The salt is applied for each encryption operation because a different salt is used for each message that is encrypted.
The initialize()
method executes only once, with the information that will be common to all executions (i.e. the encryption key). Whereas the encrypt()
method has to take care of the encryption parameters --iteration count and salt--, which are different (the salt is) for each encryption operation.
The only way to improve performance of those encrypt()
and decrypt()
operations is therefore avoiding to produce a different salt for each message being encrypted, and that means having a fixed-salt generator. Jasypt 1.9.2 includes an improvement that detects whether such salt generation strategy is being used, and in such case avoids calling Cipher#init(...)
with every encryption operation. Refer to the change log for more info: http://www.jasypt.org/changelogs/jasypt/ChangeLog.txt
Disclaimer, per StackOverflow rules: I'm jasypt's author.