HomeKnowledge baseSpring Boot
Explore Knowledge Base

Spring Boot

30. 01. 2025

The currently used version of the database is 2.7:
Spring BootSpring Boot Reference Documentation

Spring Boot 2.7 leverages several cryptographic algorithms for different purposes, primarily through its integration with Spring Security, Java Cryptography Architecture (JCA), and various libraries like BouncyCastle.
Below is a detailed description of the commonly used cryptographic algorithms:

HTTPS/TLS Encryption

Algorithms: AES, RSA, ECDSA, and SHA (SHA-256, SHA-384, SHA-512)

  • Scenario: Secures data transmission over HTTPS by encrypting client and server communication.

  • Details:
    TLS uses a combination of algorithms:

    • Symmetric Encryption: AES (Advanced Encryption Standard) is widely used for encrypting data streams.

    • Asymmetric Encryption: RSA or Elliptic Curve Diffie-Hellman (ECDHE) is used for secure key exchange.

    • Message Integrity: HMAC with SHA (e.g., SHA-256) ensures data integrity.

  • Standards:

Data Encryption

Algorithms: AES, RSA

  • Scenario: Encrypt sensitive data, such as tokens, secrets, or payloads.

  • Details:

    • AES: Used for encrypting sensitive data. For example, encrypting application properties using Spring Cloud Config.

    • RSA: Used for public/private key encryption, such as encrypting data during inter-service communication.

  • Standards:

Digital Signatures

Algorithms: RSA, ECDSA, and HMAC-SHA256

  • Scenario:

    • Signing JSON Web Tokens (JWTs) for stateless authentication.

    • Validating signed requests or data payloads.

  • Details:

    • RSA or ECDSA is used for signing and verifying JWTs in Spring Security OAuth2.

    • HMAC-SHA256 is commonly used for lightweight, symmetric signature generation in token systems.

  • Standards:

Message Digests and Integrity

Algorithms: SHA-256, SHA-384, SHA-512

  • Scenario:

    • Generating hashes for data integrity verification.

    • Used in caching mechanisms or verifying file integrity.

  • Details:

    • Java’s MessageDigest API provides implementations for these hash functions.

    • Commonly used in Spring Security for securing session tokens or verifying CSRF tokens.

  • Standards:

OAuth2 and OpenID Connect

Algorithms: RSA, ECDSA, HMAC-SHA256

  • Scenario:

    • Securing OAuth2 tokens and validating OpenID Connect ID tokens.

    • Configured via Spring Security OAuth2 Client and Resource Server modules.

  • Details:

    • Tokens are signed using RSA or HMAC algorithms for integrity.

    • Public key verification for JWTs is supported through JWK endpoints.

  • Standards: