在Heroku上配置Spring TextEncryptor的正确方法是什么？ [英] What is the correct way to configure a spring TextEncryptor for use on Heroku

问题描述

 < bean id =textEncryptorclass =org.springframework。 security.crypto.encrypt.Encryptors
 factory-method =text> 
< constructor-arg value =$ {security.encryptPassword}/> 
< constructor-arg value =$ {security.encryptSalt}/> 
< / bean> 
  

这些属性是馈送的

  security.encryptPassword = 47582920264f212c566d5e5a6d 
 security.encryptSalt = 39783e315e6a207e733d6f4141 
  

在我的本地环境中工作正常。当我部署到Heroku时，我得到

  java.lang.IllegalArgumentException：无法初始化，因为密钥无效
 at org.springframework.security.crypto.encrypt.CipherUtils.initCipher（CipherUtils.java:110）
 at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt（AesBytesEncryptor.java:65）
 at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt（HexEncodingTextEncryptor.java:36）
 ... 
导致：java.security.InvalidKeyException：非法密钥大小$ b $在javax。 crypto.Cipher.checkCryptoPerm（Cipher.java:972）
 at javax.crypto.Cipher.implInit（Cipher.java:738）
 at javax.crypto.Cipher.chooseProvider（Cipher.java:797） 
 at javax.crypto.Cipher.init（Cipher.java:1276）
 at javax.crypto.Cipher.init（Cipher.java:1215）
 at org.springframework.security.crypto .encrypt.CipherUtils.initCipher（CipherUtils.java:105）
 ... 53 more 
  

所以我尝试了一些小键盘，但我一个总是有同样的问题。在Heroku上使用的正确密钥大小是什么？

解决方案

所以我认为我已经完成了Heroku的简单不支持256位AEP，这是Spring-Security使用的股票TextEncoders。

相反，我使用了中的BasicTextEncryptor。 jasypt.org/rel =nofollow noreferrer> Java Simplified Encryption 库作为替代后端并实现了TextEncryptor接口。

它不太安全，但它作品。它不提供salting机制，但我认为在图书馆的其他地方有规定。

如果任何人有任何想法如何让股票加密工作那么我认为heroku就更好。

I have a spring TextEncryptor defined like this

<bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors"
                                                  factory-method="text">
        <constructor-arg value="${security.encryptPassword}" />
        <constructor-arg value="${security.encryptSalt}" />
</bean>

Which is fed these properties

security.encryptPassword=47582920264f212c566d5e5a6d
security.encryptSalt=39783e315e6a207e733d6f4141

Which works fine on my local environment. When I deploy to Heroku I get

java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36)
...
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972)
at javax.crypto.Cipher.implInit(Cipher.java:738)
at javax.crypto.Cipher.chooseProvider(Cipher.java:797)
at javax.crypto.Cipher.init(Cipher.java:1276)
at javax.crypto.Cipher.init(Cipher.java:1215)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105)
... 53 more

So I tried some smaller keys but I always get the same problem. What is the correct key size to use on Heroku?

解决方案

So I think I've concluded Heroku just plain doesn't support 256 bit AEP which is what the stock TextEncoders in spring-security use.

Instead I've used the BasicTextEncryptor from the Java Simplified Encryption library as an alternative backend and implemented the TextEncryptor interface.

It's less secure but it works. It doesn't provide a salting mechanism, though I think there are provisions for that elsewhere in the library.

If anyone has any ideas how to get the stock encryptors working on heroku then that would still be preferable I think.

这篇关于在Heroku上配置Spring TextEncryptor的正确方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！