• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How To Encrypt JavaBean

 
Ranch Hand
Posts: 191
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My mail program stores data in a JavaBean which includes email contacts, host name etc. The JavaBean is serialized and written to a file. I want to be able to keep the data more private. Which is the best method to encrypt the data file without the user having to input a password each time the program starts up.




 
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Isaac Hewitt wrote: Which is the best method to encrypt the data file without the user having to input a password each time the program starts up.



If you don't use some form of password protection for a key store and you don't use Password Based Encryption (PBE) then the encryption key has to be stored somewhere in your program or in a file on disk. If you store it in your code you might be able to obfuscate the key but you can't make it impossible to find after decompiling the application.
 
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
+1 on what James said. Assuming you somehow address the password problem, have a look at javax.crypto.CipherOutputStream
and javax.crypto.CipherInputStream, which solve the technical issue of encrypted I/O. A Cipher of "AES-128" should work fine.
 
Isaac Hewitt
Ranch Hand
Posts: 191
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the key is in the program and I use Lauch4j to turn the jar file into a Windows executable, I believe that should do the trick at keeping prying eyes at bay.
 
James Sabre
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Isaac Hewitt wrote: I believe that should do the trick at keeping prying eyes at bay.



I believe that the moon is made of green cheese and hamburgers and Elvis lives there and bathes every day in the Sea of Tranquillity.
 
Isaac Hewitt
Ranch Hand
Posts: 191
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your very insightful post Lester Burnham.
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As @Lester said, AES-128 is a strong cipher and easy to use.

What is not easy to use is to protect the key used to encipher the data before you serialize it. This may be a serious challenge to your design. If you store the key as a string in the class/source, then someone can decompile the .class file and get the sting constant. Once they get the constant key, they can trivially decipher the data from the disk.

Depending on your threat model, you may be tempted to encode the key with something, but that is always essentially SBO, security by obscurity. And again, a decompile will show exectly what you are doing, and be obvious to the attacker.
 
Hoo hoo hoo! Looks like we got a live one! Here, wave this tiny ad at it:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic