Hello all, I have written an application that comes with an AES encrypted datafile in the jar, upon running the application the datafile is decrypted and then stored in the RMS in an unencrypted form (the reason we put it in the RMS is because the data is not static, particular records in the datafile get updated)
Now obviously I need to include my decryption key in the code, but despite the fact I am using obfuscation am I feel there’s more I need to do to protect my key! What other options do I have with this?
--use fake keys dotted around application
--call encrypted file blowfishdata or something to throw attackers off the real encryption method used as attacks differ
But these are just minor inconveniences I feel...
If it helps, the encryption is AES 256bit