At 12:54 1/8/00 -0700, you wrote: >But if you are paranoid then the java.security.Keystore class is the place >to start -except it is a Java1.2 feature (and security changed again in >java1.3) . So doing sophisticated password protection is going to be tricky >across all ant supported platforms. Also I dont know how well the keystore >really encrypts stuff, especially in exported JVMs.
It doesn't really encrypt anything. Most of it can be read via a hex editor and the other bit (private keys) are likely protected by same passwd as general keystore which can be easily found or alternatively you just do a brute forces search and brake it. Should take all of 40 mins in JKS .keystore files :/ Cheers, Pete *------------------------------------------------------* | "Nearly all men can stand adversity, but if you want | | to test a man's character, give him power." | | -Abraham Lincoln | *------------------------------------------------------*
