I have been doing some research on how to encrypt/decrypt data for a J2EE application running in a JBoss server. It seems that there is a mountain of information dealing with encrypting data to be sent over the wire and decrypted by other applications. What I am really interested in is encrypting sensitive data to be stored by my application.
My passwords are stored using the MD5 one-way hashing algorithm. This is working fine.
I am using the Bouncy Castle Provider to store encrypted data on a database and decrypt this data when it is retrieved. I am using Password Base Encryption (PBEWithSHAAnd3KeyTripleDES) to accomplish this.
This all works great, but my problem is that I have to store a password somewhere that is accessible by my application but cannot be view by hackers. The only solution that I have seen so far is to store an encrypted password in a file on my server. When I need the password I will have code to decrypt the password.
With this solution, if a hacker gets access to the database data, the password decryption code and the file with the encrypted password he will be able to break into my sensitive data.
Does anybody have experience with storing a private password in a JBoss application and retrieving it programmatically with java?
I don't know if at the end of the day you ever can completely get around the key management problem. If you know the algorithm, have the stored data, and have the key, then any private key system will yield the data. You can play games with encrypting your key as a key management mechanism, but all you are really doing is playing associativity games. You just have a chain of algorithms and keys, and only the last key in the chain is needed if everything else is available to code or the filesystem. I don't think you really change the situation until an external factor is brought into the picture during the decryption, like a user-supplied password, or a client-supplied certificate, or a hardware dongle, etc. [ March 15, 2006: Message edited by: Reid M. Pinchback ]
Thanks for your input. It provided me with much needed advice that I could not find elsewhere on the web or books that I have used for research.
For now I will go with storing an encrypted password which is stored in a file on the server. I will try to protect that file as much as possible. The data is not super-sensitive so this should suffice for now. As the application expands and features are added we will probably need more security. That is when I will consider introducing the "external factor" you mentioned.