hi,
i'm using blowfish to encrypt some data and store it in oracle,
i'm using a key that resides in a java class,
i don´t have experience in this kind of java code,
i would like to know a really good secure system or method to manage
keys,
is it possible to build a method with random keys?
just would like to know secure methods to manage keys and
also i would like to know if exits a Java Obfuscator or a method to encrypt
java classes or code
thanks a lot

Which version of oracle are you using?

Most of the newer oracle versions have an encryption package within the database packages I think... I would rather do it with oracle at the database level than within java at the appliation level.

Either way, a single key is used to encrypt and decrypt.
You can write something to generate you a random key I guess but anything encrypted with a specific key, will require that same key again to decrypt it.

Storing the key itself is one of the points of defence within an encryption system.
I would recommend doing something like:

Make a database package or class that handles all the encryption and store the key as a literal within the source, so that your encrypt and decrypt methods can access it, make the class final so it cant be subclassed, and make sure you controll the access to either the package or class.

There are other ways to take it further and manage keys with a system, though ive not had experience with something like that, if you feel the need for having something like that based on the importance of your data then I would suggest looking into it.

Waylander.