Hi, I know that you can write something like: VaultPassword = cipher:Static3DES:xMH5uM1V9vQzVUv5LG7YLA==
in a resources.xml file for setting an encrypted password. My concern is that since the password is decrypted using decrypt method of PasswordCipher class and since this method returns value as String, this only works if the parameter is an String. This might be a problem since first of all storing a password (clean password) in String is a bad practice because of memory dump attack. And the second one is that if your library requires a byte[] you need to do a transformation calling getBytes which then it means that there can be problems with Charsets. Since Cipher class always returns a byte[], should it not be better to return byte[] in this method as well? Alex.
