just like most packers(PE encryptor) on windows,for protecting the secret they may encrypt the whole process memory when it’s running.
wonder if jvm has a memory encryption option we can choose?
just thinking if someone dumped the whole JVM memory and he could get some secret info on text, even vi or grep could do this kind of text search.
Advertisement
Answer
The JVM doesn’t encrypt it’s memory for you, however it supports encryption and you can do this explicitly.
Some common techniques are;
- don’t store the keys in memory for longer than needed. Retrieve the keys from a secure service as needed.
- overwrite the secret data as soon as it’s not needed, rather than wait for the GC to clean up the memory some time later.
- use hardware encryption devices e.g. usb pen drive. This way the key is never in memory.
Note: if you encrypt the memory, you also need to have the key(s) to decrypt the memory, in memory, so all you have done is add a step to the process.