Store encryption keys in Java code? [duplicate]

Question

I am using JASYPT for encryption decryption of passwords in our Java based software. This is how, we encrypt the password:

        StrongTextEncryptor textEncryptor = new StrongTextEncryptor();
        textEncryptor.setPassword(PASSWORD_ENCRYPTION_KEY);
        String ePasswd = textEncryptor.encrypt(txtPasswd);

Now, where and how should I store this PASSWORD_ENCRYPTION_KEY used in the above code ? What is the most secure or common way of storing and accessing these keys in Java program ?

Thanks, Deep

Answer 1

Nowhere...

you should't store the PASSWORD_ENCRYPTION_KEY in your program as this is the wrong approach. Like owlstead already pointed out: you'd need a Public key infrastructure

Basically you could encrypt the PDF for every user that needs to have access to it, so they'd be able decrypt it with their personal private key. This is done in a matter of encrypting the PDF let's say with AES-256 and then encrypt the used key with the public key from each user. Those personally encrypted keys are safe for storage.