如何在java中安全地存储加密密钥? [英] How do I securely store encryption keys in java?
问题描述
我需要加密该数据,但我不知道我需要存储加密密钥以保持安全。
什么是最好的
使用密钥库有什么好处吗?
ws_user = username/ pre>
ws_password = password
ws_url = https://www.whatever.com/myservice
解决方案你的问题是一个常见的问题。在linux中,用户密码存储在纯文本文件中。虽然只有密码哈希存储,如果攻击者访问该文件,他将不会很长时间发现使用脱机字典攻击的密码。在这种情况下,操作系统依赖文件权限来拒绝访问未经授权的用户。在你的情况下,没有太大的不同。您必须正确配置密码文件权限,并确保服务器的物理安全。
I have a java properties object with authentication information for a web service. I need to encrypt that data, but I don't know where I need to store the encryption key for it to remain secure.
What are the best practices around encrypting this data and retrieving it in a secure way?
Is there any advantage to using a keystore?
ws_user=username ws_password=password ws_url=https://www.whatever.com/myservice
解决方案Your problem is a common one. In linux, user passwords are stored in a plain text file. Although only the password hashes are stored, if an attacker gets access to that file, he will not take long to discover some password using an offline dictionary attack. In this case, the OS relies on file permissions to deny access to unauthorized users. In your case, it is not much different. You must configure the password file permissions properly and ensure the physical security of the server.
这篇关于如何在java中安全地存储加密密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
