What do you do with an Encryption key when you close your program?

Password/passphrases are commonly used to provide keys for encryption programs. Sun's JCE and Bouncycastle's crypto library both support a variety of password-based encryption (PBE) ciphers. The basic idea behind the PBE scheme is that no keys need be stored in plaintext, but at some point the encryption and decryption software will query a human to enter a password to complete the process.

Many applications and protocols use the techniques of public key cryptography (PKC) to "store", or transmit, keys to the decrypting entity. PKC is little too complicated to go into here.

Also common are insecure methods which rely on obscurity rather than cryptography to achieve security. Storing the key in a plaintext file is, as you noted, is insecure, but not rare. Often the keys are obscured in a way that requires reverse engineering the software to figure out the key, e.g. the key is hard-coded in the software.

The thing is, since encryption APIs are relatively common and easy to use, the hard part of crypto implementation is now key management.

ghstarka at 2007-7-13 16:00:19 >