I would like your opinion. I am developing a Servlet that has to sign

Question

0

Asked: May 27, 20262026-05-27T05:01:11+00:00 2026-05-27T05:01:11+00:00

I would like your opinion. I am developing a Servlet that has to sign

0

I would like your opinion. I am developing a Servlet that has to sign the requests that it sends to an endpoint.

In order to avoid read from file the server’s keystore, load it and get the private key, I am doing all of that in a listener that implements ServletContextListener. In this way this is done only when the servlet is initialised (deployed).

Once I get the private key I am storing it in the application’s ServletContext. Do you think that is a good design decision?

Thanks in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T05:01:12+00:00

Editorial Team

2026-05-27T05:01:12+00:00Added an answer on May 27, 2026 at 5:01 am

Whatever solution you choose, you’ll have the private key in memory at some time. So any cracker having access to the memory could find a way to get this private key. Loading it once and storing it in memory at startup looks like a good solution to me. Just make sure that the server is not easily accessible to malicious persons.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I would like your opinion. I am developing a Servlet that has to sign

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply