Back to list
Java keystore password storage
Apr 25 2005 07:55AM
john bart (sysadmin256 hotmail com)
Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:
keystore = KeyStore.getInstance("JKS");
the question is, where do i store the password string? all of the
possibilities that i thought about are not good enough:
1) storing it in the code - obviously not.
2) storing it in a seperate config file is also not secure.
3) entering the password at runtime is not an option.
4) encrypting the password - famous chicken and egg problem (storing the
Express yourself instantly with MSN Messenger! Download today it's FREE!
[ reply ]
Copyright 2010, SecurityFocus