File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes SecureString Class in Java Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "SecureString Class in Java " Watch "SecureString Class in Java " New topic
Author

SecureString Class in Java

Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30

I'd been asked by several people around about the equivalent to SecureString Class (as in .NET) in Java. Is there one, that behaves like SecureString Class, or can be by any means simulate one?

- Clarence
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10451
    
    8

What does a SecureString class do?


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
SecureString Class represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed.

http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx

You know what, even I have never worked on .NET, but I wanted to clarify as lot and lot of people ask me about this.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

I don't get its purpose. It may be secure, until you need to read it. The only way to do that is call ToString to turn it into a String - and that's not secure anymore. You might as well use a char[] in Java. That's never stored in the String pool and is therefore used when a "secure" String is needed. It's used for java.io.Console, JPasswordField and java.net.PasswordAuthentication.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
If you actually look at the SecureString class, It says the data cannot be captured using some memory capturing tools as well.
JPasswordField.. etc, merely echoes the data in a different way.
Ireneusz Kordal
Ranch Hand

Joined: Jun 21, 2008
Posts: 423
Rob Prime wrote:I don't get its purpose. It may be secure, until you need to read it.

This is precisely its purpose - it stays secure when program does not need it.
If someone does a heapdump and analyse its content, secured string stays secure.
If program (for example an applet running on user machine) stores passwords in memory using strings,
it is very easy to discover them in java using standard JDK tools available to download for everyone.

Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
Thats right.!! Now how do I implement one like it? I have searched across and could not find one, atleast not in the standard APIs..
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Because there is no such thing in Java (yet?).
Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
Agreed! Now how can I simulate one like it?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
It would involve storing the encrypted string in a byte[], and only decrypting it when it gets accessed (or whenever the contents of the string are altered, and then re-encrypting it). Any intermediate cleartext should be stored in local variables, not instance variables.


Ping & DNS - my free Android networking tools app
Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
Ulf Dittmer wrote:It would involve storing the encrypted string in a byte[], and only decrypting it when it gets accessed (or whenever the contents of the string are altered, and then re-encrypting it). Any intermediate cleartext should be stored in local variables, not instance variables.


Ok Ulf, But I doubt this would be the way, how SecureString is implemented in .NET.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
Not sure what you mean. You asked how to implement it, and what I described is one way to do that. What does it matter what .Net does?

You can always check out what Mono does - it's open source, after all.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Without using native code, the byte[] is just as vulnerable as using a char[]. When you decode it because you need to add text to it, although briefly, the "secure" text will be fully visible in memory.
With native code it is possible to secure memory regions (although I don't remember how). That's what you'll need in the end.
Clarence J M Tauro
Ranch Hand

Joined: Aug 09, 2008
Posts: 30
Well, if we have access to the char/byte array which is actually storing the string, (which actually would be a part of a class, say SString), then we can apply some block encryption algorithm on it, say DES or AES. So, even if our string gets captured, it is encrypted, and hence safe!!

However, in that case, we must keep the "Encryption Key" at a memory location, which is "Relatively Safe", may be in Kernel space (but I don't think it’s possible in Java to specify a specific memory location for a variable).

Frankly speaking, no idea! I never needed to assign a specific memory location to a Java variable.

Ah..!! Again, I am Stuck..!!


Ulf Dittmer wrote:What does it matter what .Net does?


He he.. ;-) It doesn't.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Clarence J M Tauro wrote:Well, if we have access to the char/byte array which is actually storing the string, (which actually would be a part of a class, say SString), then we can apply some block encryption algorithm on it, say DES or AES. So, even if our string gets captured, it is encrypted, and hence safe!!

But to add something you need to decrypt the current contents first, then add to it, then encrypt it again.
Jared Nagle
Greenhorn

Joined: Sep 06, 2013
Posts: 3
Let me tell you a little story to prove a point.

A clever man travelled the world with a jar making money from a particular bet that he made with those he came across. The man would fill his jar up with rocks and ask onlookers put their money in for double the return when they thought his jar was full. When the rocks piled to the top of the jar, most of the crowd would place their bets and think themselves a winner whilst others would look on in curiosity. To their disappointment the man would pull out some smaller stones, place them on top and give it a little shake till they fell in between the others. A few others make their bets then only to watch the man tip a handful of sand into the jar and still manage to fit more in. By now there seems to be no more free room in the jar and the lucky few left think they have it in the bag. But surprisingly, the man picks up his drinking water and tips the last few mouthfuls into the supposedly full jar. By now the man has become much the richer and he continues on to the next unsuspecting crowd.

If tl;dr, the point is there will always be a vulnerable window of opportunity in any security context. The idea is how small is small enough for your requirements.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SecureString Class in Java