如何加密 .jar 文件 [英] How to encrypt a .jar file

问题描述

我正在一个项目中工作，我们需要对 .jar 文件进行加密，以便没有人可以访问 jar 文件中的 .class 文件......是否有任何 Java 编码可以帮助我加密.jar 文件?

I'm working in a project where we need to encrypt the .jar file so no one can access to the .class files which inside the jar file.... is there any java coding which can help me to encrypt the .jar file ?

推荐答案

即使您加密了 jar 文件，也必须在 JVM 能够运行它之前对其进行解密，因此您需要另一个包含解密类的 jar 文件并加载到 JVM 中.

Even if you encrypt the jar file, it must be decrypted before the JVM is able to run it, so you'll need another jar file containing classes that decrypt and loads in the JVM.

由于第二个 jar 文件本身无法加密，恶意用户想要查看您的类文件，可以简单地查看第二个 jar 文件中的类，然后解密您的超级机密 jar 文件并访问它.

Since this second jar file cannot be itself encrypted, a malicious user wanting to see you class files, can simply look at classes in this second jar file, and then decrypt your super-secret jar file and have access to it.

也许您可以使用混淆器来提高代码的安全性，但它最终会保护(使其更难但并非不可能)您的类文件免遭反编译，而不是被使用.

Maybe you can increase security of your code using an obfuscator, but it will eventually protect (make it harder but not impossible) your class files from decompilation, not from being used.

如果混淆还不够，您可以考虑将您的 jar 文件编译为 Windows 的 DLL 或 unix/linux 的 SO，这将使反编译变得更加困难，但并不总是能够正确地做到这一点，通常情况下皮塔饼.GCJ 能够以某种方式做到这一点，还有其他商业产品可以将 .class/.jar 直接编译为机器代码.

If obfuscation is not enough, you could consider compiling your jar file to a DLL for windows or a SO for unix/linux, that will make it much harder to decompile, but it's not always possible to do that correctly and it's generally a PITA. GCJ is able to do this somehow, and there are other commercial products that will actually compile .class/.jar directly to machine code.

但是请注意，您在其中添加了多少安全性并不重要，因为客户端计算机必须能够执行它，它必须能够读取它，因此无论您的代码将暴露什么，您都可以只会让它更难.

However please consider that it does not matter how much security you put in it, since the client computer MUST be able to execute it, it must be able to read it, so no matter what your code will be exposed, you can only make it harder.

如果您真的有一个非常秘密的算法，无论如何都不想透露，请考虑将其转换为 Web 服务，将其托管在您的服务器上，这样您就不必将实际代码发送给客户端计算机，还可以通过检查对应用程序重要部分的访问权限来更好地防止未经授权的应用程序副本.

If you really have an algorithm so secret you don't want to disclose no matter what, consider converting it to a web service, hosting it on your server, so that you don't have to send the actual code to the client machines and can also better prevent unauthorized copies of your application by checking access to that vital part of it.

这篇关于如何加密 .jar 文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！