What is the best practices in Java for secure storage of data?
Question
I have java application and I need save passwords into encrypted file. I got advice to use Windows API. I found JDPAPI what is JNI wrapper around the MS DPAPI. It seems good. But I want to know does another libraries or methods exist to use Windows API for secure storage of data into file? Or does some methods exist for secure storage in Java without using Windows API? I never use secure storage. Can you talk me about the best practices in Java for secure storage of data with and without Windows API?
1 answers
solution1
3 2014-06-20 11:28:01
First: Using Windows API is kind of senseless. Even when you can't imagine that, it might be possible that you have to migrate.
Second: Storing a password encrypted only makes sense when you enter the encryption key during the applications runtime. If you store it in a configuration file, it does not make any sense.
The encryption key could be stored as a thread local variable after it was entered.
I would suggest using property files and encrypt and decrypt the values in a service layer using bouncy castle. This way you can mix encrypted and unencrypted values in the same file.
You could of course use Spring and do the necessary stuff quite easily using Spring security crypto.
In case we are talking of a web app using hibernate, I'd suggest using properties stored in a database and use jasypt for transparent encryption.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.