How and where to store a SecretKey

Discussion in 'Java' started by David Segall, Jan 26, 2008.

  1. David Segall

    David Segall Guest

    The typical tutorial on Java encryption such as
    <http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#SimpleEncrEx>
    shows you how to generate a SecretKey and use it immediately to
    encrypt and decrypt some text. I have not found any guidance on where
    I might store the key or what format it is in. How can I store the key
    in a database or in a property list?
    David Segall, Jan 26, 2008
    #1
    1. Advertising

  2. David Segall

    Stefan Ram Guest

    David Segall <> writes:
    >I might store the key or what format it is in


    The key is not »in a format«.

    It is an object.

    An object is being defined by its behavior.

    Some objects have a state that can be serialized
    (written) and be deserialized (read) later.

    If this applies, it should be possible to learn
    more about it in the documentation of the class
    of the object.

    (Notwithstanding the question whether it is wise
    to store a secret key in a database.)
    Stefan Ram, Jan 26, 2008
    #2
    1. Advertising

  3. David Segall

    Arne Vajhøj Guest

    David Segall wrote:
    > The typical tutorial on Java encryption such as
    > <http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#SimpleEncrEx>
    > shows you how to generate a SecretKey and use it immediately to
    > encrypt and decrypt some text. I have not found any guidance on where
    > I might store the key or what format it is in. How can I store the key
    > in a database or in a property list?


    SecretKey is serializable and can be stores as such.

    But I think it is much more common to store the bytes used
    to construct the SecretKey (SecretKeySpec).

    Where to store it depends on the context.

    Arne
    Arne Vajhøj, Jan 26, 2008
    #3
  4. David Segall

    Roedy Green Guest

    On Sat, 26 Jan 2008 16:52:48 GMT, David Segall <>
    wrote, quoted or indirectly quoted someone who said :

    >The typical tutorial on Java encryption such as
    ><http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#SimpleEncrEx>
    >shows you how to generate a SecretKey and use it immediately to
    >encrypt and decrypt some text. I have not found any guidance on where
    >I might store the key or what format it is in. How can I store the key
    >in a database or in a property list?


    A good place to put it would be a thumbdrive. That way it all trace
    of it is gone from the computer, and unavailable to hackers.

    see http://mindprod.com/bgloss/thumbdrive.html

    A thumbdrive just looks like a tiny hard disk to Java.

    --
    Roedy Green, Canadian Mind Products
    The Java Glossary, http://mindprod.com
    Roedy Green, Jan 27, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. angus
    Replies:
    2
    Views:
    463
    Elliot M. Rodriguez, MCSD
    May 20, 2004
  2. =?Utf-8?B?UnVkeQ==?=

    to store or not to store an image

    =?Utf-8?B?UnVkeQ==?=, Mar 29, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    616
    =?Utf-8?B?UnVkeQ==?=
    Mar 30, 2005
  3. Ramza Brown

    Properties file and save and store

    Ramza Brown, Aug 5, 2005, in forum: Java
    Replies:
    1
    Views:
    381
    Ramza Brown
    Aug 5, 2005
  4. ronrsr
    Replies:
    1
    Views:
    540
    Justin Ezequiel
    Feb 15, 2007
  5. jimgardener

    storing SecretKey in keystore

    jimgardener, Jun 19, 2008, in forum: Java
    Replies:
    2
    Views:
    1,102
Loading...

Share This Page