Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Cadet 1st Class
Cadet 1st Class
5752 views

Hardcoded encryption keys, impossible to avoid ?

this question kinda clarify the situation https://security.stackexchange.com/questions/6612/how-can-i-decrypt-data-with-java-without-hard-coding-the-key

essentianaly this is known as a bootrap security, you can have a user create a KeyStore that will store the public,private and secret keys that will be used to encrypt and decrypt the passwrods of the user, the password that was set by the user will also be stored  but where?? any secure sotrage for that password will require a key of some sorts,for example 

1. use  of symmetric key to encrypt the password , will require the the key itself to be harcoded?

2. use of external source such as ldap will require a password for that source as well, 

essentially the secret to the secret to the secret can never be configured externally, so this warning will always appear!

0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.