This project is for creating an application to store our sensitive key-value data
( typically passwords ) based on command line and java technologies.
We have tried to develop an application that is secure as possible.
The main goals we have successfully achieved are readable in the application
using the "java MyPwStock application story" command:
there are no passwords written to disk in plain text format
there are unencrypted passwords in the system memory only in mutable objects
there are unencrypted passwords in the system memory while they are needed
the file and password operations are fully logged
Yes. We know that we may be annoying while checking for null pointers every time we use a reference.
But. We think not just as the developers but as the end users and they are really hate the null pointer exception.
We catch only the necessary exceptions and we consider everything else. We don't think that it is the hide of the problems.
The null pointer exception can indicate a programming mistake but the carefully testing should find these bugs even the
hiding of these situations. We think that we cannot be too careful when develop an application that needs extra security.
If the compiler allows to do that kind of considerations then we will do that.
And, the structure of the application is not the usual.
We wanted to develop this application into exactly one single class and the compiler allowed this.
Security again. There may be differences between loading one class or a set of classes into the JVM.
We wanted this application to use one single resource while it is loaded.
Last but not least, the user can have one single class and this is the easiest way to launch the app.
The AES encryption is used 128 bit length of encryption key default but 192 and 256 key lengths are also available
by downloading the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy from Oracle. This application uses 128 bit encryption because we don't know any security vulnerable on this.