Background I am working on an solution which provides wireless connectivity to container-mounted monitoring devices to connect to a shore-side management system while the devices are at sea.
The solution is physically housed in a hardened weatherproof outdoor enclosure mounted on the vessel's monkey island along with other communications and navigation equipment. The solution is effectively a headless appliance and only has external connections for power, antennas, and an Ethernet network connection (no keyboard, screen, USB connector, etc).
The communications link between the vessel and the shore is via an unreliable low-speed satellite connection, with typical throughput rates in the low kbps range. The monetary cost of transporting over this link is relatively high, so the solution tries to minimize the usage of the satellite back-haul whenever possible.
The devices sometimes need firmware updates or changes to their configuration. If urgent, these updates are performed while the devices are at sea. Firmware updates can be as large as 750kB, and there can be 2000 or more of these devices on a vessel. Since the same updates are applied to all devices, the solution has a caching proxy which sits between the devices and the shore-side servers. Requests from the devices to download updates is intercepted and routed to the proxy. If the proxy has the update in its cache, the update is served to the device without consuming any back-haul bandwidth. If not found in the cache, the proxy downloads the update from the shore and stores it for subsequent requests.
The resources are downloaded by the devices using HTTP, and the URIs specified by the devices are the same whether being served by the solution at sea or the commercial cellular network on land.
Problem I have a requirement to move from HTTP to HTTPS. To be able to continue intercepting requests and serving the updates locally, the HTTPS connection will need to be terminated in the solution. To be trusted by the devices (as they would trust the shore-side servers), the solution will need a certificate and private keys. The security information will only be used by the Proxy application (Java SE 8), and I plan on securing the cert and keys in a Java Key Store.
The application will require the password to access the information in the key store.
Although the risk is probably low, there is a concern that the solution may be physically removed from the vessel while it is a port (or maybe tampered with while at sea), so I would like to do the best I can to protect the password used to secure the data in the key store. I could obscure the password in the application code, but I'm looking for ideas for a more secure solution.
Unless you prompt the user for a password, there's no way to do this without saving a password on the system in some form.
I probably wouldn't even bother with a password for the key store. I'd just let the OS encrypt the file containing the key store, and giving access to it only to a special service account that an administrator has set up for your application to run under.