4

How can encrypt the data base fields when using the hibernate?

We have developed the product some of the clients are using that application Some clients is asking about the data base encryption Is there any possible to encrypt the data in application level with out more changes in the code.

Please give me the suggestion as soon as possible.

Improve this question
1

4 Answers 4

Reset to default
13

Try this:

Put an attribute in your entity:

private byte[]  encryptedBody;

Use this getter and setters:

@Column(columnDefinition= "LONGBLOB", name="encryptedBody") 
@ColumnTransformer(
  read="AES_DECRYPT(encryptedBody, 'yourkey')", 
  write="AES_ENCRYPT(?, 'yourkey')")
public byte[]  getEncryptedBody() {
    return encryptedBody;
}

public void setEncryptedBody(byte[]  encryptedBody) {
    this.encryptedBody = encryptedBody;
}

And then when you retrive the column use:

private final Charset UTF8_CHARSET = Charset.forName("UTF-8");

String decodeUTF8(byte[] bytes) {
    return new String(bytes, UTF8_CHARSET);
}

String s = decodeUTF8(entity.getEncryptedBody());

BEWARE: AES_DECRYPT and AES_ENCRYPT belong to MySQL. If you have a different data base engine find similar functions.

Hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Tip for cross DB useage - you could create stored procs (or functions) that handles the encryption and decryption for you, and call those via the @ColumnTransformer annotation. So when you have to port to a other DB, you just need to implement those in the DB itself, and bob is your uncle.
IMHO this is not how encryption should work. The basic idea is that having only access to DB you would not be able to decrypt the value. Then what is the point if there is a built-in or stored procedure to achieve that? I mean normally the client should be responsible for encrypting and decrypting data...
that's solution works perfectly. but are this information converted remotely and send back encrypted, or the encryption will be on hibernate side?(so local to the java process?)
8

You can use the @ColumnTransformer annotation like this:

@ColumnTransformer(
    read =  "pgp_sym_decrypt(" +
            "    storage, " +
            "    current_setting('encrypt.key')" +
            ")",
    write = "pgp_sym_encrypt( " +
            "    ?, " +
            "    current_setting('encrypt.key')" +
            ") "
)
@Column(columnDefinition = "bytea")
private String storage;

This way, Hibernate will be able to encrypt the entity attribute when you persist or merge it and decrypt it when you read the entity.

Improve this answer

Comments

3

I think that you are looking for column transformers. You can find how to do it in the Hibernate reference:

http://docs.jboss.org/hibernate/core/3.6/reference/en-US/html/mapping.html#mapping-column-read-and-write

I hope that helps!

Improve this answer

Comments

1

You could use jasypt. It has an Hibernate integration that allows you to encrypt properties while saving (and decrypt while loading).

http://www.jasypt.org/hibernate.html

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.