Secure Your Spring Boot APIs with RSA: A Hands‑On Encryption & Decryption Guide

Project Introduction

This project demonstrates how to use RSA encryption to protect data returned by Spring Boot APIs, making the API responses unreadable to unauthorized parties.

What Is RSA Encryption?

RSA is an asymmetric encryption algorithm that uses a pair of keys – a public key for encryption and a private key for decryption. Because the private key never leaves its owner, RSA ensures confidentiality and can also be used for digital signatures to guarantee data integrity.

Encryption Scenarios

Scenario 1 – Confidential Message : A generates a key pair, shares the public key with B, B encrypts a command with A’s public key, and A decrypts it with the private key. Even if the public key is intercepted, the message remains secure.

Scenario 2 – Digital Signature : A signs a message with its private key; B verifies the signature with A’s public key. This ensures the message originates from A and has not been altered.

In practice, both encryption and signing are often combined: the sender encrypts the payload with the receiver’s public key and then signs the ciphertext with its own private key.

Encryption in Practice

Below are the steps to enable RSA encryption in a Spring Boot project.

1. Create a Spring Boot Project

Project name:

springboot_api_encryption

2. Add Maven Dependency

<dependency>
    <groupId>cn.shuibo</groupId>
    <artifactId>rsa-encrypt-body-spring-boot</artifactId>
    <version>1.0.1.RELEASE</version>
</dependency>

3. Enable Security Annotation

@SpringBootApplication
@EnableSecurity
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

4. Configure RSA Keys

rsa:
  encrypt:
    open: false   # set true to enable encryption
    showLog: true # log encryption/decryption process
    publicKey:   # RSA public key (generated separately)
    privateKey:  # RSA private key (generated separately)

5. Encrypt API Response

@Encrypt
@GetMapping("/encryption")
public TestBean encryption() {
    TestBean testBean = new TestBean();
    testBean.setName("shuibo.cn");
    testBean.setAge(18);
    return testBean;
}

6. Decrypt API Request

@Decrypt
@PostMapping("/decryption")
public String Decryption(@RequestBody TestBean testBean) {
    return testBean.toString();
}

7. Front‑End RSA Encryption (JavaScript)

var PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobhGH4WMwMvJRUlTxWrCVIOQtsHijAxPJNvAWAgq80ADpFEWrpbcGB9cKqp6XHRH4k/CVtCUZ7jm9UKwhaeAm18sKtcwe+M8JFNX6FSHpgde0o8C9S/QpcmLxf4iN7nGZ7P3ZTvMdmKUcdRMsVQnsydG2Bj6gRxP2+kexEebTeODbdM7dHlkxAL0RxGWmX/ZOBzsoWZw2gKcC0vxwyIZBGHUdImG2T3nEA+VMfK2Yqv3uSYukmlKP+0mjfhrTtLFDuTV1VER9BfryBMvpQCxLO4pqgZnXPd+SOQcZHZ2OL0wqo5OX1+GPYx7TNxz5Qi76pK//T2mH7s6X/BuyT21HQIDAQAB';

function RSA_encryption(jsonData) {
    var encrypt = new JSEncrypt();
    encrypt.setPublicKey('-----BEGIN PUBLIC KEY-----' + PUBLIC_KEY + '-----END PUBLIC KEY-----');
    var encrypted = encrypt.encrypt(JSON.stringify(jsonData));
    console.log('Encrypted data:', encrypted);
    return encrypted;
}

function submit() {
    var payload = {"name":"1223334","password":"asd",age:1};
    $.ajax({
        url: "/decryption",
        type: "POST",
        contentType: "application/json;charset=utf-8",
        data: RSA_encryption(payload),
        success: function(data) { alert(data); }
    });
}

Summary

By integrating RSA encryption and digital signatures into Spring Boot controllers and using a JavaScript client to encrypt request payloads, API data is protected from interception and tampering. The tutorial provides all necessary Maven dependencies, configuration snippets, annotation usage, and front‑end code to build a secure end‑to‑end communication channel.