All geek questions in one place

Store encryption keys in Java code?

I use JASYPT to encrypt password decryption in our Java based software. This is how we encrypt the password:

StrongTextEncryptor textEncryptor = new StrongTextEncryptor(); textEncryptor.setPassword(PASSWORD_ENCRYPTION_KEY); String ePasswd = textEncryptor.encrypt(txtPasswd);

Now, where and how should I store this PASSWORD_ENCRYPTION_KEY used in the above code? What is the most secure or common way to store and access these keys in a Java program?

Thanks Deep

+4
source share
1 answer

Nowhere ...

You must store PASSWORD_ENCRYPTION_KEY in your program, as this is the wrong approach. As owlstead already stated: you'll need a public key infrastructure

In principle, you can encrypt a PDF for each user who needs to have access to it, so they can decrypt it with their personal private key. This is done in order to encrypt the PDF, say, with AES-256, and then encrypt the used public key from each user . These personally encrypted keys are safe to store.

+2
source

Source: https://habr.com/ru/post/1384572/

More articles:


All Articles