Solved

Own serialization of Java classes (SecretKey)

Posted on 2002-07-26
3
361 Views
Last Modified: 2008-03-10
Hi

I’ve read on a web site (http://www.securingjava.com/chapter-seven/chapter-seven-1.html) that it is not a good idea (for security reasons) to use serialization.  I’ve implemented the security suggestions.

Now my class that’s the most critical concerning security needs to “save” its state.  I was thinking of encrypting the member variables and then writing it out to disk. (This is not foolproof but its better)
The member variable that I need to store is: javax.crypto.SecretKey

My thinking is to get the object into a byte [] or stream of some sort, encrypt it and then write it out to disk.  But how? (getting the object into a byte[])

How does serialization do this?
Or
Can one serialize to a memory file?

Thanx
André
0
Comment
Question by:Fortress_Initiative
3 Comments
 
LVL 4

Accepted Solution

by:
antons061400 earned 350 total points
ID: 7179791

SecretKey key = .....
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos);
oos.writeObject(key);
oos.flush();
byte[] barray = bos.toByteArray();

Is this what you need for overwriting serialization of your class?
0
 
LVL 1

Expert Comment

by:klf
ID: 7179810
>My thinking is to get the object into a byte [] or stream of >some sort, encrypt it and then write it out to disk.  But >how? (getting the object into a byte[])

This sounds like serialization to me.  I have not done a lot with serialization but it seems to me that you should be able to serialize the object (javax.crypto.SecretKey) into an in memory stream, encrypt it , then write it to disk.  To unserialize it just decrypt and then unserialize it.  
0
 

Author Comment

by:Fortress_Initiative
ID: 7179940
Thanx antons and klf.

I'll try antons' suggestion, just now.  I can encrypt the barray and write it out to file.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
servlet example 11 58
Opening PDF on button click and fill new document 2 54
What's wrong with this code? 4 34
Crystal Reports Licensing Questions 4 60
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question