Quickly Secure Spring Boot APIs with RSA Encryption – A Simple Guide

RSA encryption overview

RSA is an asymmetric algorithm that uses a public‑key/private‑key pair. The public key can be distributed openly; data encrypted with the public key can only be decrypted with the corresponding private key. A signature created with the private key can be verified with the public key. Security relies on the computational difficulty of factoring large integers.

Confidentiality scenario

In a battlefield analogy, party B encrypts a command for party A using A’s public key. A decrypts the ciphertext with its private key. Only two transmissions occur – public‑key distribution and the encrypted message – and an interceptor cannot recover the plaintext without A’s private key.

Integrity (signature) scenario

Party A signs a reply with its private key; party B verifies the signature using A’s public key. Even if the message is intercepted, it cannot be forged without A’s private key, preventing tampering.

Combined use

For full protection, encrypt the payload with the recipient’s public key and then sign the ciphertext with the sender’s private key.

Implementation in Spring Boot

Create a Spring Boot project named springboot_api_encryption.

Add the required Maven dependencies (the original article shows them as an image; they include the security‑annotation library that enables automatic encryption/decryption).

Annotate the main application class with @EnableSecurity to activate the encryption framework.

Configure the RSA key pair in application.yml or application.properties. Example (values omitted for brevity):

rsa:
  public-key: "-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----"
  private-key: "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----"
  open: false

Annotate controller methods that should be encrypted/decrypted with the provided annotation (e.g., @EncryptResponse and @DecryptRequest – exact names follow the library’s documentation).

For front‑end JavaScript, include jQuery and JSEncrypt:

<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.js"></script>
<script src="https://cdn.bootcdn.net/ajax/libs/jsencrypt/3.0.0-rc.1/jsencrypt.js"></script>

Implement a decryption method on the server side (the article shows it as a code snippet) and a corresponding JavaScript decryption function that uses the public key to encrypt data before sending.

Testing the encrypted API

Run the application and request http://localhost:8080/encryption. The first response is plain text because rsa.open is false. Set rsa.open=true in the configuration, restart the application, and request the same URL again; the response is now an RSA‑encrypted string.

Decryption demo (client as another Spring Boot app)

The client application holds the same RSA key pair. It sends a request to the encrypted endpoint, receives the ciphertext, and decrypts it with the private key. The server retains the private key; the front‑end only needs the public key.

Pitfalls and tips

Front‑end encryption and back‑end decryption are the most error‑prone parts; ensure the JavaScript uses the correct public key and that the encrypted payload is sent with contentType:"application/json; charset=utf-8".

Controller methods that accept encrypted parameters must be annotated with @RequestBody so that the framework can apply the decryption logic.