Implementing RSA Encryption and Decryption in Spring Boot APIs

In order to protect data transmitted through APIs, this article demonstrates the use of RSA asymmetric encryption in a Spring Boot project, allowing automatic encryption of response bodies and decryption of incoming parameters via custom annotations.

What is RSA? RSA is a public‑key cryptosystem that uses a pair of keys (public and private) to encrypt and decrypt data, ensuring confidentiality and integrity without sharing secret keys directly.

Two illustrative scenarios are presented: one where a sender encrypts a message with the receiver’s public key, and another where the sender signs a message with its private key for verification using the public key.

Practical implementation steps:

1. Create a Spring Boot project

Project name: springboot_api_encryption

2. Add Maven dependency

<dependency>
    <groupId>cn.shuibo</groupId>
    <artifactId>rsa-encrypt-body-spring-boot</artifactId>
    <version>1.0.1.RELEASE</version>
</dependency>

3. Enable encryption annotation

@SpringBootApplication
@EnableSecurity
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

4. Configure RSA keys in application.yml or application.properties

rsa:
  encrypt:
    open: false   # set true to enable encryption
    showLog: true
    publicKey: # generated RSA public key
    privateKey: # generated RSA private key

5. Annotate controller methods

@Encrypt
@GetMapping("/encryption")
public TestBean encryption() {
    TestBean testBean = new TestBean();
    testBean.setName("shuibo.cn");
    testBean.setAge(18);
    return testBean;
}

6. Decrypt incoming data

@Decrypt
@PostMapping("/decryption")
public String Decryption(@RequestBody TestBean testBean) {
    return testBean.toString();
}

When open is set to true , API responses are returned encrypted; otherwise they are plain.

Front‑end JavaScript encryption

<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.js"></script>
<script src="https://cdn.bootcdn.net/ajax/libs/jsencrypt/3.0.0-rc.1/jsencrypt.js"></script>

var PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...';
function RSA_encryption(jsonData) {
    var encrypt = new JSEncrypt();
    encrypt.setPublicKey('-----BEGIN PUBLIC KEY-----' + PUBLIC_KEY + '-----END PUBLIC KEY-----');
    var encrypted = encrypt.encrypt(JSON.stringify(jsonData));
    console.log('Encrypted data:', encrypted);
    return encrypted;
}
function tijiao() {
    var str = {"name":"1223334","password":"asd",age:1};
    $.ajax({
        url: "/decryption",
        type: "POST",
        contentType: "application/json;charset=utf-8",
        data: RSA_encryption(str),
        success: function(data) { alert(data); }
    });
}

After starting the Spring Boot application, accessing http://localhost:8080/encryption returns encrypted data when encryption is enabled, and the front‑end can send encrypted payloads that are automatically decrypted on the server.

Conclusion – By integrating RSA encryption/decryption into Spring Boot APIs and using a simple JavaScript library on the client side, developers can protect API traffic from eavesdropping and tampering, providing a robust security layer for web services.