Implementar una aplicación de escritorio Java que necesite acceder a datos confidenciales

I have a Java desktop application (a runnable jar) that is being made available to clients within a CD. Then "autorun.inf" automatically launches the jar and the application runs from the CD (therefore running in a read-only environment).

This application needs to access some known data and use it somehow. Since the application is standalone, this data should be distributed with the application in some kind of files.

Now comes the challenging goals:

  • This data are just columns of numbers, similar to database table exports. And the most convenient way to access it would be exactly like if it was a database table where one can do SQL queries to this files.

  • This data should be confidential to the user clients. Although the data must be distributed with the application, it cannot be legible to users. So, the data must be encrypted or obfuscated somehow.

So I kindly ask for your help mainly to point me some ideas that will help me understand and discuss with you which is the best way to implement such features.

Thank you very much in advance, Alves

Editar # 1: Using an embedded database engine is a great idea and would solve both problems at the same time. But it raises some questions for me:

  • Does the database engine needs to write files somewhere? I've done some tests with HSQLDB and I think it does. That would be an issue since the application is running from a CD.

  • If it really needs to have such files, can I release them also with the application, instead of being created on the fly?

  • Just to confirm, if I use an encrypted database, I have to put somewhere on the application the secret Key that will make me decrypt it, right?

preguntado el 02 de febrero de 12 a las 11:02

4 Respuestas

One possibility would be the use of an encrypted SQLite database. SQLite is a relational database management system, where the databases are files.

For encryption in SQLite look here:

Respondido 02 Feb 12, 15:02

Of course, the key to decript the database has to be included, so it's not fully "safe". I wonder if there is some other way of doing it that could avoid this problem. - Pablo

Your goal is absolutely impossible and it's rather obvious why: Your application obviously needs to read the encrypted data (otherwise why bother including it), hence has to decrypt it, hence has to store the keys somewhere.

Well there you are: You sent the encrypted data AND the key to decrypt it to the client - what's to stop them from doing the same thing your application does?

Yes it may stop some people from getting your data, but it's nowhere safe against someone who has even a slight understanding of what's going on

Respondido 03 Feb 12, 01:02

I understand your point of view. If I somehow encrypt my data files, then I have to decrypt them on the user side, therefore giving also the solution. Does this also states for an encrypted database engine, like the ones exemplified above? - Carlos Oliveira

@alves Yep it does. The only way to keep encrypted data save is to keep the key secret (there's even a law in cryptography about that ). Which means under absolutely NO circumstances may you send the key to the user - if you do all hope is lost. That's also the basic problem with every DRM solution implemented in software. - Voo

So for my situation what would you advice as a way to make the key available? - Carlos Oliveira

@alves You can't decrypt data on client side. You can send decrypted data over the net from a secure server. BUT: Now the application needs some way to request data from the server and we have the same problem again. Basically if you want to use some data on the users client they have access to all that data - nothing to get around that. Billions have been invested into "secure" DRM and you see how that has worked out - Voo

Podrías usar SQLite con Extensión de cifrado SQLite. The SQLite database file could be created at the first start of you application. You can simply test if the SQLite database file already exists:

if (!new File(database_filename).exists()) {

The path to your SQLite database is stored in the database_filename variable. If the file doesn't exist already, you can save the file for example in the user's home dir.

I'm using the following code in one of my applications to create the database with an external SQL script file.

public final void createNewDatabase() {
    InputStream inputStream = getClass().getResourceAsStream("database_create_script.sql");
    String sqlCommand = new Scanner(inputStream).useDelimiter("\\A").next();

    try {
        Statement statement = connection.createStatement();
    } catch (SQLException ex) {
    System.out.println("Database created");


Respondido 02 Feb 12, 15:02

Base de datos H2 supports encryption, too. As much as I like SQLIte, for a Java application I'd choose H2.

Respondido 02 Feb 12, 15:02

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.