配置用于 Heroku 的 spring TextEncryptor 的正确方法是什么 [英] What is the correct way to configure a spring TextEncryptor for use on Heroku
问题描述
我有一个这样定义的 spring TextEncryptor
I have a spring TextEncryptor defined like this
<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
factory-method="text">
<constructor-arg value="${security.encryptPassword}" />
<constructor-arg value="${security.encryptSalt}" />
</bean>
哪些是由这些属性提供的
Which is fed these properties
security.encryptPassword=47582920264f212c566d5e5a6d
security.encryptSalt=39783e315e6a207e733d6f4141
这在我的本地环境中运行良好.当我部署到 Heroku 时,我得到
Which works fine on my local environment. When I deploy to Heroku I get
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36)
...
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972)
at javax.crypto.Cipher.implInit(Cipher.java:738)
at javax.crypto.Cipher.chooseProvider(Cipher.java:797)
at javax.crypto.Cipher.init(Cipher.java:1276)
at javax.crypto.Cipher.init(Cipher.java:1215)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105)
... 53 more
所以我尝试了一些较小的键,但总是遇到同样的问题.在 Heroku 上使用的正确密钥大小是多少?
So I tried some smaller keys but I always get the same problem. What is the correct key size to use on Heroku?
推荐答案
所以我想我已经得出结论 Heroku 只是简单地不支持 256 位 AEP,这是 spring-security 中使用的股票 TextEncoders.
So I think I've concluded Heroku just plain doesn't support 256 bit AEP which is what the stock TextEncoders in spring-security use.
相反,我使用了 Java Simplified Encryption 库中的 BasicTextEncryptor 作为替代后端并实现了TextEncryptor 接口.
Instead I've used the BasicTextEncryptor from the Java Simplified Encryption library as an alternative backend and implemented the TextEncryptor interface.
它不太安全,但它有效.它不提供加盐机制,但我认为图书馆的其他地方有相关规定.
It's less secure but it works. It doesn't provide a salting mechanism, though I think there are provisions for that elsewhere in the library.
如果有人对如何让股票加密器在 heroku 上工作有任何想法,那么我认为这仍然是可取的.
If anyone has any ideas how to get the stock encryptors working on heroku then that would still be preferable I think.
这篇关于配置用于 Heroku 的 spring TextEncryptor 的正确方法是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
