This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Security and the fly likes How to avoid storing rsa passphrase Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to avoid storing rsa passphrase" Watch "How to avoid storing rsa passphrase" New topic
Author

How to avoid storing rsa passphrase

Justin Chu
Ranch Hand

Joined: Apr 19, 2002
Posts: 209
    
    1
I'm writing a program that is executed by cron throughout the day.

It has to use a RSA identity file to connect to another server (using jcraft's jsch). If I perform the procedure by hand on the command line, it involves entering a passphrase to decrypt the private key.

What is a secure solution that does not involve coding the passphrase somewhere in the code?

An idea I have is just to store the identity file unencrypted, and make sure that the file has its permission set securely.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to avoid storing rsa passphrase