File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Class Loader w/ AES Encryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Class Loader w/ AES Encryption" Watch "Class Loader w/ AES Encryption" New topic
Author

Class Loader w/ AES Encryption

A. Grenham
Greenhorn

Joined: Nov 18, 2010
Posts: 2
I have no real experience with anything about encryption and using ciphers with Java. I know how to program in Java, just never needed to use encryption until now.

What I am trying to do, is I distribute a class that will download a loader. This loader will present a gui with a username & password login (with authentication to a remote webserver). Upon correct details, a gui will show with a list of available plugins. The user selects a plugin, clicks ok or whatever, then the plugin (an encrypted jar file) will be downloaded from a remote webserver, de-encrypted, and then loaded into the application.

I don't really know if this is understandable as I've never had to do something like this before. Basically I'm just trying to protect the class from being decompiled as easily and freely distributed (as not everyone should be able to have access to every plugin, but I'll handle that stuff after I figure out a base for this). I've talked to one person about this so far, but they weren't too much help. They told me to look into class loaders and AES encrypted classes.

If someone here could point me in the right direction, give me some hints, or names of ebooks or something I would be very grateful!

In some other post on these forums a person suggested "Beginning Cryptography with Java" by David Hook. Luckily the library had it and I am now reading it
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
Start here for the fundamentals of classloading: http://java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/ClassLoader/help.html and http://onjava.com/pub/a/onjava/2005/01/26/classloading.html

As to AES, see http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html and http://www.java2s.com/Code/Java/Security/TripleDES.htm for sample code (the latter uses Triple-DES rather than AES, so you need to to substitute "AES" for "DESede").

Be aware, though, that you're merely making it harder to retrieve the plugin source code - a determined attacker can still get at it.
A. Grenham
Greenhorn

Joined: Nov 18, 2010
Posts: 2
Ah, thank you very much! Just glancing at the pages, I can already tell they will be of great help.

I know that it wont be impossible for someone who is destined to figure out my code, but I cannot afford to just let every person with a decompiler get at it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Class Loader w/ AES Encryption