• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Class Loader w/ AES Encryption

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have no real experience with anything about encryption and using ciphers with Java. I know how to program in Java, just never needed to use encryption until now.

What I am trying to do, is I distribute a class that will download a loader. This loader will present a gui with a username & password login (with authentication to a remote webserver). Upon correct details, a gui will show with a list of available plugins. The user selects a plugin, clicks ok or whatever, then the plugin (an encrypted jar file) will be downloaded from a remote webserver, de-encrypted, and then loaded into the application.

I don't really know if this is understandable as I've never had to do something like this before. Basically I'm just trying to protect the class from being decompiled as easily and freely distributed (as not everyone should be able to have access to every plugin, but I'll handle that stuff after I figure out a base for this). I've talked to one person about this so far, but they weren't too much help. They told me to look into class loaders and AES encrypted classes.

If someone here could point me in the right direction, give me some hints, or names of ebooks or something I would be very grateful!

In some other post on these forums a person suggested "Beginning Cryptography with Java" by David Hook. Luckily the library had it and I am now reading it
 
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Start here for the fundamentals of classloading: http://java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/ClassLoader/help.html and http://onjava.com/pub/a/onjava/2005/01/26/classloading.html

As to AES, see http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html and http://www.java2s.com/Code/Java/Security/TripleDES.htm for sample code (the latter uses Triple-DES rather than AES, so you need to to substitute "AES" for "DESede").

Be aware, though, that you're merely making it harder to retrieve the plugin source code - a determined attacker can still get at it.
 
A. Grenham
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ah, thank you very much! Just glancing at the pages, I can already tell they will be of great help.

I know that it wont be impossible for someone who is destined to figure out my code, but I cannot afford to just let every person with a decompiler get at it.
 
Hug your destiny! And hug this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic