Good day. Spent a day and a half to find a way to create a file so that the user doesn’t have access to it, or he had it, but couldn’t understand what was written in it. Unfortunately, I did not find anything. It is possible to securely encrypt a file with a key only if the key is requested from the user all the time and does not save it at all. Everything else is quite possible to get around. I decided to try to just restrict access to the file. Take Windows with 2 accounts. We run the application with one of them, as a result of this entry in the home directory will create this file. I wanted to restrict access to the file to everyone, moreover, from whose account this file was created. But even here I was expected to fail. I tried something like this

File file = new File(path); Files.setOwner(file.toPath(), () -> System.getProperty("user.name")); System.out.println(file.setReadable(false));

This code should do what I described above, but firstly on line 2 there is an exceptional situation, the reason for which I don’t understand at all, and on line 3, the result should return true, and return false on windows, and on linux everything works ok. .. So it goes. In general, I am at a dead end and I need the option to restrict access to the file. Well, or if you have another idea to solve this problem, I will also ask you to share it, but the file should be stored locally.

  • java, as it were, was conceived as a multiplatform solution. And whether in it it will turn out to make something specific for a certain operating system. Therefore, it is better to still think in the direction of encryption. - newman
  • @newman Well, any encryption is inherently an algorithm, at best, an algorithm with input data. Any code can be decompiled, copied code that decrypts the encrypted file into a separate program, run it and view the entire contents of the file. Thus, the best way to encrypt, and even better just to use this key as a password to the database, is a constant request for a key from the user when the application starts, and sooner or later it will be very annoying. - ProstoCoder 10:06 pm
  • No one bothers to use for encryption, such as electronic signature, which is on the token that is inserted into the USB port. And the user does not need to ask anything. There is another question - how it is necessary. Depends on whom to defend is necessary. As experience shows, in 99% of cases, in order to hide something from a user, an ordinary XOR is enough for a key in a dozen characters. - newman
  • @newman Well, again, just decompile the code and see what the token is encrypted with usb, we recognize it ourselves and use it for decryption. Well, for a regular user, I would even leave the key to the database in the code and not steal it) - ProstoCoder
  • Make a remote check on the site by requesting the user's key + we tweak the Aplukuha stringer - GenCloud

0