Java keystore password storage
From: john bart (sysadmin256_at_hotmail.com)
Date: 04/25/05
- Previous message: hfortier: "Recon 2005 - Speakers list"
- Next in thread: Fredrik Hesse: "Re: Java keystore password storage"
- Maybe reply: Fredrik Hesse: "Re: Java keystore password storage"
- Maybe reply: Michael Howard: "RE: Java keystore password storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: comp.lang.java.security@news2mail.com, SC-L@securecoding.org, secprog@securityfocus.com, vuln-dev@securityfocus.com, webappsec@securityfocus.com Date: Mon, 25 Apr 2005 07:55:43 +0000
Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:
keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");
the question is, where do i store the password string? all of the
possibilities that i thought about are not good enough:
1) storing it in the code - obviously not.
2) storing it in a seperate config file is also not secure.
3) entering the password at runtime is not an option.
4) encrypting the password - famous chicken and egg problem (storing the
encryption key)
Any ideas?
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
- Previous message: hfortier: "Recon 2005 - Speakers list"
- Next in thread: Fredrik Hesse: "Re: Java keystore password storage"
- Maybe reply: Fredrik Hesse: "Re: Java keystore password storage"
- Maybe reply: Michael Howard: "RE: Java keystore password storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
