-spring-boot#use-you-own-custom-encryptor
http://www.jasypt.org/encrypting-texts.html

728x90
๋ฐ˜์‘ํ˜•
์ €์ž‘์žํ‘œ์‹œ

'Spring' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Spring] Service ServiceImpl ๊ตฌ์กฐ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ด ๋ฐ”๋žŒ์งํ•œ๊ฐ€  (0) 2023.03.12
[Spring] Java ๋ฌธ์ž์—ด null, ๋นˆ๊ฐ’, ๊ณต๋ฐฑ์ฒดํฌ ๋ฐฉ๋ฒ• StringUtils.hasText  (0) 2022.10.19

'Spring'์˜ ๋‹ค๋ฅธ๊ธ€

  • ํ˜„์žฌ๊ธ€[SpringBoot] yml, propertise ์„ค์ • ๊ฐ’ ์•”ํ˜ธํ™” (Jasypt)

๊ด€๋ จ๊ธ€

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”