vishwamitra hegde wrote:I am not storing a password. Its just a String which i am using to generate message digest, which is sent to another server for user authentication, and I want to store that String in some way that should not be accessible.
What Jeff explained is this: if your program can get the string out of the secure storage, then so can (in principle) the user, bypassing your program. There is no way that you can securely store something in such a way that only your program can read it and nobody else ever can. A hacker can disassemble your program and find out how it works, and discover how it gets the string out of the secure storage.
In other words, if you rely only on a keystore file on a local computer, it is impossible to make this 100% safe.
What you could do is encrypt the string with a secret key, which is protected by a password. However, you can't store that password anywhere (not even hard-coded in your program) because somebody might find it. The only thing you could do is what Jeff says:
Jeff Verdegan wrote:And when it's time to read that file, a human user who knows the decryption key for the file has to enter it.