Prev: Wholesale new MLB jerseys,low price high quality,paypal payment
Next: Quartz with Spring: more jobs with different input argument
From: Spud on 26 Apr 2010 11:41
We've been told that we need to implement on-disk encryption of our data
files. We currently write them using RandomAccessFile and read them
using FileChannel.read(ByteBuffer).

Before I go off on my own, slog through java.security, and write a
wrapper around these routines to encrypt/decrypt, is there an easy way
to do it? Perhaps something built into the JDK that I'm missing?
From: Martin Gregorie on 26 Apr 2010 15:21
On Mon, 26 Apr 2010 10:41:36 -0500, Spud wrote:

> We've been told that we need to implement on-disk encryption of our data
> files. We currently write them using RandomAccessFile and read them
> using FileChannel.read(ByteBuffer).
>
Why not simply store the files in an encrypted disk partition?

The OS does all the grunt-work, including prompting for the password at
boot time, and the application(s) don't need to change. The encryption is
transparent to them because it takes place at a lower level.


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
From: Mike Schilling on 26 Apr 2010 17:28
Martin Gregorie wrote:
> On Mon, 26 Apr 2010 10:41:36 -0500, Spud wrote:
>
>> We've been told that we need to implement on-disk encryption of our
>> data files. We currently write them using RandomAccessFile and read
>> them using FileChannel.read(ByteBuffer).
>>
> Why not simply store the files in an encrypted disk partition?
>
> The OS does all the grunt-work, including prompting for the password
> at boot time, and the application(s) don't need to change. The
> encryption is transparent to them because it takes place at a lower
> level.

Then any app that can gain access to open the file can read it as clear
text. Or am I missing something?


From: rossum on 26 Apr 2010 19:15
On Mon, 26 Apr 2010 14:28:42 -0700, "Mike Schilling"
<mscottschilling(a)hotmail.com> wrote:

>Martin Gregorie wrote:
>> On Mon, 26 Apr 2010 10:41:36 -0500, Spud wrote:
>>
>>> We've been told that we need to implement on-disk encryption of our
>>> data files. We currently write them using RandomAccessFile and read
>>> them using FileChannel.read(ByteBuffer).
>>>
>> Why not simply store the files in an encrypted disk partition?
>>
>> The OS does all the grunt-work, including prompting for the password
>> at boot time, and the application(s) don't need to change. The
>> encryption is transparent to them because it takes place at a lower
>> level.
>
>Then any app that can gain access to open the file can read it as clear
>text. Or am I missing something?
Any app that knows the password.

An encrypted partition does indeed look like the simplest solution.

rossum

From: Martin Gregorie on 26 Apr 2010 19:22
On Mon, 26 Apr 2010 14:28:42 -0700, Mike Schilling wrote:

> Martin Gregorie wrote:
>> On Mon, 26 Apr 2010 10:41:36 -0500, Spud wrote:
>>
>>> We've been told that we need to implement on-disk encryption of our
>>> data files. We currently write them using RandomAccessFile and read
>>> them using FileChannel.read(ByteBuffer).
>>>
>> Why not simply store the files in an encrypted disk partition?
>>
>> The OS does all the grunt-work, including prompting for the password at
>> boot time, and the application(s) don't need to change. The encryption
>> is transparent to them because it takes place at a lower level.
>
> Then any app that can gain access to open the file can read it as clear
> text. Or am I missing something?

True enough. The OP didn't say anything about why they'd been told to
encrypt the files, so I merely offered the simplest solution to
implement. I also assumed that the OP would come back and tell us if disk
volume encryption was unsuitable and, hopefully, why.

Disk volume encryption is good enough to prevent data loss if the disks
are stolen. It will also do the job if the computer is stolen provided it
isn't a laptop that was suspended rather than shut down. I don't know
about a hibernating laptop, but would guess it is secure since
hibernation seems to be just a modified form of a cold boot.

In any case, since this is so simple to implement[*] it should be looked
at first and discarded if unsuitable. After that you can move on and look
at more complex solutions.

[*] Under Linux you just format an encrypted partition and set the
password when prompted by the formatter. Each time the partition is
mounted you get prompted for its password. Doubtless its about equally
simple to use under Windows and other OSen.


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Wholesale new MLB jerseys,low price high quality,paypal payment
Next: Quartz with Spring: more jobs with different input argument