4

How can encrypt the data base fields when using the hibernate?

We have developed the product some of the clients are using that application Some clients is asking about the data base encryption Is there any possible to encrypt the data in application level with out more changes in the code.

Please give me the suggestion as soon as possible.

Chandrasekhar
  • 1,205
  • 3
  • 11
  • 17
  • 1
    possible duplicate of [DataBase encryption in Hibernate](http://stackoverflow.com/questions/5619417/database-encryption-in-hibernate) – axtavt Apr 11 '11 at 12:45

4 Answers4

13

Try this:

Put an attribute in your entity:

private byte[]  encryptedBody;

Use this getter and setters:

@Column(columnDefinition= "LONGBLOB", name="encryptedBody") 
@ColumnTransformer(
  read="AES_DECRYPT(encryptedBody, 'yourkey')", 
  write="AES_ENCRYPT(?, 'yourkey')")
public byte[]  getEncryptedBody() {
    return encryptedBody;
}

public void setEncryptedBody(byte[]  encryptedBody) {
    this.encryptedBody = encryptedBody;
}

And then when you retrive the column use:

private final Charset UTF8_CHARSET = Charset.forName("UTF-8");

String decodeUTF8(byte[] bytes) {
    return new String(bytes, UTF8_CHARSET);
}

String s = decodeUTF8(entity.getEncryptedBody());

BEWARE: AES_DECRYPT and AES_ENCRYPT belong to MySQL. If you have a different data base engine find similar functions.

Hope this helps.

Andrés Canavesi
  • 2,164
  • 20
  • 21
  • 2
    Tip for cross DB useage - you could create stored procs (or functions) that handles the encryption and decryption for you, and call those via the @ColumnTransformer annotation. So when you have to port to a other DB, you just need to implement those in the DB itself, and bob is your uncle. – demaniak Nov 14 '13 at 14:09
  • IMHO this is not how encryption should work. The basic idea is that having only access to DB you would not be able to decrypt the value. Then what is the point if there is a built-in or stored procedure to achieve that? I mean normally the client should be responsible for encrypting and decrypting data... – Zilvinas May 13 '16 at 00:28
  • that's solution works perfectly. but are this information converted remotely and send back encrypted, or the encryption will be on hibernate side?(so local to the java process?) – Matt Vegas Feb 28 '19 at 07:03
7

You can use the @ColumnTransformer annotation like this:

@ColumnTransformer(
    read =  "pgp_sym_decrypt(" +
            "    storage, " +
            "    current_setting('encrypt.key')" +
            ")",
    write = "pgp_sym_encrypt( " +
            "    ?, " +
            "    current_setting('encrypt.key')" +
            ") "
)
@Column(columnDefinition = "bytea")
private String storage;

This way, Hibernate will be able to encrypt the entity attribute when you persist or merge it and decrypt it when you read the entity.

Vlad Mihalcea
  • 142,745
  • 71
  • 566
  • 911
3

I think that you are looking for column transformers. You can find how to do it in the Hibernate reference:

http://docs.jboss.org/hibernate/core/3.6/reference/en-US/html/mapping.html#mapping-column-read-and-write

I hope that helps!

Edwin Dalorzo
  • 76,803
  • 25
  • 144
  • 205
1

You could use jasypt. It has an Hibernate integration that allows you to encrypt properties while saving (and decrypt while loading).

http://www.jasypt.org/hibernate.html

Ralph
  • 118,862
  • 56
  • 287
  • 383