Database encryption in Java

Last Updated : 02 Sep, 2020

Basically, encryption is the process or conversion of user data in code or more specifically in the cyphertext form in order to prevent unauthorized access, So, encryption is very much important in today’s world where we all are working on large datasets stored in databases and the credentials of the database must be secured in order to secure the privacy and unauthorized access.

To encrypt our database credentials we will be using Jaspyt api. We can download the jaspyt library from here.

Java Simplified Encryption

Jasypt is a java library which allows the developer to add basic encryption capabilities to the projects with minimum effort, and without writing any code with the help of a few additions in your project here and there. Jasypt is highly configurable.

To encrypt database credentials we’ll be doing these tasks-

Create a POJO class.
Create a properties file.
Create a Java class.

Step 1: Creating a POJO class

So, we have created a Plain java class named Details.java having the actual username and actual password and the keys for username and password having special and non-special characters. The code as follows-

Java

// Creating a POJO class 
  
package com.jdbc; 
  
public class details { 
  
    // Private fields 
    private String key = "@2334dgdfg@#$%dsgdf"; 
    private String user = "root"; 
    private String key2 = "@1567sedf#2@"; 
    private String pass = "root"; 
  
    // Getter methods for private fields 
    public String getKey() { return key; } 
    public String getUser() { return user; } 
    public String getKey2() { return key2; } 
    public String getPass() { return pass; } 
}

Step 2: Create an empty Properties file

Database encryption in Java - Create an empty properties file

Step 3- Create a MainConnecton class named TestJDBC2.java having all the lines of codes required for encryption and decryption process. We have used javax.crypto.Cipher Class, java.security.MessageDigest Abstract Class, org.jasypt.util.text.BasicTextEncryptor FinalClass which will be going to perform the encryption and decryption process.

So. First, we will going to use the key defined in the details.java file for encryption and decryption process of both username and password and will be going to call encrypt and decrypt method of BasicTextEncryptor class.

Now let’s see the code-

Java

// Creating a java class 
  
package com.jdbc; 
  
import java.sql.Connection; 
import java.io.*; 
import java.sql.DriverManager; 
import java.sql.SQLException; 
import java.util.Properties; 
import java.security.MessageDigest; 
import javax.crypto.Cipher; 
  
import org.jasypt.util.text.BasicTextEncryptor; 
  
public class TestJdbc2 { 
    public static void main(String[] args) 
        throws ClassNotFoundException, SQLException, 
               IOException 
    { 
  
        // Fethches the system property 
        String path = System.getProperty("user.dir"); 
        System.out.println("Working Directory = " + path); 
  
        // Creating a FileReader and specified the 
        // name of the file to read from 
        FileReader reader = new FileReader( 
            path + "/src/config.properties"); 
  
        Properties p = new Properties(); 
  
        // Reads a property list from the input byte stream 
        p.load(reader); 
        details dt = new details(); 
        BasicTextEncryptor bte = new BasicTextEncryptor(); 
  
        // Getting key from details class object and 
        // set the password for encryption and decryption 
        bte.setPassword(dt.getKey()); 
  
        // Encrypt the message 
        String encryptedid = bte.encrypt(dt.getUser()); 
  
        // Set the system property 
        p.setProperty("username", encryptedid); 
        BasicTextEncryptor bte1 = new BasicTextEncryptor(); 
  
        // Setting a password 
        bte1.setPassword(dt.getKey2()); 
  
        // Encrypt the password 
        String encryptedps = bte1.encrypt(dt.getPass()); 
        p.setProperty("password", encryptedps); 
  
        // Writes the property list in the properties table 
        // to the output character stream in a format 
        // suitable for using load method 
        p.store( 
            new FileWriter(path + "/src/config.properties"), 
            " Properties Data"); 
  
        // Load the driver class into the memory at the 
        // runtime 
        Class.forName("com.mysql.cj.jdbc.Driver"); 
  
        // Establishes the connection and decrypt the 
        // encryptedid and encryptedps 
        Connection conn = DriverManager.getConnection( 
            "jdbc:mysql://localhost:3306/test", 
            bte.decrypt(encryptedid), 
            bte1.decrypt(encryptedps)); 
        System.out.println("Connection successful!!!"); 
        System.out.println("Done"); 
    } 
}

As can be seen the process of encryption and decryption clearly in this code. After the execution of this code, the encrypted username and password can be seen in the Config.properties file.

Database encryption in Java - seen the process of encryption and decryption

As Salt Algorithm processing can be clearly seen in the console process.

Now, let’s have a look at the Config.properties file-

Database encryption in Java - encrypted username and password can be seen in config properties file

As the encrypted credentials can be seen clearly in the Config. Properties file and the original database credentials are in the details.java but the Connection properties are fetching the details from properties file in the encrypted form and decrypting the same to communicate with the database servers.

So now the database encryption is an easy task for all of us in Java.

Suggest improvement

Asymmetric Encryption Cryptography in Java

Share your thoughts in the comments