How to encrypt a .jar file

java encryption ant public-key-encryption
19,836

Solution 1

Even if you encrypt the jar file, it must be decrypted before the JVM is able to run it, so you'll need another jar file containing classes that decrypt and loads in the JVM.

Since this second jar file cannot be itself encrypted, a malicious user wanting to see you class files, can simply look at classes in this second jar file, and then decrypt your super-secret jar file and have access to it.

Maybe you can increase security of your code using an obfuscator, but it will eventually protect (make it harder but not impossible) your class files from decompilation, not from being used.

If obfuscation is not enough, you could consider compiling your jar file to a DLL for windows or a SO for unix/linux, that will make it much harder to decompile, but it's not always possible to do that correctly and it's generally a PITA. GCJ is able to do this somehow, and there are other commercial products that will actually compile .class/.jar directly to machine code.

However please consider that it does not matter how much security you put in it, since the client computer MUST be able to execute it, it must be able to read it, so no matter what your code will be exposed, you can only make it harder.

If you really have an algorithm so secret you don't want to disclose no matter what, consider converting it to a web service, hosting it on your server, so that you don't have to send the actual code to the client machines and can also better prevent unauthorized copies of your application by checking access to that vital part of it.

Solution 2

You want to obfuscate, not encrypt, the jar file.

A popular choice for doing this in Java is ProGuard.

Solution 3

I assume you are aware of the fact that any skilled java coder can reverse-engineer the Java tool you use (or write) and still decode the app's jars? Also writing custom classloaders which read your "encrypted" code can be decompiled and a tool could be written to bypass it.

Even with obfuscation and bytecode modification and custom classloaders, java is hackable/decompileable and the source can almost always be brought to a somewhat readable state.

Solution 4

As far as I know this is not supported by standard JVM. But you can do the following. Separate your application into 2 parts. First will not be encrypted. It will be a simple loader that will instantiate the rest using custom class loader. This class loader will get Classes as arrays of bytes, decrypt and load them.

Solution 5

No. Since your program needs to be able to run the code it would be pointless anyway.

You can obfuscate your code though so decompiling the .class files results in less readable code (meaningless variable/class names etc).

Share:
19,836
S Gaber
Author by

S Gaber

Updated on July 06, 2022

Comments

  • S Gaber
    S Gaber almost 2 years

    I'm working in a project where we need to encrypt the .jar file so no one can access to the .class files which inside the jar file.... is there any java coding which can help me to encrypt the .jar file ?

  • carlspring
    carlspring over 12 years
    Although this is an approach some people do use, there's always the possibility to decompile the custom classloader and break the security. Just like you can read the decrypted code, you can write it out as decrypted. :)
  • S Gaber
    S Gaber over 12 years
    with what application i can supply my .jar file to save the .class files from access in side the .jar file ??
  • S Gaber
    S Gaber over 12 years
    actually i want to protect the .class file from access in side the .jar file, do you got anyway to do this ?
  • Simone Gianni
    Simone Gianni over 12 years
    The AlexR suggestion is to use a custom classloader that will decrypt on-the-fly the jar file, which is feasible and more or less what you were asking, but keep in mind that any average-skilled programmer with JAD installed will be able to reverse engineer your custom classloader and access the class anyway. I added a paragraph with another solution, but it's quite unusual.
  • Davis Herring
    Davis Herring about 5 years
    file(1) is a beautiful thing.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

encrypting and decryption large file using rsa in java
Java ssh-rsa string to public key
When to use X509EncodedKeySpec vs RSAPublicKeySpec?
How to use encrypted password in apache BasicDataSource?
Getting BouncyCastle to decrypt a GPG-encrypted message
How to set PKCS1 v1.5 padding to RSA in Dart?
Encryption in Java and Decryption in Flutter (AES-256)
How can I encrypt video file using Dart?
Convert Java RSA Asymmetric encryption to Flutter Dart
How to fill the required parameters for cipher.doFinal() method in Dart?