Originally posted by Ulf Dittmer:
Tricky. If the properties file on the client machine is seen as an attack target, so must be the application executable itself. That means the attacker can get hold of the class files, decompile them, and circumvent all (or most) security measures it implements.
Short of the user entering the password I see no secure solution (and making the user remember a password increases the chances of it being written down, decreasing security).
Sorry of not being more helpful, but this requirement doesn't seem to make much sense in terms of increased security.