Michael Hall wrote:
>For my application I was hoping for something more secure but I can
>adapt what I have and it should work. KeyStore access usually unless
>you intentionally simplify it allows for both a password for the file
>and each alias. So while I would hope for something more secure than
>default this actually weakens it. Oh well.
I don't see how using a KeyStore would necessarily weaken anything. It
depends on the provider's implementation. For example, see the JCE
Reference Guide for the weak-crypto and strong-crypto versions of the "JCE"
keystore. The strong version uses 3DES.
Furthermore, you can write a KeyStore provider of any strength you like and
deploy it. It can use maximal key-length with the strongest algorithm you
care to use.
And if it's only purpose is to store a password, then implementing the
KeyStoreSpi is overkill, so you can use any PBE-keying mechanism you like
and read/write the encrypted data directly. Refer to the PKCS series of
documents for information on good design of PBE.
I see no reason why you have to accept anything weakened.
The entire JCA and JCE is at your disposal.
-- GG
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
