无法从 spring 配置服务器/客户端解密 [英] unable to decrypt from spring config server / cleint
问题描述
我正在尝试使用 Spring 配置服务器和客户端加密和解密配置属性.我有 Spring Boot 应用程序(服务器和客户端),使用服务器我加密了密码属性,在客户端我尝试使用相同的密钥对其进行解密,但出现错误.我试图让配置服务器客户端解密这些最初由配置服务器加密的属性.以下是我遵循的步骤:
I am trying to encrypt and decrypt config properties using Spring config server and client. I have spring boot applications (server and client), using server I have encrypted password property and at client I am trying to decrypt it using same key but getting error. I am trying to enable the config server client to decrypt these properties initially encrypted by config server. Here are the steps I followed:
安装 Full-strength JCE 并替换 JRE lib/security 中的 2 个策略文件
Install Full-strength JCE and replace 2 policy files in JRE lib/security
使用 keytool 生成密钥
generate a key using keytool
keytool -genkeypair -alias config-server-key -keyalg RSA \
-keysize 4096 -sigalg SHA512withRSA -dname "CN=*.domain.com,OU=EUS,O=eusdom,L=City,S=WA,C=US" \
-keypass keyPass -keystore config-server.jks -storepass keys3crt
向 pom 文件添加了云安全依赖项(在配置服务器和客户端 pom 中添加了这些)
Added cloud security dependency to the pom file (added these in both config server and client pom )
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-rsa</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
在 bootstrap.yml 中添加了加密相关的配置(配置服务器和客户端使用的相同值)也尝试了 application.yml
Added the encryption related configurations (the same values used by config server and client) to the bootstrap.yml also tried with application.yml
encrypt:
key-store:
location: file:///D:/encrypt-server/config-server.jks
password: keyPass
alias: config-server-key
secret: keys3crt
我的配置服务器引导程序看起来像这样
My config server bootstrap looks like this
spring:
application:
name: config-service
cloud:
config:
server:
git:
uri: https://github.com/<>/spring-config-repo
encrypt:
enabled: false
server:
port: 8888
使用配置服务器加密 passWord 属性
Encrypt the passWord property using config server
curl -X POST --data-urlencode d3v3L \ http://localhost:8888/encrypt
尝试使用配置服务器解密属性
Try to decrypt the property using config server
curl http://localhost:8888/decrypt -d <encryptedVale>
我收到以下错误
{"timestamp":1472667297292,"status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"Cannot decrypt","path":"/decrypt"}
我尝试使用配置客户端打印加密的属性(注意:我已按照 3,4 添加了依赖项并加密了密钥详细信息)
I try to print the encrypted property using config client (note : I have added the depenencies and encrypt key details as per 3,4)
@RefreshScope
@Component
@RestController
public class Greeter {
@Value("${cassandra.hostnames}")
String hostnames;
@Value("${cassandra.username}")
String userName;
@Value("${cassandra.password}")
String passWord;
@RequestMapping(value = "/", produces = "application/json")
public List<String> index(){
List<String> env = Arrays.asList(
"userName is: " + userName,
"passWord is: " + passWord,
);
return env;
}
}
我收到 java.lang.IllegalStateException:无法解密:key=cassandra.password 错误
注意:我试图用 out 在配置服务器中解密
Note: I tried to decrypt in config server with out
encrypt:
enabled: false
如果我在这里遗漏了什么,请告诉我.感谢您的帮助.
Please let me know if i am missing anything here. Appreciate any help.
推荐答案
用于启用非对称加密的引导程序配置不再默认启用.如果您的项目需要它,可以通过属性或新启动器重新启用它.可以找到指南[这里][1]:https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2020.0-Release-Notes#break-changes
Bootstrap configuration you using to enable asymmetric encryption is no longer enabled by default. If your project requires it, it can be re-enabled by properties or by a new starter. Can find out guideline [here] [1]: https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2020.0-Release-Notes#breaking-changes
要在高于 2.3.x 的 spring boot 版本中启用 bootstrap,我们需要添加 #SpringCloud 引入的新启动器依赖项.
To enable the bootstrap in spring boot version greater than 2.3.x we need to add new starter dependency introduced by #SpringCloud.
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>3.0.1</version>
</dependency>
这篇关于无法从 spring 配置服务器/客户端解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
