You can make it harder to uncover the key from the source, but if the JVM ultimately uses the key, then a sufficiently detemined hacker can recover it as well.
But let's take a step back. What is the point of encryption if the client is allowed to see the clear text anyway? (That's my roundabout way of saying: can you say a bit more about the context - maybe there's a different way of designing the system that doesn't put the key in danger).
I am usinng http to talk to javaservlets from a swing app. The data is encrypted/decrypted at both ends and also sent zipped. The data is not real sensitive so if it is hacked it won't be a major problem.
Joined: Mar 22, 2005
Have you considered using an HTTPS connection, and sending the data in cleartext over that? The end result (data is encrypted in transport) is about the same, and the class libraries do more of the work for you.