开发者

how to create and use encrypted Property files in Java?

开发者 https://www.devze.com 2023-02-13 04:41 出处:网络
I want to create a encrypted property file that stores information related to licences and some other highly sensitive data.

I want to create a encrypted property file that stores information related to licences and some other highly sensitive data.
My Requirement during creation of encrypted P开发者_StackOverflow中文版roperty file

  1. Once created, should not be re-writable.
  2. Once created nobody should be able to read the encrypted data.

After Creation, how I would be able to use the file in my project?


You can use the javax.crypto.Cipher[Input|Output]Stream for reading/writing your data; however, you will have to enforce the write-once functionality in your code... maybe be comparing the data with a SHA hash or something to ensure that it has not been changed.

I have run across opensource and commercial license managers for Java... you may want to search around so as not to reinvent the wheel.

Also, you will probably want to look into obfuscation tools at least for your sensitive API if you want to keep users from decompiling it.

Hope this helps.


Try: Jasypt library if it covers your usage scenario.

It provides an EncryptableProperties class for transparently managing and decrypting encrypted values in .properties file. It is also possible to integrate it into the configuration system of the Spring Framework.


Standard encryption in Java is pretty straight forward. I suggest checking out the reference guide for instructions on how to use the javax.crypto package. However I would urge you to reconsider your design if it requires sensitive data, stored on client machines, that you don't trust the users with. The reason I say that is in order for you program to access the information, it would need to have the encryption/decryption key stored internally which would mean that the key would be stored in the archive somewhere. In the best case, it'd be stored as a variable in one of the class files. Examining the binary classfile to determine this key would be trivial. At the very least you should consider obfuscating your encryption code to at least make it slightly more difficult to identify the key simply from examining the binary code or decompiling the class file.


See the answer to this other question:

Securing a password in a properties file

There, it was recommended the use of jasypt.


A Properties files is a human readable way to store a Map. If you don't want it to be be human readable, it doesn need to be a properties file.

One way to have a proeprties file with encrypted data is to encrypt the values of particular fields and use base 64 to turn them into text.

0

精彩评论

暂无评论...
验证码 换一张
取 消