Java SecureString Class
Secure string implementation is very hard. A secure string is a means to keep and use confidential data. Essentially the text cannot be stored as plain text and definitely cannot be stored in a Java String object since that is immutable and there is no definable point when it will be removed from the system.
Secure String Implementations should:
- text is encrypted for privacy when being used
- deleted from computer memory when no longer needed
- not be allowed to be paged to swap memory
- cannot be seen via memory inspection
I was very excited about secure strings when I learned of them. But I have not been able to find an implementation for Java. I am sure better minds then me are looking into this problem. But, I have need now. So breaking the cardinal rule of "don't implement cryptographic solutions unless you have a PhD in math and another in cryptology" I am making a stab at it.
I have found this one article which is very excellent (but for .NET):
- Credential Management with the .NET Framework 2.0 http://msdn2.microsoft.com/en-us/library/aa480470.aspx
"Summary: Get an introduction to the Credential Management API that includes functions for user interface handling and lesser-known functions for managing a user's credential set. Also see a .NET class library that dramatically simplifies the task of credential management, for languages such as C# and Visual Basic .NET, and provides a more elegant and robust approach to credential management for C++ developers. (26 printed pages)"
- Leeland's blog
- 1177 reads
Topics
User login
Who's online
Syndicate
Comments
Post new comment