tags:

views:

87

answers:

1
Q: 

Loading a keystore without checking its integrity

This question is in the specific context of the Java class java.security.KeyStore and its load(InputStream stream, char[] password) method which can accept null values for password to bypass integrity checking.

What are the risks involved with loading and querying a keystore without checking its integrity? The keystore will be queried for the user's private key which will be used to sign a document for non-repudiation. The certificate queried will be further validated against a copy stored in a database at the time the user registered himself and the (supposedly exact same) cert.

A: 

Well the main risk is that anyone who can read the file can also modify it. So someone could replace the file you read with a different keystore that has the same names for the keys but contains a different private key, so you end up signing documents with the wrong private key and none of them will pass verification.

Also, anyone with access to the file gains access to the private key and can sign documents as if they came from your app.

Chochos  2009-05-18 22:29:39
"So someone could replace the file you read with a different keystore that has the same names for the keys but contains a different private key"But can the attacker also "spoof" the certs? My app will verify the cert retrieved with the cert uploaded by the user during registration. If the attacker cannot spoof the certs then the private key should be the same, correct?
Chry Cheng  2009-05-19 02:29:48
Wait... are you going to be managing user's private keys? So they're not going to be really private? Or are you going to be doing this keystore loading thing in a client app? If the latter is the case then you should let the user set a password for the KeyStore upon creation and then ask for it upon retrieval.
Chochos  2009-05-19 19:31:28
No, I won't be managing private keys. Yes, I'll be loading the key store in a client app.
Chry Cheng  2010-02-19 07:10:32

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java