Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to encrypt a jar file ?

925 views
Skip to first unread message

Boniface Frederic

unread,
Jun 30, 2004, 7:33:57 AM6/30/04
to
Hi all,

I would like to know how if it is possible to encrypt a .jar file so that a
decompression and decompilation do not allow to view readable java file.

Thanks a lot.

Fred


Stefan Waldmann

unread,
Jun 30, 2004, 8:16:45 AM6/30/04
to

Hello,

I don't think that there is a possibility to encrypt the jar file so
that the Java VM still can deal with it. Unless you would use your own
classloader which decrypts the jar files before loading classes from it.
This class loader must be located outside of your encrypted jar file of
course.

What you could do is use an obfuscator (google will help ;-), which
renames your variable and method names to a, b, c, d(), e(), f() and so
on, which makes it hard for anybody who decompiles your classes to read
the code.

Regards,
Stefan

Andrew Thompson

unread,
Jun 30, 2004, 8:39:42 AM6/30/04
to
On Wed, 30 Jun 2004 14:16:45 +0200, Stefan Waldmann wrote:

>> I would like to know how if it is possible to encrypt a .jar file so that a
>> decompression and decompilation do not allow to view readable java file.

...
> What you could do is use an obfuscator ..

For more info..
<http://mindprod.com/jgloss/obfuscator.html>

--
Andrew Thompson
http://www.PhySci.org/ Open-source software suite
http://www.PhySci.org/codes/ Web & IT Help
http://www.1point1C.org/ Science & Technology

Roedy Green

unread,
Jun 30, 2004, 1:14:46 PM6/30/04
to
On Wed, 30 Jun 2004 13:33:57 +0200, "Boniface Frederic"
<boniface...@free.fr> wrote or quoted :

>I would like to know how if it is possible to encrypt a .jar file so that a
>decompression and decompilation do not allow to view readable java file.

Think for a second what you have asked. If nobody can decompress or
decompile it, how can anybody RUN it?

If you can run it, then you must have given the keys to run it to some
piece of software to decrypt it. It now becomes possible to repeat
that, at least in theory.

See http://mindprod.com/jgloss/obfuscator.html


I tackle this problem in my dark room essay. See
http://mindprod.com/jgloss/darkroom.html

However, my scheme requires special hardware that does not exist on
the open market.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.

Roedy Green

unread,
Jun 30, 2004, 1:15:53 PM6/30/04
to
On Wed, 30 Jun 2004 14:16:45 +0200, Stefan Waldmann
<stefan.k...@vr-web.de> wrote or quoted :

>I don't think that there is a possibility to encrypt the jar file so
>that the Java VM still can deal with it. Unless you would use your own
>classloader which decrypts the jar files before loading classes from it.
>This class loader must be located outside of your encrypted jar file of
>course.

But then it is trivial to hack the custom classloader and get it to
dump out the unencrypted class files as a side effect.

Jean Charbonneau

unread,
Jun 30, 2004, 1:40:15 PM6/30/04
to

"Boniface Frederic" <boniface...@free.fr> wrote in message
news:40e2a526$0$26507$626a...@news.free.fr...

Retroguard is a good obfuscator.


Stefan Waldmann

unread,
Jul 1, 2004, 3:20:54 AM7/1/04
to
Roedy Green wrote:
> On Wed, 30 Jun 2004 14:16:45 +0200, Stefan Waldmann
> <stefan.k...@vr-web.de> wrote or quoted :
>
>
>>I don't think that there is a possibility to encrypt the jar file so
>>that the Java VM still can deal with it. Unless you would use your own
>>classloader which decrypts the jar files before loading classes from it.
>>This class loader must be located outside of your encrypted jar file of
>>course.
>
>
> But then it is trivial to hack the custom classloader and get it to
> dump out the unencrypted class files as a side effect.

That's why i suggested the Obfuscator ;-)

0 new messages