将加密密钥存储在Java代码中? [英] Store encryption keys in Java code?

问题描述

我正在使用JASYPT在我们基于Java的软件中对密码进行加密解密.这就是我们对密码进行加密的方式:

I am using JASYPT for encryption decryption of passwords in our Java based software. This is how, we encrypt the password:

        StrongTextEncryptor textEncryptor = new StrongTextEncryptor();
        textEncryptor.setPassword(PASSWORD_ENCRYPTION_KEY);
        String ePasswd = textEncryptor.encrypt(txtPasswd);

现在，我应该在哪里以及如何存储以上代码中使用的PASSWORD_ENCRYPTION_KEY?在Java程序中存储和访问这些密钥的最安全或最常用的方法是什么?

Now, where and how should I store this PASSWORD_ENCRYPTION_KEY used in the above code ? What is the most secure or common way of storing and accessing these keys in Java program ?

谢谢，深

推荐答案

无处...

您不应将 PASSWORD_ENCRYPTION_KEY 存储在程序中，因为这是错误的方法.就像 owlstead 指出的那样:您需要一个

you should't store the PASSWORD_ENCRYPTION_KEY in your program as this is the wrong approach. Like owlstead already pointed out: you'd need a Public key infrastructure

基本上，您可以为需要访问PDF的每个用户加密PDF，这样他们就可以使用其个人私钥对其进行解密.这是通过先用AES-256加密PDF(然后用每个用户的公共密钥加密使用过的密钥)来完成的.这些个人加密的密钥可以安全存储.

Basically you could encrypt the PDF for every user that needs to have access to it, so they'd be able decrypt it with their personal private key. This is done in a matter of encrypting the PDF let's say with AES-256 and then encrypt the used key with the public key from each user. Those personally encrypted keys are safe for storage.

这篇关于将加密密钥存储在Java代码中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！