Network Security: Detailed info on Java keystore password storage

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security SecProg

[Top] [All Lists]

Java keystore password storage

from [john bart] Network Security

[Permanent Link]

Subject:	Java keystore password storage
Date:	Mon, 25 Apr 2005 07:55:43 +0000

Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:

keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");

the question is, where do i store the password string? all of the possibilities that i thought about are not good enough: 1) storing it in the code - obviously not. 2) storing it in a seperate config file is also not secure. 3) entering the password at runtime is not an option. 4) encrypting the password - famous chicken and egg problem (storing the encryption key)

Any ideas?

_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Java keystore password storage, john bart <= Re: Java keystore password storage, Fredrik Hesse RE: Java keystore password storage, Michael Howard Re: Java keystore password storage, black love

Previous by Date:	Recon 2005 - Speakers list, hfortier
Next by Date:	Re: Java keystore password storage, Fredrik Hesse
Previous by Thread:	Recon 2005 - Speakers list, hfortier
Next by Thread:	Re: Java keystore password storage, Fredrik Hesse
Indexes:	[Date] [Thread] [Top] [All Lists]