The Care and Feeding of Keys
Private keys must be kept secret. This is the whole premise of public key cryptography. Unfortunately, a private key is not something people can memorize. It needs to be stored electronically, whether on fixed media (a hard disk), removable media (a floppy disk), or a hardware device (a smart card). Smart cards are not widely available, so you will most likely store your private key in a disk file of some sort.
Using javakey
, there are two possible private key
vulnerabilities. If you write your private keys to disk files, those
files must be protected. Additionally, private keys are stored in the
javakey
database file. This file, by default, is
identitydb.obj and lives in the JDK installation
directory. If you wish to change the location of this file, you can
specify the identity.database
property in the
lib/security/java.security file found beneath
the JDK installation directory. Note that the
java.security file should also be protected,
particularly on a multiuser system.
You can feel safe if these conditions are met:
You are the only person who uses your computer.
Your computer is in a physically secure location.
Your computer is not connected to a network.
This is not a realistic scenario. The last point is the least likely to happen; it’s hard to find a computer that isn’t on a LAN or connected to the Internet in one way or another. You are actually pretty safe if you are not running any server software. Even if you’re not, though, there is always the ...
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.