In order to write a test that shows that jasypt is doing what it ought to, I found this interface, StringEncryptor, which can be conveniently @Autowired. The problem is though that, for me, it resolves to DefaultLazyEncryptor at runtime, it is supposed to resolve to a PooledPBEStringEncryptor, depending on whether a password is configured. I have configured a password, still there is nothing. My debugger claims that it is still a DefaultLazyEncryptor. I have created a test for comparison which checks the password --@Value("${the.property.from.config}")-- in 2 ways. Firstly with @Autowired, as above; the decrypted value is similar to what it should be, however it contains multiple special characters like this: ""e��w����a85...", and a test in which I have manually configured a PooledPBEStringEncryptor, with the correct algorithm and password. Unsurprisingly, this resolves the correct value. What is going on with @Autowired?
The output of encryption algorithms is raw bytes of data. A byte can have any value between 0 and 255, and in a proper encryption algorithm those numbers will will be effectively random across all those values. Not every sequence of those numbers is valid UTF-8. In fact, most random sequences of bytes will not be valid UTF-8. This is why the output of encryption algorithms cannot just be printed as if they were strings. You need to encode those bytes using something like Base64 or hex encoding if you want to display them.
When UTF-8 decoding systems find an invalid sequence of bytes, they replace it with �, which is called REPLACEMENT CHARACTER in Unicode, and is specifically for this purpose. That's what you're seeing here.