 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / October 2007Cryptography Key Storage question
Hello, I am developing a simple class to encrypt/decrypt passwords for storage in a configuration file (XML based). Currently, the key for the cryptography is stored as a static byte[] in my cryptograpy class. I imagine that this is not very secure, for when I compile it, I can easily decompile it to retrieve the key. What is the standard method for storing a symmetric key in this sort of instance? A single applet is used to store and retrieve the key from the configuration file. Thank you! James 2 things you could do are to store the key in a java keystore, PKCS12 file, or PKCS11 based hardware token or derive the key every time you need it using one of the password-based encryption algorithms (http:// java.sun.com/javase/6/docs/technotes/guides/security/ StandardNames.html#SecretKeyFactory, look at the ones starting with PBE, http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.ht ml#SecretKeyFactory). Both would require some user input every time you run the program or you'd need to hardcode the password into the code which isn't much better than hardcoding a key. Dave epilot2...@bellsouth.net wrote: > Hello, > [quoted text clipped - 9 lines] > Thank you! > James Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.