Java encryption alternitive to hardcoded key

Question

I am new to encryption.

I have looked at the javax.crypto documentation and got encryption of a file to work using this code ...

File saveFile = new File("Settings.set");
        saveFile.delete();
        FileOutputStream fout = new FileOutputStream(saveFile);

        //Encrypt the settings
        //Generate a key
        byte key[] = "My Encryption Key98".getBytes();
        DESKeySpec desKeySpec = new DESKeySpec(key);
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey skey = keyFactory.generateSecret(desKeySpec);

        //Prepare the encrypter
        Cipher ecipher = Cipher.getInstance("DES");
        ecipher.init(Cipher.ENCRYPT_MODE, skey);
        // Seal (encrypt) the object
        SealedObject so = new SealedObject(this, ecipher);

        ObjectOutputStream o = new ObjectOutputStream(fout);
        o.writeObject(so);
        o.close();

However if you were a clever hacker ( or maybe even amateur since I figured this out), all you would have to do is open the class file that contains this code, and the encryption key (My Encryption Key98) is plainly visible.

How do you encrypt the encryption key? ...LOL... Can you?

Thanks for your help!

Answer 1

If the attacker has access to both the software and the file, it could decrypt it. There are some ways to solve this:

• Use asymetric keys. Encrypt the file with the public key, and it can only be decrypted with a private key. This assumes that the software does not need to decrypt the file.
• Use Diffie-Hellman exchange. If you want to send an encrypted piece of data over the network, both parties can establish a key without an attacker knowing about it.

If the program needs to both encrypt and decrypt the data, there is nothing you can do. The attacker can simply run the program and look at the decrypted information.

Answer 2

I do not believe that this is possible without having the user entering the key on encryption and decryption.

You could employ some technique to make it harder to view the key without the full source code, but it would not be secure.

Answer 3

If your program can encrypt / decrypt a file on its own, then everything you need to perform the decryption is already built into the program, so a determined troublemaker could decrypt files you encrypted.

If possible, ask the user for a 'password,' and use what they give you as the encryption / decryption key.

Answer 4

Is it important that the user not be able to see his own encryption key? Or merely important that by discovering his won key, the user should not thereby know everyone else's key?

You could prompt the user for a personal key and either store it externally or prompt the user each time you need it. That way each user's key would be his own, and would not be usable to decrypt documents stored by other users on other machines.

Answer 5

An attacker can always do everything the program can do and usually quite a bit more. The only way to get things secure is the use information not under control of the program. Request the user to enter a password or put information in a store under control of the operating system. The later will not help if an attacker has physical access or maybe even a lot of rights unless special hardware like a Trusted Platform Module (TPM) is involved.

Answer 6

Well if the program can decrypt the data without additional input from the user, you can't really avoid someone else from accessing the file if he has access to the program.

If you are targeting Windows only, you might want to take a look at the Data Protection API (DPAPI). It essentially does the same thing, but the passphrase used for encryption is protected by the operating system on a user (or machine) scope. Simply put: you need the user login (or a program that runs on the given user account) to access the key (or for machine scope the login for any user on the machine).

I don't know how to access the API from Java, but Google brings up some wrapper libraries.

Answer 7

Don't hardcode the key. Assuming you don't have a user on hand to enter the passphrase, configure your code to pull the encryption key from a plain file, then rely on operating system security to keep the file safe. Provide a way to migrate to a new key when the system administrator deems it necessary.