Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / January 2008

Tip: Looking for answers? Try searching our database.

How and where to store a SecretKey

Thread view: 
Enable EMail AlertsStart New Thread
David Segall - 26 Jan 2008 16:52 GMT
The typical tutorial on Java encryption such as
<http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.ht
ml#SimpleEncrEx>
shows you how to generate a SecretKey and use it immediately to
encrypt and decrypt some text. I have not found any guidance on where
I might store the key or what format it is in. How can I store the key
in a database or in a property list?
Reply to this Message
Stefan Ram - 26 Jan 2008 17:06 GMT
>I might store the key or what format it is in

 The key is not »in a format«.

 It is an object.

 An object is being defined by its behavior.

 Some objects have a state that can be serialized
 (written) and be deserialized (read) later.

 If this applies, it should be possible to learn
 more about it in the documentation of the class
 of the object.

 (Notwithstanding the question whether it is wise
 to store a secret key in a database.)
Reply to this Message
Arne Vajhøj - 26 Jan 2008 20:55 GMT
> The typical tutorial on Java encryption such as
> <http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.ht
ml#SimpleEncrEx>
> shows you how to generate a SecretKey and use it immediately to
> encrypt and decrypt some text. I have not found any guidance on where
> I might store the key or what format it is in. How can I store the key
> in a database or in a property list?

SecretKey is serializable and can be stores as such.

But I think it is much more common to store the bytes used
to construct the SecretKey (SecretKeySpec).

Where to store it depends on the context.

Arne
Reply to this Message
Roedy Green - 27 Jan 2008 02:53 GMT
>The typical tutorial on Java encryption such as
><http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.ht
ml#SimpleEncrEx>
>shows you how to generate a SecretKey and use it immediately to
>encrypt and decrypt some text. I have not found any guidance on where
>I might store the key or what format it is in. How can I store the key
>in a database or in a property list?

A good place to put it would be a thumbdrive.  That way it all trace
of it is gone from the computer, and unavailable to hackers.

see http://mindprod.com/bgloss/thumbdrive.html

A thumbdrive just looks like a tiny hard disk to Java.

Signature

Roedy Green, Canadian Mind Products
The Java Glossary, http://mindprod.com

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.