How to store secret key in Java source but not human readable

Question

I am currently creating a Java program that uses the twitter4J.

I have a "consumer secret" from twitter that needs to be kept secret. However I am wanting to share the source and compiled jar with a few people.

Is there any way I can encrypt, or in some way hide the key in the source code/a local file so they can not access/view the key even when they have the source code?

write a method that will encrypt/decrypt that key which is hard coded in your code? Something like that? — Rabbit Guy, Apr 18 '16 at 18:40

score 3 · Accepted Answer · answered Apr 18 '16 at 18:39

3

Nope. If the Java compiler can read it, so can anyone else with the source code.

answered Apr 18 '16 at 18:39

Michael Payne

534
5
13

1

Share the key separately, on a separate file, a USB stick or whatever. As Michael says, anything in the source can be read. – rossum Apr 18 '16 at 18:43
OK Thanks. I guess I'll just have to exclude the secret and key from the source and ask them to register a new app with twitter and enter their own keys in the config file. – CSmith Apr 18 '16 at 18:44

score 2 · Answer 2 · edited May 23 '17 at 12:23

If you are sharing the source, there really is no good way to accomplish this by just using source code.

If you were not sharing the source, you could follow the answer provided here: Best Practice for storing private API keys in Android

You could incorporate two-way encryption and store it in a separate file, which is detailed in this answer here: Encrypt Password in Configuration Files?

How to store secret key in Java source but not human readable

2 Answers2