Java SecureString Class

  • strict warning: Non-static method view::load() should not be called statically in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/sites/all/modules/views/views.module on line 906.
  • strict warning: Declaration of views_handler_argument::init() should be compatible with views_handler::init(&$view, $options) in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/sites/all/modules/views/handlers/views_handler_argument.inc on line 744.
  • strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/sites/all/modules/views/handlers/views_handler_filter.inc on line 607.
  • strict warning: Declaration of views_handler_filter::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/sites/all/modules/views/handlers/views_handler_filter.inc on line 607.
  • strict warning: Declaration of views_handler_filter_boolean_operator::value_validate() should be compatible with views_handler_filter::value_validate($form, &$form_state) in /hermes/walnaweb12a/b57/moo.greydragoncom/nodsw/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 159.
Leeland's picture

Secure string implementation is very hard. A secure string is a means to keep and use confidential data. Essentially the text cannot be stored as plain text and definitely cannot be stored in a Java String object since that is immutable and there is no definable point when it will be removed from the system.

Secure String Implementations should:

  • text is encrypted for privacy when being used
  • deleted from computer memory when no longer needed
  • not be allowed to be paged to swap memory
  • cannot be seen via memory inspection

I was very excited about secure strings when I learned of them. But I have not been able to find an implementation for Java. I am sure better minds then me are looking into this problem. But, I have need now. So breaking the cardinal rule of "don't implement cryptographic solutions unless you have a PhD in math and another in cryptology" I am making a stab at it.

I have found this one article which is very excellent (but for .NET):

  • Credential Management with the .NET Framework 2.0 http://msdn2.microsoft.com/en-us/library/aa480470.aspx

    "Summary: Get an introduction to the Credential Management API that includes functions for user interface handling and lesser-known functions for managing a user's credential set. Also see a .NET class library that dramatically simplifies the task of credential management, for languages such as C# and Visual Basic .NET, and provides a more elegant and robust approach to credential management for C++ developers. (26 printed pages)"

Thread Slivers eBook at Amazon