Some time ago, in my work I needed to protect some classes against other people to read the code. For that purpose, I created a EncryptedClassLoader, that loaded previously encrypted classes, and can load normal (not encrypted) classes as well. Working in that way was a little complicated, and testing too (compile, then encrypt, and then decrypt).
Is there any free framework to do what I needed, and is easy to handle? I mean, not only obfuscate, but also encrypt the files, so none can read or debug that part of code. It would also be great that I can change the keys for encryption easily (in my application, it was hardcoded).
Thanks in advance.
Short answer, you can't. Encryption doesn't work. Here's an oldish article about why it's pointless to use an encrypted class loader:
Unfortunately, you would be wrong, both in thinking that you were the first to come up with this idea and in thinking that it actually works. And the reason has nothing to do with the strength of your encryption scheme.
You can obfuscate it, but that will only go so far, and in the end I'm a firm believer that your time would be better spend fixing bugs or adding features.
Encryption doesn't add much safety to obfuscation. Anyone that is able to run your program will also be able to dump the decypted bytecode to disk. I assume this is why encrypting the bytecode isn't very common, where signing it is for example.
If you do want to encrypt your bytecode, make sure you also obfuscate it and I think the method you are currently using would work just fine without adding any frameworks or libraries.
We use the JarProtector library to encrypt our jar files. No obfuscation, but only encryption. There is no option to change the encryption key, but defineClass() will never be called.
The only way you can protect your code is simply to not allow the user to run it. Instead of distributing an application, sell access to an online service. Your code is then sat on a server and the only thing you're exposing is the interface.
The alternative is to protect your code with contracts and lawyers, but unless you wrote something really good then this is going to cost you more than the revenue you'd otherwise have lost.
You can try VLINX Java Protector, it makes a native ClassLoader by modify JVM to encrypt and decrypt the class data, not the ClassLoader written in Java, can effectively protect your java code
来源:https://stackoverflow.com/questions/4257027/how-can-you-protect-encrypt-your-java-classes