Reputation: 4398
How can you protect/encrypt your Java classes?
Some time ago, in my work I needed to protect some classes against other people to read the code. For that purpose, I created a EncryptedClassLoader, that loaded previously encrypted classes, and can load normal (not encrypted) classes as well. Working in that way was a little complicated, and testing too (compile, then encrypt, and then decrypt).
Is there any free framework to do what I needed, and is easy to handle? I mean, not only obfuscate, but also encrypt the files, so none can read or debug that part of code. It would also be great that I can change the keys for encryption easily (in my application, it was hardcoded).
Thanks in advance.
Upvotes: 1
Views: 18010
Answers (4)
Reputation: 11733
Short answer, you can't. Encryption doesn't work. Here's an oldish article about why it's pointless to use an encrypted class loader:
Unfortunately, you would be wrong, both in thinking that you were the first to come up with this idea and in thinking that it actually works. And the reason has nothing to do with the strength of your encryption scheme.
You can obfuscate it, but that will only go so far, and in the end I'm a firm believer that your time would be better spend fixing bugs or adding features.
Upvotes: 8
Reputation: 76
We use the JarProtector library to encrypt our jar files. No obfuscation, but only encryption. There is no option to change the encryption key, but defineClass() will never be called.
Upvotes: 1
Reputation: 18445
The only way you can protect your code is simply to not allow the user to run it. Instead of distributing an application, sell access to an online service. Your code is then sat on a server and the only thing you're exposing is the interface.
The alternative is to protect your code with contracts and lawyers, but unless you wrote something really good then this is going to cost you more than the revenue you'd otherwise have lost.
Upvotes: 0
Reputation: 6712
Encryption doesn't add much safety to obfuscation. Anyone that is able to run your program will also be able to dump the decypted bytecode to disk. I assume this is why encrypting the bytecode isn't very common, where signing it is for example.
If you do want to encrypt your bytecode, make sure you also obfuscate it and I think the method you are currently using would work just fine without adding any frameworks or libraries.
Upvotes: 3
Related Questions
- What can be done to secure JAR files besides obfuscation?
- Encrypting an executable jar
- How to protect compiled Java classes?
- How can I encrypt the class file (.class) in Android?
- Java JAR protection
- Encrypted Classloader
- Java Encrypted Memory Class Loader
- encrypt/decrypt java class and implment and deploy in tomcat with custom class loader
- Java class loader security handling
- Encrypted class files with decryption handled by a native library