Using AES symmetric key for generating tokens

Asked Dec 03 '15 at 17:32

Active Dec 03 '15 at 17:32

Viewed 222 times

I'm working on encrypting and decryption of authentication token.I'm very much new to security.

I have few questions can anyone help me

What is the most secure way to store AES  secretkey ?
Is there any advantage of using KeyStore file over just hardcoded string (password +  salt)?

It looks like in keystore I need a string (password + salt) with other attributes like alias,storetype,keypassword,storepass. But if I just create a (password + salt) it will give me same level of security

asked Dec 03 '15 at 17:32

amer

Why are you storing password and salt? It is normally hash and salt, however if you need to be able to access the actual password then you can't store it hashed. – SilverlightFox Dec 07 '15 at 12:16
@SilverlightFox Thanks for replying. so is it correct that I create a hash of **random password** and then create a random salt and store both hashed password and hashed salt???Also, Please can you answer my questions – amer Dec 07 '15 at 17:30

Using AES symmetric key for generating tokens

0 Answers0