Best place to hide secret keys?
https://stackoverflow.com/questions/3471373
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am looking for advice on where to store encryption keys and other sensitive application data. Is a certificate on a USB stick really the way to go here? What can you do to keep your secret keys safe?
Solution
Keep them on a smart card, or use the Trusted Platform Module (TPM) that is present in many machines sold these days.
OTHER TIPS
A keystore (see: getKey()) is often a place where a secret, like a privet key is kept. In order to access this key store a password. These are created using a symmetric cipher.
If it's a secret and you have to store it somewhere, then at some point it can't really be considered a secret anymore because one way or another somebody will be able to find it, etc. Security is always best considered on a case by case basis, what is acceptable for one solution is not for another and therefore there is not any "fits all" answer. However, where possible (or always) make sure you use a tried and tested method rather than roling your own. Hopefully that does help, but is such a wide open question.
