Prev: Hot sale adicolour sneaker for men,women's,free shipping,worldwide express
Next: Quartz with Spring: more jobs with different input argument
From: Arne Vajhøj on 26 Apr 2010 19:58 On 26-04-2010 11:41, Spud wrote: > We've been told that we need to implement on-disk encryption of our data > files. We currently write them using RandomAccessFile and read them > using FileChannel.read(ByteBuffer). > > Before I go off on my own, slog through java.security, and write a > wrapper around these routines to encrypt/decrypt, is there an easy way > to do it? Perhaps something built into the JDK that I'm missing? No silver bullet. But the CipherInputStream and CipherOutputStream may be usefull, if you can get them to fit into the way to read and write the files. Arne
From: John B. Matthews on 26 Apr 2010 20:11 In article <79ydnexs7q-vKUjW4p2dnAA(a)giganews.com>, Spud <fake(a)fkfkfkf.com> wrote: > We've been told that we need to implement on-disk encryption of our > data files. We currently write them using RandomAccessFile and read > them using FileChannel.read(ByteBuffer). > > Before I go off on my own, slog through java.security, and write a > wrapper around these routines to encrypt/decrypt, is there an easy > way to do it? Perhaps something built into the JDK that I'm missing? Is this related to a new Massachusetts security law mandating encryption? <http://yro.slashdot.org/story/10/04/25/1745210/> -- John B. Matthews trashgod at gmail dot com <http://sites.google.com/site/drjohnbmatthews>
From: Mike Schilling on 26 Apr 2010 20:56 rossum wrote: > On Mon, 26 Apr 2010 14:28:42 -0700, "Mike Schilling" > <mscottschilling(a)hotmail.com> wrote: > >> Martin Gregorie wrote: >>> On Mon, 26 Apr 2010 10:41:36 -0500, Spud wrote: >>> >>>> We've been told that we need to implement on-disk encryption of our >>>> data files. We currently write them using RandomAccessFile and read >>>> them using FileChannel.read(ByteBuffer). >>>> >>> Why not simply store the files in an encrypted disk partition? >>> >>> The OS does all the grunt-work, including prompting for the password >>> at boot time, and the application(s) don't need to change. The >>> encryption is transparent to them because it takes place at a lower >>> level. >> >> Then any app that can gain access to open the file can read it as >> clear text. Or am I missing something? > Any app that knows the password. It sounds like in the implementation Martin was discussing it's the OS that needs the password to mount the disk, not each application that uses that disk.
From: Mike Schilling on 26 Apr 2010 20:58 Martin Gregorie wrote: > [*] Under Linux you just format an encrypted partition and set the > password when prompted by the formatter. Each time the partition is > mounted you get prompted for its password. So if the server goes down and back up (say, becasue of a powert glitch), it can't reboot fully until a human is there to type the password?
From: Abu Yahya on 26 Apr 2010 22:26
Mike Schilling wrote: > Martin Gregorie wrote: >> [*] Under Linux you just format an encrypted partition and set the >> password when prompted by the formatter. Each time the partition is >> mounted you get prompted for its password. > > So if the server goes down and back up (say, becasue of a powert glitch), it > can't reboot fully until a human is there to type the password? > > > Lenovo laptops, if I'm not mistaken, have this feature of disk encryption (called the Hard Disk Password). If you (soft) reboot the laptop, you don't have to enter the password. But you do have to enter it if you shutdown and restart, or resume from hibernation. For more regarding the Lenovo feature, see http://www-307.ibm.com/pc/support/site.wss/YAST-3JXNTY.html. |