I am working on a Java RCP application. The user must authenticate using his smart card in order to access the application. Inside, it can open / save files that need to be stored in encrypted form.
I am currently using password-based AES encryption with a hard-coded password. This is obviously unsafe, so I need a different approach to encrypting / decrypting files.
What causes this problem is that there are several requirements that must be met:
- no guaranteed network connection (should be used offline)
- multiple users must have access to files (therefore public / private key encryption)
- there should not be one "master" -key used for all files
Edit: I do not need to have a high level of security. It should be a little harder for an attacker to get the key, just to open the distributed JAR file and get the key in plain text.
Any clues would be appreciated.
st3ve source
share