All geek questions in one place

Java Data Encryption / Decryption

I have a spring -mvc stack that stores data in MySQL. Some of this data needs to be protected, so I think I should encrypt it. Since I may need to use this data later (credit cards, SSN, others), so I will need to decrypt it. I think this excludes hashing.

There seem to be several approaches, including Java crypto packages. Shiro seems to have good features like Blowfish-x. And I see that MySQL supports encryption / decryption. I'm not sure I will use MySQL in the long run.

My question is: what is the best approach for a web application Java application to securely store some user data?

+4
source share
1 answer

When it comes to storing protected data, you should ask yourself a few basic questions:

  • Should I store the source data or verify its identity (=> using hash algorithms)
  • If I use encryption, how will I store my keys?
  • I need public key cryptography (asymmetric) (=> using pki and certificates)

These are the main problems that you have.

Then, technically, the best way to implement it is to ask which library you have to choose. Take a look at http://www.bouncycastle.org/ .

0
source

Source: https://habr.com/ru/post/1502052/

More articles:


All Articles