I’ve read on a web site (http://www.securingjava.com/chapter-seven/chapter-seven-1.html
) that it is not a good idea (for security reasons) to use serialization. I’ve implemented the security suggestions.
Now my class that’s the most critical concerning security needs to “save” its state. I was thinking of encrypting the member variables and then writing it out to disk. (This is not foolproof but its better)
The member variable that I need to store is: javax.crypto.SecretKey
My thinking is to get the object into a byte  or stream of some sort, encrypt it and then write it out to disk. But how? (getting the object into a byte)
How does serialization do this?
Can one serialize to a memory file?