SlideShare ist ein Scribd-Unternehmen logo

Grails Jasypt Encryption Plugin

T
Ted Naleid

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Technologie
1 von 39
Downloaden Sie, um offline zu lesen
Grails Jasypt Encryption by Ted Naleid
Who am I?
Overview What is it? Why did we need it? Advantages Limitations How is it used?
What Is It?
grails plugin that integrates strong encryption into GORM
allows field-level encryption on any domain object or field type
import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
built on Jasypt Simplified Encryption framework
Jasypt leverages Java Cryptography Extensions (JCE)
Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
Why did we need it?
constant automated hacking attempts happen on every computer on the public internet
cloud computing potentially adds security weak points
if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
full disk encryption has many drawbacks and limitations
field level encryption lets you protect the sensitive things – everything else is at full speed
don’t need to outrun the bear
advantages
encrypt only what you need to
strongly protects info even if your database gets rooted or someone steals a database dump
painless integration into your domain
Limitations
encrypted fields take up extra space in database
import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
breaks using field in WHERE clause (so dynamic finders for this field don’t work)
How is it used?
how do I install it? grails install-plugin jasypt-encryption
how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
all encrypted values stored as strings in the database
java.lang.String supported out of the box
just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
Quick Demo
Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
Questions?

Empfohlen

A Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteA Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteRichard Steenbergen
 
Cubic
CubicCubic
Cubicdeawoo Kim
 
NS3 Overview
NS3 OverviewNS3 Overview
NS3 OverviewRahul Hada
 
Tutorial ns 3-tutorial-slides
Tutorial ns 3-tutorial-slidesTutorial ns 3-tutorial-slides
Tutorial ns 3-tutorial-slidesVinayagam D
 
Testbeds IntErconnections with L2 overlays - SRv6 for SFC
Testbeds IntErconnections with L2 overlays - SRv6 for SFCTestbeds IntErconnections with L2 overlays - SRv6 for SFC
Testbeds IntErconnections with L2 overlays - SRv6 for SFCStefano Salsano
 
Sctp tutorial
Sctp tutorialSctp tutorial
Sctp tutorialSusant Sahani
 
One-Time Pad Encryption
One-Time Pad EncryptionOne-Time Pad Encryption
One-Time Pad EncryptionCharles Southerland
 
wireshark
wiresharkwireshark
wiresharkMirza Baig
 

Empfohlen

A Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteA Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteRichard Steenbergen
 
Cubic
CubicCubic
Cubicdeawoo Kim
 
NS3 Overview
NS3 OverviewNS3 Overview
NS3 OverviewRahul Hada
 
Tutorial ns 3-tutorial-slides
Tutorial ns 3-tutorial-slidesTutorial ns 3-tutorial-slides
Tutorial ns 3-tutorial-slidesVinayagam D
 
Testbeds IntErconnections with L2 overlays - SRv6 for SFC
Testbeds IntErconnections with L2 overlays - SRv6 for SFCTestbeds IntErconnections with L2 overlays - SRv6 for SFC
Testbeds IntErconnections with L2 overlays - SRv6 for SFCStefano Salsano
 
Sctp tutorial
Sctp tutorialSctp tutorial
Sctp tutorialSusant Sahani
 
One-Time Pad Encryption
One-Time Pad EncryptionOne-Time Pad Encryption
One-Time Pad EncryptionCharles Southerland
 
wireshark
wiresharkwireshark
wiresharkMirza Baig
 
SNMP Protocol
SNMP ProtocolSNMP Protocol
SNMP ProtocolMohd Sajjad
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffingguestfa1226
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
Rpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksRpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksLandry Simo
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Optimizing Linux Servers
Optimizing Linux ServersOptimizing Linux Servers
Optimizing Linux ServersDavor Guttierrez
 
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...Seattle Apache Flink Meetup
 
RSA
RSARSA
RSAbansidhar11
 
Tcpdump
TcpdumpTcpdump
TcpdumpTensor
 
ns-3 Tutorial
ns-3 Tutorialns-3 Tutorial
ns-3 Tutorialmathieu_lacage
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTikDidiet Kusumadihardja
 
텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNN텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNNHwanhee Kim
 
Le cryptage et le décryptage
Le cryptage et le décryptageLe cryptage et le décryptage
Le cryptage et le décryptageSKYWARE COMPAGNY
 
Ns3 implementation wifi
Ns3 implementation wifiNs3 implementation wifi
Ns3 implementation wifiSalah Amean
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Building a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedInBuilding a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedInDataWorks Summit
 
DLM knowledge-sharing
DLM knowledge-sharingDLM knowledge-sharing
DLM knowledge-sharingEric Ren
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
Rpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksRpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksLandry Simo
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...Seattle Apache Flink Meetup
 
Tcpdump
TcpdumpTcpdump
TcpdumpTensor
 
텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNN텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNNHwanhee Kim
 
Le cryptage et le décryptage
Le cryptage et le décryptageLe cryptage et le décryptage
Le cryptage et le décryptageSKYWARE COMPAGNY
 
Ns3 implementation wifi
Ns3 implementation wifiNs3 implementation wifi
Ns3 implementation wifiSalah Amean
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Building a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedInBuilding a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedInDataWorks Summit
 
DLM knowledge-sharing
DLM knowledge-sharingDLM knowledge-sharing
DLM knowledge-sharingEric Ren
 

Was ist angesagt? (20)

SNMP Protocol
SNMP ProtocolSNMP Protocol
SNMP Protocol
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Rpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksRpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy Networks
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Optimizing Linux Servers
Optimizing Linux ServersOptimizing Linux Servers
Optimizing Linux Servers
 
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
Approximate Queries and Graph Streams on Apache Flink - Theodore Vasiloudis -...
 
RSA
RSARSA
RSA
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
ns-3 Tutorial
ns-3 Tutorialns-3 Tutorial
ns-3 Tutorial
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
 
텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNN텐서플로우 2.0 튜토리얼 - RNN
텐서플로우 2.0 튜토리얼 - RNN
 
Le cryptage et le décryptage
Le cryptage et le décryptageLe cryptage et le décryptage
Le cryptage et le décryptage
 
Ns3 implementation wifi
Ns3 implementation wifiNs3 implementation wifi
Ns3 implementation wifi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Building a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedInBuilding a Real-time Data Pipeline: Apache Kafka at LinkedIn
Building a Real-time Data Pipeline: Apache Kafka at LinkedIn
 
DLM knowledge-sharing
DLM knowledge-sharingDLM knowledge-sharing
DLM knowledge-sharing
 

Ähnlich wie Grails Jasypt Encryption Plugin

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for ComplianceDataStax
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Positive Hack Days
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance TuningMinh Hoang
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningSean Chittenden
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsAna-Maria Mihalceanu
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersFestGroup
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practicesPGS Software S.A.
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat KorchaginNETWAYS
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with CoherenceJames Bayer
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Arnaud Giuliani
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializableSourabh Sahu
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script appsGary Sieling
 

Ähnlich wie Grails Jasypt Encryption Plugin (20)

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developers
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practices
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializable
 
Hazelcast
HazelcastHazelcast
Hazelcast
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script apps
 

Kürzlich hochgeladen

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Kürzlich hochgeladen (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Grails Jasypt Encryption Plugin

  • 1. Grails Jasypt Encryption by Ted Naleid
  • 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • 5. grails plugin that integrates strong encryption into GORM
  • 6. allows field-level encryption on any domain object or field type
  • 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • 8. built on Jasypt Simplified Encryption framework
  • 9. Jasypt leverages Java Cryptography Extensions (JCE)
  • 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • 11. Why did we need it?
  • 12. constant automated hacking attempts happen on every computer on the public internet
  • 13. cloud computing potentially adds security weak points
  • 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • 15. full disk encryption has many drawbacks and limitations
  • 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  • 17. don’t need to outrun the bear
  • 19. encrypt only what you need to
  • 20. strongly protects info even if your database gets rooted or someone steals a database dump
  • 23. encrypted fields take up extra space in database
  • 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • 26. How is it used?
  • 27. how do I install it? grails install-plugin jasypt-encryption
  • 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • 32. all encrypted values stored as strings in the database
  • 33. java.lang.String supported out of the box
  • 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)