SlideShare uma empresa Scribd logo

Grails Jasypt Encryption Plugin

T
Ted Naleid

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Tecnologia
1 de 39
Baixar para ler offline
Grails Jasypt Encryption by Ted Naleid
Who am I?
Overview What is it? Why did we need it? Advantages Limitations How is it used?
What Is It?
grails plugin that integrates strong encryption into GORM
allows field-level encryption on any domain object or field type
import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
built on Jasypt Simplified Encryption framework
Jasypt leverages Java Cryptography Extensions (JCE)
Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
Why did we need it?
constant automated hacking attempts happen on every computer on the public internet
cloud computing potentially adds security weak points
if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
full disk encryption has many drawbacks and limitations
field level encryption lets you protect the sensitive things – everything else is at full speed
don’t need to outrun the bear
advantages
encrypt only what you need to
strongly protects info even if your database gets rooted or someone steals a database dump
painless integration into your domain
Limitations
encrypted fields take up extra space in database
import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
breaks using field in WHERE clause (so dynamic finders for this field don’t work)
How is it used?
how do I install it? grails install-plugin jasypt-encryption
how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
all encrypted values stored as strings in the database
java.lang.String supported out of the box
just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
Quick Demo
Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
Questions?

Recomendados

Symmetric Key Algorithm
Symmetric Key AlgorithmSymmetric Key Algorithm
Symmetric Key AlgorithmSHUBHA CHATURVEDI
 
Santander
SantanderSantander
SantanderJohn C. Erickson
 
Cryptanalysis
CryptanalysisCryptanalysis
CryptanalysisSou Jana
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Information and data security advanced encryption standard (aes)
Information and data security advanced encryption standard (aes)Information and data security advanced encryption standard (aes)
Information and data security advanced encryption standard (aes)Mazin Alwaaly
 
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmit
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmitDistributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmit
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmitPablo Junco
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.pptssuserec53e73
 

Recomendados

Symmetric Key Algorithm
Symmetric Key AlgorithmSymmetric Key Algorithm
Symmetric Key AlgorithmSHUBHA CHATURVEDI
 
Santander
SantanderSantander
SantanderJohn C. Erickson
 
Cryptanalysis
CryptanalysisCryptanalysis
CryptanalysisSou Jana
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Information and data security advanced encryption standard (aes)
Information and data security advanced encryption standard (aes)Information and data security advanced encryption standard (aes)
Information and data security advanced encryption standard (aes)Mazin Alwaaly
 
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmit
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmitDistributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmit
Distributed Ledger Technology (DLT) beyond blockchain #BlockchainSubmitPablo Junco
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.pptssuserec53e73
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Crypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrencyCrypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrencyLucky Ali Saifi
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Market Strategies Using Options
Market Strategies Using OptionsMarket Strategies Using Options
Market Strategies Using OptionsNavin Bafna
 
Blockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesBlockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesSébastien Tandel
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Ch9
Ch9Ch9
Ch9Mahender Kumar
 
Data Mining
Data MiningData Mining
Data MiningIIIT ALLAHABAD
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Quantitative Trading
Quantitative TradingQuantitative Trading
Quantitative Tradingfuturewardcentral
 
XOR Cipher
XOR CipherXOR Cipher
XOR CipherGarmian
 
Des lecture
Des lectureDes lecture
Des lectureANIKET UTTAM
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformCoin Sciences Ltd
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 

Mais conteúdo relacionado

Mais procurados

Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Crypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrencyCrypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrencyLucky Ali Saifi
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Market Strategies Using Options
Market Strategies Using OptionsMarket Strategies Using Options
Market Strategies Using OptionsNavin Bafna
 
Blockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesBlockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesSébastien Tandel
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
XOR Cipher
XOR CipherXOR Cipher
XOR CipherGarmian
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformCoin Sciences Ltd
 

Mais procurados (20)

Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Crypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrencyCrypto currency and bitcoin, risk and benefits of cryptocurrency
Crypto currency and bitcoin, risk and benefits of cryptocurrency
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Market Strategies Using Options
Market Strategies Using OptionsMarket Strategies Using Options
Market Strategies Using Options
 
Blockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesBlockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challenges
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Ch9
Ch9Ch9
Ch9
 
Data Mining
Data MiningData Mining
Data Mining
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Quantitative Trading
Quantitative TradingQuantitative Trading
Quantitative Trading
 
XOR Cipher
XOR CipherXOR Cipher
XOR Cipher
 
Des lecture
Des lectureDes lecture
Des lecture
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platform
 

Semelhante a Grails Jasypt Encryption Plugin

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for ComplianceDataStax
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Positive Hack Days
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance TuningMinh Hoang
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningSean Chittenden
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsAna-Maria Mihalceanu
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersFestGroup
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practicesPGS Software S.A.
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat KorchaginNETWAYS
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with CoherenceJames Bayer
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Arnaud Giuliani
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializableSourabh Sahu
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script appsGary Sieling
 

Semelhante a Grails Jasypt Encryption Plugin (20)

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developers
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practices
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializable
 
Hazelcast
HazelcastHazelcast
Hazelcast
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script apps
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Grails Jasypt Encryption Plugin

  • 1. Grails Jasypt Encryption by Ted Naleid
  • 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • 5. grails plugin that integrates strong encryption into GORM
  • 6. allows field-level encryption on any domain object or field type
  • 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • 8. built on Jasypt Simplified Encryption framework
  • 9. Jasypt leverages Java Cryptography Extensions (JCE)
  • 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • 11. Why did we need it?
  • 12. constant automated hacking attempts happen on every computer on the public internet
  • 13. cloud computing potentially adds security weak points
  • 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • 15. full disk encryption has many drawbacks and limitations
  • 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  • 17. don’t need to outrun the bear
  • 19. encrypt only what you need to
  • 20. strongly protects info even if your database gets rooted or someone steals a database dump
  • 23. encrypted fields take up extra space in database
  • 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • 26. How is it used?
  • 27. how do I install it? grails install-plugin jasypt-encryption
  • 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • 32. all encrypted values stored as strings in the database
  • 33. java.lang.String supported out of the box
  • 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)