JApptools - Page 3
Passwords encryption.

To store encrypted passwords in the configuration file, you must use the autonomous profile of JApptools. The autonomous jar file is an executable jar file and does not require additional libraries.

java -jar japptools-1.0.0-stdone.jar -e myPassword

This command returns an encrypted version of "myPassword". Then just copy and paste it back into the configuration file. At its recovery in the code, cf. supplied samples, the password is in plain text. However, this has a weakness. JApptools use in this case, an internal encryption key. Although no decryption command is available, the knowledge of this key allows decryption of password by an easy feasible tool. The solution is to use a custom external key.

Usage of an external encryption key.

JApptools uses the contents of a file called majapptools.dat as the encryption key. This file must be in the same location than japptools xxxx.jar itself. If this file is missing or its contents is empty, it uses an internal key. This is why the second command available is one that generates a random encryption key.

java -jar japptools-1.0.0-stdone.jar -k 64

This command returns a random key composed by 64 characters. Then just copy and paste it back into a file called majapptools.dat and then place the file in the same folder as the jar file JApptools (library for use by an application or standalone for encryption). From this moment it is this new key used for encryption and decryption.

Cautions for external keys usage.

Three precautions:

  • When one sets up an external key, or when modify this key, it is imperative to encrypt all passwords again. Decrypt a password with a key that has not been used to its encryption is not possible
  • The system user who runs the application must be able to read the file storage of the encryption key.
  • Restrict read access to the file storage of the key so that he is not too accessible.

Additional configuration of the Oracle JRE.

JApptools uses strong encryption. The system libraries of the Oracle JRE impose a use restriction when it comes to this level of encryption. Without special setting, the encryption and decryption functions of JApptools will not work. To make this setting, if not already, it should be:

  • Download from the Oracle web site, the Java Cryptography Extension for the version of the JRE installed.
  • Install the two files: local_policy.jar and US_export_policy.jar in the lib/security folder under the root JRE location.