英文:
What are these strange question marks, produced by jasypt?
问题
StringEncryptor
接口在运行时解析为DefaultLazyEncryptor
,而应该根据是否配置了密码解析为PooledPBEStringEncryptor
。尽管我已配置密码,但问题仍然存在。通过@Autowired
方式检查密码时,解密后的值类似于预期,但包含多个特殊字符,如:"e��w����a85..."。手动配置PooledPBEStringEncryptor
解决了这个问题。@Autowired发生了什么?
英文:
In order to write a test that shows that jasypt is doing what it ought to, I found this interface, StringEncryptor
, which can be conveniently @Autowired. The problem is though that, for me, it resolves to DefaultLazyEncryptor
at runtime, it is supposed to resolve to a PooledPBEStringEncryptor
, depending on whether a password is configured. I have configured a password, still there is nothing. My debugger claims that it is still a DefaultLazyEncryptor
. I have created a test for comparison which checks the password --@Value("${the.property.from.config}")
-- in 2 ways. Firstly with @Autowired
, as above; the decrypted value is similar to what it should be, however it contains multiple special characters like this: ""e��w����a85...", and a test in which I have manually configured a PooledPBEStringEncryptor
, with the correct algorithm and password. Unsurprisingly, this resolves the correct value. What is going on with @Autowired?
答案1
得分: 1
加密算法的输出是原始数据的字节。一个字节可以具有从0到255的任何值,在适当的加密算法中,这些数字将在所有这些值上有效地随机分布。并不是这些数字的每个序列都是有效的UTF-8。事实上,大多数随机字节序列都不是有效的UTF-8。这就是为什么加密算法的输出不能像字符串一样直接打印出来。如果你想显示它们,需要使用诸如Base64或十六进制编码之类的方法对这些字节进行编码。
当UTF-8解码系统找到无效的字节序列时,它们会用�来替换,这在Unicode中被称为替代字符,专门用于此目的。这就是你在这里看到的东西。
英文:
The output of encryption algorithms is raw bytes of data. A byte can have any value between 0 and 255, and in a proper encryption algorithm those numbers will will be effectively random across all those values. Not every sequence of those numbers is valid UTF-8. In fact, most random sequences of bytes will not be valid UTF-8. This is why the output of encryption algorithms cannot just be printed as if they were strings. You need to encode those bytes using something like Base64 or hex encoding if you want to display them.
When UTF-8 decoding systems find an invalid sequence of bytes, they replace it with �, which is called REPLACEMENT CHARACTER in Unicode, and is specifically for this purpose. That's what you're seeing here.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论