Reputation: 12110
User Data Encryption for a Java Web Application (Spring/Jboss)
we are saving user data on a server and we want to do save this data encrypted with TrueCrypt.
If a user registers, we generate an asymmetric key for him that is encrypted with his password. This asymmetric user-specific key will encrypt all the keys that are used for services, including the above mentioned data encryption.
If we now want to read the users files, add new and modify existing ones from within our Java Application running on a Application Server, should we mount the TrueCrypt container? We think that it might be a security leak as an attacker could easily look in the mounted container, but we also have no other idea - we are kind a stuck!
I am sure someone can help us here.
Thanks, Heinrich
@edit By the way, we are using Spring for your Java App.
Upvotes: 0
Views: 1207
Answers (1)
Reputation: 5668
I don't think it is a good idea to use TrueCrypt for this usecase. When using TrueCrypt you have no other choice than mounting it on each request to encrypted files. You should think about using plain Java encryption and do encryption and decryption yourself. There are libraries like Google Keyczar that may help you implementing this.
Upvotes: 1
Related Questions
- Password Encryption / Decryption using Spring
- Password encryption in Spring MVC
- how to encrypt data in database and reuse it to authenticate users
- Cryptography sensitive information using spring
- AES Encryption/decryption using Spring Security
- What's the best practice for storing encryption keys in a Java Tomcat web app for encrypting/decrypting sensitive data in a database?
- Encryption / Security on a WebApp
- Password encryption/decryption Spring security
- Best approach to encrypt username/password and then transfer them to the server in Java application
- Encrypting sensitive information in JBoss configuration