Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Java security

Posted on 2004-08-05
8
161 Views
Last Modified: 2010-03-31
Hi,

I am writing a des3 application.

Class1 generates a key and then writes the key to a file.

Class2 reads the file and generates the SecretKEy object by reading the file. IT then holds a referemce to this SecretKey.

Class3 & Class4 hold a reference to class2 to obtain the SecretKey for encryption and decryption.  This is because performance will not suffer in reading the file  and generating the key each time it needs to be used.

My main concern is that Class2 exposes its SecretKey then it poses a security risk as anyone can then reference this class in there code to obtain the key and decrypt data.

Is there anyway in Java security I can use which prevents this from happening, I only want Class3 & Class4 to see class2 no other code should be able to reference class2 without it going belly up.

I really hope this makes sense.

Many Thanks, this is urgent.
0
Comment
Question by:inzaghi
8 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 150 total points
ID: 11728414
There might be a way to find out the calling class. Take a look here: http://www.javaspecialists.co.za/archive/Issue087.html
0
 

Author Comment

by:inzaghi
ID: 11728700
This class it mentions is not part of the supported API, can we use the Secuirty Manager and policy files?? I don't know how to do this
0
 
LVL 35

Expert Comment

by:girionis
ID: 11729022
Yes you can use the Security Manager regardless of the API used. But it seems to me that the security manager hasn't got anything to do with finding the calling class. You simply need to have two if statements that check who is the caller. If it is one of the classes in the stack then return the key, otherwise return a warning message or nothing.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 15

Assisted Solution

by:Javatm
Javatm earned 125 total points
ID: 11731048
> My main concern is that Class2 exposes its SecretKey then it poses a security risk as anyone can then reference
> this class in there code to obtain the key and decrypt data.

That is if they know how to use it but then again if there would be someone that would be 1 / 5000 or a one
million if not. Its actually amuzing if someone can hack it since its Java security that we are talking here.

You dont actually have to worry about the software because all of the user will just use it, instead of
wasting their time to find a way to debug your big security software.

Unless they try to decompile your classes, if thats the case then better use this documentation to help you :
http://www.javaworld.com/javaworld/javatips/jw-javatip22.html

Hope that helps . . .
Javatm
0
 
LVL 1

Assisted Solution

by:wolfc
wolfc earned 125 total points
ID: 11734706
> http://www.javaworld.com/javaworld/javatips/jw-javatip22.html

Mocha is old, Crema is tied up in legal issues and Jasmine defeats Crema. Software can allways be decompiled.

IMHO there is no way to do this without some external key (usb key, user known password etc).
If there is please let us know.
0
 
LVL 12

Assisted Solution

by:Giant2
Giant2 earned 100 total points
ID: 11734862
Normally generate public private key is done in a hight security zone.
So that the private key cannot be seen. This is done using a non internet connected PC, etc.
0
 
LVL 12

Expert Comment

by:Giant2
ID: 11870769
Thanks.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11870858
:)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question