Float encryption with Jasypt issue_问答_开发者

开发者 https://www.devze.com 2023-03-24 13:41 出处：网络

I need to encrypt float values and I am using Jasypt to achive this. As far as I know, Jasypt does not support float encryption and only supports BigDecimal. Therefore, I am converting float values t

I need to encrypt float values and I am using Jasypt to achive this.

As far as I know, Jasypt does not support float encryption and only supports BigDecimal. Therefore, I am converting float values to BigDecimal.

The conversion is done successfully. Also the encryption and decryption using Jasypt.

Howev开发者_运维百科er, when I persist the encrypted value into the Oracle DB, the value is changed in the DB.

Example of values that I need to persist as it is:

-6542850164453273769179743775075308980128742113.12 -4139490689573544701682206282760323584523816140.64 9936653106931456268018508106437020093773774849.6 -69457501008740608752977363196163239676824308939.2 -512974351190591202428175056439128604458367.320048

I am using Number data type in the oracle.

The questionis, how to save the above values without allowing the DB to change them?

The DB always remove the ( . ) from the value and adds zeros

This value 689612971966376606053641908553771273056281.427984 is saved as: -217333936122185596255723452297898520757000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Why this happens?

You're relying on the number coming out of the database being exactly the same as the number you put in - and while it seems very odd for you to get exactly the results you're getting (in terms of negation) I'm not wholly surprised that it doesn't work in general. You would have to pick your database type really carefully to get the exact value out again - in particular, it would have to have as much precision as the results of the encryption.

It's also not clear whether the encryption relies on the scale of the BigDecimal (i.e. where 1.0 and 1.00 are represented differently). I don't know whether you'll persuade the database to preserve the scale information.

I would strongly advise you to use more normal encryption mechanisms - basically encrypt to binary data, store it as a blob of some kind in the database, and the decrypt from the blob to the original data. You're much less likely to run into subtle representation problems storing a blob in a database than performing floating point to fixed point conversions.

A Java float is an IEEE-754 floating-point number that uses 32 bits of storage.

We can dump these bits into a Java int which is conveniently 32 bits wide, and we can also convert the int back to a float: Float.floatToIntBits(), Float.intBitsToFloat().

Note that the int may be positive or negative; it has the range [−(2³¹), (2³¹) − 1].

Jasypt provides a way to encrypt BigIntegers, so we can convert the int to a BigInteger, encrypt that, and store it in the database.

Here's a sketch of the encryption code:

float x = (... my float value ...);
IntegerNumberEncryptor enc = (... an instance from somewhere ...);

int temp0 = Float.floatToIntBits(x);
BigInteger temp1 = BigInteger.valueOf(temp0);
BigInteger result = enc.encrypt(temp1);
(... store result in database ...)

And a sketch of the decryption code:

BigInteger input = (... get encrypted number from database ...)
IntegerNumberEncryptor enc = (... an instance from somewhere ...)

BigInteger temp0 = enc.decrypt(input);
int temp1 = temp0.intValue();
float result = Float.intBitsToFloat(temp1);
(... now do something with result ...)