I'm using an utils library to encrypt/decrypt data simply by calling methods with folowing signature:
String encrypt(String clearText, String secretKey)
String decrypt(String encryptedText, String secretKey)
Both encrypt/decrypt methods use the same logic and encryption. It means that same input to the methods generates always the same output.
The purpose now is to write an helper method to decrypt some connection strings previously stored in a file using the encrypt method. This helper method should call the decrypt function calling it with the secretKey in clear text:
String connectionStringEncrypted = Utils.getProperty("connectionString", "C:\\Path\\To\\application.properties");
String connectionString = Utils.decryptConnectionString(connectionStringEncrypted);
The question is: how can I avoid to write the secret key in clear text in the helper method Utils.decryptConnectionString?
There are too many simple and complex methods to address this issue I can tell some, Starting from Simple Methods
Simply encode the key to Base64. Place the encoded key with the Base64 decoding function. So the text looks unreadable. During execution, the decoding function executes and original key pass into the decryption function
Splitting and placing Keys in Different classes with different static variables (easy to access) and in decrypt method pass all static variables to append to form a valid decrypt key Note :- These simple steps can be predicted by the pro
Advanced Methods: