Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Class Loader w/ AES Encryption

 
A. Grenham
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have no real experience with anything about encryption and using ciphers with Java. I know how to program in Java, just never needed to use encryption until now.

What I am trying to do, is I distribute a class that will download a loader. This loader will present a gui with a username & password login (with authentication to a remote webserver). Upon correct details, a gui will show with a list of available plugins. The user selects a plugin, clicks ok or whatever, then the plugin (an encrypted jar file) will be downloaded from a remote webserver, de-encrypted, and then loaded into the application.

I don't really know if this is understandable as I've never had to do something like this before. Basically I'm just trying to protect the class from being decompiled as easily and freely distributed (as not everyone should be able to have access to every plugin, but I'll handle that stuff after I figure out a base for this). I've talked to one person about this so far, but they weren't too much help. They told me to look into class loaders and AES encrypted classes.

If someone here could point me in the right direction, give me some hints, or names of ebooks or something I would be very grateful!

In some other post on these forums a person suggested "Beginning Cryptography with Java" by David Hook. Luckily the library had it and I am now reading it
 
Lester Burnham
Rancher
Posts: 1337
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start here for the fundamentals of classloading: http://java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/ClassLoader/help.html and http://onjava.com/pub/a/onjava/2005/01/26/classloading.html

As to AES, see http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html and http://www.java2s.com/Code/Java/Security/TripleDES.htm for sample code (the latter uses Triple-DES rather than AES, so you need to to substitute "AES" for "DESede").

Be aware, though, that you're merely making it harder to retrieve the plugin source code - a determined attacker can still get at it.
 
A. Grenham
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah, thank you very much! Just glancing at the pages, I can already tell they will be of great help.

I know that it wont be impossible for someone who is destined to figure out my code, but I cannot afford to just let every person with a decompiler get at it.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic