Hi, my application encrypts personal informations in medical files and store them in a repository for retrieving and decrypting at a later time.
The encrypt and decrypt functions (using DES) work perfectly, and now I have to save the generated SecretKey to a file and retrieve it when decrypting. I'd like to have some advices on how to do that.
Thanks :-)
Since these are medical files with all the associated legal requirements, I suspect you won't be allowed to store the key on disk either as a simple file or in a keystore or even in something like 'strongkey' . You will probably need to invest in hardware encryption such as nCipher.
P.S. DES is considered a little weak by modern standards.
Thanks for your reply.
Actually in my country there are no legal requirements for medical files encryption, so at the moment this solution is legal. After encrypting, the files are digitally signed before they are stored in a secure Data Center.
So the question still remains, also regardless of this particular situation.
Hi,
Here's a solution :
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public SecretKey getSecretKey() throws NoSuchAlgorithmException, SecurityException, Exception {
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyGenerator keyGen = KeyGenerator.getInstance("AES", provider);
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
seed = random.generateSeed(20);
tmp_lock = new byte[24];
random.setSeed(seed);
bytes = new byte[20];
keyGen.init(128, random);
SecretKey key = keyGen.generateKey();
random.nextBytes(bytes);
return key;
}
public Cipher getEncryptCipher(Key key, String xform) throws Exception {
Cipher cipher = Cipher.getInstance(xform);
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher;
}
String xform = "RSA/ECB/PKCS1Padding";
SecretKey secretKey = getSecretKey();
SealedObject so = new SealedObject(secretKey, getEncryptCipher(publicKey, xform));
// Serialize to a file
ObjectOutput out = new ObjectOutputStream(new FileOutputStream("C:/Temp/SealedObject.ser"));
out.writeObject(so);
out.close();
Good luck.
Thank you for the StrongKey reference, sabre150. I just want to clarify that even though the basic, open-source software uses the Sun, Mozilla or BC JCEProviders, we recommend that StrongKey always be used in conjunction with a hardware security module (HSM) for multi-factor security. StrongKey has been integrated to some hardware security modules and will work with HSMs and smartcards for protecting the asymmetric key-pair (which protects the symmetric encryption keys). Our goal is to support Utimaco, nCipher, SafeNet, Gemalto and the Trusted Platform Module (TPM) before the end of this calendar year.
Currently supported environment details can be found at: http://www.strongkey.org/index.php?option=com_content&task=view&id=33&Itemid=37