views:

49

answers:

1

In my web application I access a private key that is stored in a Java KeyStore. I would like to know what is the best/recommended way to store the password for the KeyStore and private key.

I've considered using a properties file but that does not seem very secure for use in a production environment (storing password in a plain text file). Also, hard-coding the password in my code is not an option I'm willing to entertain.

Thanks.

A: 

You could use a properties file as you mentions just hash the password for extra security salt hash the password. This gets round the issue of having to keep a password in plain text. You can then either use MD5 or SHA1 password to hash it, personal choice.

Dean