I’m working on a software project where the application will end up being run in an untrusted environment. I have a need to perform some ancillary cryptographic signing (meaning this is not the primary means of securing data), but do not wish to leave the key in plain view as such:
private static final String privateKey = "00AABBCC....0123456789";
What method can I use to reasonably secure this? I’m aware that nothing is full proof, but this will add an extra layer in the security wall.
For clarification: I’ve got what is essentially a String that I don’t wish to have easily pulled out in a debugger or via reflection. I’m aware that decompilation of the class file could essentially render this moot, but that’s an acceptable risk.
Obviously storing the key offsite would be ideal, but I can’t guarantee Internet access.
It’s impossible to secure a key in an untrusted environment. You can obfuscate your code, you can create a key from arbitrary variables, whatever. Ultimately, assuming that you use the standard
javax.cryptolibrary, you have to callMac.getInstance(), and sometime later you’ll callinit()on that instance. Someone who wants your key will get it.However, I think the solution is that you tie the key to the environment, not the program. A signature is meant to say that the data originated from a known source, and has not been tampered with since that source provided it. Currently, you’re trying to say “guarantee that my program produced the data.” Instead, change your requirement to “guarantee that a particular user of my program produced the data.” The onus is then shifted to that user to take care of his/her key.