Menu
I'm developing web application on Java, spring, JDBC, which is deployed on Tomcat 7. I'm making encryption/decryption of a data-source password using private key.
Now I have this private key hard coded in Java code. But I have to save private key in more secured place. How can I do this?
Is it a good idea to generate certificate (key-store, key-pair), install it on tomcat and retrieve this data from java code?
455
Thats a problem you cannot easily solve. If you store your key in a keystore you will need a key to access the keystore and where do you store this?
If this is really a high security application the only way is to use a dedicated hardware security box for doing the decryption.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
