Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m developing web application on Java, spring, JDBC, which is deployed on Tomcat 7.
I’m making encryption/decryption of a data-source password using private key.
Now I have this private key hard coded in Java code. But I have to save private key in more secured place.
How can I do this?
Is it a good idea to generate certificate (key-store, key-pair), install it on tomcat and retrieve this data from java code?
Thats a problem you cannot easily solve. If you store your key in a keystore you will need a key to access the keystore and where do you store this?
If this is really a high security application the only way is to use a dedicated hardware security box for doing the decryption.