Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Java keystore password storage

From: Mark <elihusmails () gmail com>
Date: Tue, 03 May 2005 23:23:16 +0100
Entering the password on the command line could be an option if you
choose the Java Invocation API.  I have done this in the past and it
has worked really well.

On 4/25/05, john bart <[EMAIL PROTECTED]> wrote:

Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:

keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");

the question is, where do i store the password string? all of the
possibilities that i thought about are not good enough:
1) storing it in the code - obviously not.
2) storing it in a seperate config file is also not secure.
3) entering the password at runtime is not an option.
4) encrypting the password - famous chicken and egg problem (storing the
encryption key)

Any ideas?

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Previous By Date Next
Previous By Thread Next

Current thread: