Commons Crypto

Commons Crypto provides a simple API to encrypt and decrypt messages and an extensible implementation based on Jasypt.

The Jasypt implementation and Web Console plugin are optional.


Crypto Service

Encrypt a secret message (e.g. service password) and decrypt the ciphertext. The used crypto method is up to the implementation.

public interface CryptoService {

    String encrypt(String message);

    String decrypt(String ciphertext);


Use a reference target to get a particular crypto service, e.g. by names (names should be meaningful e.g. mail or database).

    target = "(names=sample)"
private volatile CryptoService cryptoService;

Password Provider

Password providers are useful when dealing with password-based encryption (PBE, see also RFC 2898).

public interface PasswordProvider {

    char[] getPassword();


File Password Provider

The file-based password provider reads the password for encryption/decryption from a given file.

JasyptStandardPBEStringCryptoService Sample Configuration

Jasypt implementation

The Commons Crypto module provides a crypto service implementation based on the Jasypt StandardPBEStringEncryptor.

The JasyptStandardPBEStringCryptoService requires at least a password provider and an initialization vector (IV) generator (IvGenerator) to set up the internal StandardPBEStringEncryptor.

JasyptStandardPBEStringCryptoService Sample Configuration JasyptRandomIvGeneratorRegistrar Sample Configuration

Web Console Plugin

The plugin (/system/console/sling-commons-crypto-encrypt) allows message encryption with a selected crypto service.

Sling Commons Crypto Encrypt Web Console Plugin

Sample configurations

A module with (minimal) sample configurations can be found in Sling's samples Git repo.

  "jcr:primaryType": "sling:OsgiConfig",
  "names": ["sample"], // names is optional
  "path": "/var/sling/password"

  "jcr:primaryType": "sling:OsgiConfig",
  "algorithm": "SHA1PRNG"

  "jcr:primaryType": "sling:OsgiConfig",
  "names": ["sample"], // names is optional
  "algorithm": "PBEWITHHMACSHA512ANDAES_256"