Classfile encrypt/decrypt
Raffaello Giulietti
raffaello.giulietti at oracle.com
Fri Apr 28 13:31:58 UTC 2023
Hi,
IIUC, the decryption key is distributed in some form with the desktop
application.
What is unclear to me is how the key is protected in turn.
Greetings
Raffaello
On 2023-04-28 07:12, Henrik Buestad wrote:
> Hi
>
> I don't know if this is the right place to post this, so have me excused.
>
> This might be naive, or a good idea?
>
> I have an issue with .class files in a desktop application. They can be
> reverse enginered. Using GraalVM is unfortunately not an option since we
> need to be able to load custom classes runtime.
>
> I thought of an idea to be able to encrypt .class files using RSA and
> then have a custom JDK VM with a natively compiled decrypter with a
> private key. (The private key could be a configure option). I then just
> need to tap into the code where the .class file is read from disk and
> check if it starts with CAFEBABE. If not run it through the decrypter.
>
> Can somebody point me to which source file(s) I should start to mess
> around in? I mean where is the classloader reading the .class file from
> disk?
>
> As I said, this might be naive😅
>
> Best regards,
> Henrik Buestad
>
More information about the jdk-dev
mailing list