Secure Coding mailing list archives

Re: Java keystore password storage

From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 25 Apr 2005 20:42:52 +0100

john bart wrote:

Hello to all the list.
I need some advice on where to store the keystore's password.


I don't know the Java functions you're asking about.  Looks like it's
decrypting a file?

It's not possible to securely store the password.  If a program can
decrypt the file, then a program can decrypt the file.  Unless you want
to go for a very narrow definition of "securely store".

Windows has a facility for "secured storage" that becomes accessible
when the user logs in.  It's used for storing sensitive information,
like other passwords.  It's theoretically good for protecting your info
when the machine is off, or a different user is logged in.

                                        Ryan

Current thread:

Java keystore password storage john bart (Apr 25)
- Re: Java keystore password storage Blue Boar (Apr 25)
- Re: Java keystore password storage Nash (Apr 25)
- RE: Java keystore password storage Chris Matthews (Apr 25)
- RE: Java keystore password storage David Crocker (Apr 25)
  - Re: Java keystore password storage Edgar Danielyan (Apr 26)
    - Re: Java keystore password storage Michael Silk (Apr 26)
    - Re: Java keystore password storage Edgar Danielyan (Apr 26)
  - Re: Java keystore password storage Blue Boar (Apr 26)
    - Re: Java keystore password storage ljknews (Apr 26)
  - RE: Java keystore password storage Chris Matthews (Apr 26)
    - Re: Java keystore password storage Nash (Apr 27)

(Thread continues...)